44#define MODULE_NAME "LogTlsStoreLog"
46static char tls_logfile_base_dir[PATH_MAX] =
"/tmp";
48static char logging_dir_not_writable;
50#define LOGGING_WRITE_ISSUE_LIMIT 6
57static int CreateFileName(
58 const Packet *p,
SSLState *state,
char *filename,
size_t filename_size,
const bool client)
63 const char *dir = client ?
"client-" :
"";
68 if (snprintf(path,
sizeof(path),
"%s/%s%ld.%ld-%d.pem", tls_logfile_base_dir, dir,
70 file_id) ==
sizeof(path))
73 strlcpy(filename, path, filename_size);
80#define PEMHEADER "-----BEGIN CERTIFICATE-----\n"
81#define PEMFOOTER "-----END CERTIFICATE-----\n"
83 char filename[PATH_MAX] =
"";
87 unsigned char* pembase64ptr = NULL;
97 CreateFileName(p, state, filename,
sizeof(filename), client);
98 if (strlen(filename) == 0) {
103 fp = fopen(filename,
"w");
107 "Can't create PEM file '%s' in '%s' directory", filename, tls_logfile_base_dir);
108 logging_dir_not_writable++;
114 pemlen = SCBase64EncodeBufferSize(cert->
cert_len);
121 SCLogWarning(
"Can't allocate data for base64 encoding");
130 ret = SCBase64Encode(
132 if (ret != SC_BASE64_OK) {
133 SCLogWarning(
"Invalid return of SCBase64Encode function");
142 size_t loffset = pemlen >= 64 ? 64 : pemlen;
143 if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
145 if (fwrite(
"\n", 1, 1, fp) != 1)
159 memcpy(filename + (strlen(filename) - 3),
"meta", 4);
160 fpmeta = fopen(filename,
"w");
161 if (fpmeta != NULL) {
162 #define PRINT_BUF_LEN 46
168 goto end_fwrite_fpmeta;
169 if (fprintf(fpmeta,
"TIME: %s\n", timebuf) < 0)
170 goto end_fwrite_fpmeta;
172 if (fprintf(fpmeta,
"PCAP PKT NUM: %"PRIu64
"\n", p->
pcap_cnt) < 0)
173 goto end_fwrite_fpmeta;
175 if (fprintf(fpmeta,
"SRC IP: %s\n", srcip) < 0)
176 goto end_fwrite_fpmeta;
177 if (fprintf(fpmeta,
"DST IP: %s\n", dstip) < 0)
178 goto end_fwrite_fpmeta;
179 if (fprintf(fpmeta,
"PROTO: %" PRIu32
"\n", p->
proto) < 0)
180 goto end_fwrite_fpmeta;
181 if (PacketIsTCP(p) || PacketIsUDP(p)) {
182 if (fprintf(fpmeta,
"SRC PORT: %" PRIu16
"\n", sp) < 0)
183 goto end_fwrite_fpmeta;
184 if (fprintf(fpmeta,
"DST PORT: %" PRIu16
"\n", dp) < 0)
185 goto end_fwrite_fpmeta;
191 "TLS FINGERPRINT: %s\n",
193 goto end_fwrite_fpmeta;
198 SCLogWarning(
"Can't create meta file '%s' in '%s' directory", filename,
199 tls_logfile_base_dir);
200 logging_dir_not_writable++;
213 logging_dir_not_writable++;
220 logging_dir_not_writable++;
233static bool LogTlsStoreCondition(
236 if (p->
flow == NULL) {
240 if (!(PacketIsTCP(p))) {
245 if (ssl_state == NULL) {
246 SCLogDebug(
"no tls state, so no request logging");
264static bool LogTlsStoreConditionClient(
267 if (p->
flow == NULL) {
271 if (!(PacketIsTCP(p))) {
276 if (ssl_state == NULL) {
277 SCLogDebug(
"no tls state, so no request logging");
296 void *state,
void *tx, uint64_t tx_id)
299 int ipproto = (PacketIsIPv4(p)) ? AF_INET : AF_INET6;
308 LogTlsLogPem(aft, p, ssl_state, connp, ipproto);
315 void *state,
void *tx, uint64_t tx_id)
318 int ipproto = (PacketIsIPv4(p)) ? AF_INET : AF_INET6;
327 LogTlsLogPem(aft, p, ssl_state, connp, ipproto);
333static TmEcode LogTlsStoreLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
339 if (initdata == NULL) {
340 SCLogDebug(
"Error getting context for LogTLSStore. \"initdata\" argument NULL");
345 struct stat stat_buf;
347 if (stat(tls_logfile_base_dir, &stat_buf) != 0) {
350 ret =
SCMkDir(tls_logfile_base_dir, S_IRWXU|S_IXGRP|S_IRGRP);
354 SCLogError(
"Cannot create certs drop directory %s: %s", tls_logfile_base_dir,
359 SCLogInfo(
"Created certs drop directory %s",
360 tls_logfile_base_dir);
393static void LogTlsStoreLogDeInitCtx(
OutputCtx *output_ctx)
409 output_ctx->
data = NULL;
410 output_ctx->
DeInit = LogTlsStoreLogDeInitCtx;
414 if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
416 s_default_log_dir,
sizeof(tls_logfile_base_dir));
420 s_base_dir,
sizeof(tls_logfile_base_dir));
422 snprintf(tls_logfile_base_dir,
sizeof(tls_logfile_base_dir),
423 "%s/%s", s_default_log_dir, s_base_dir);
427 SCLogInfo(
"storing certs in %s", tls_logfile_base_dir);
432 result.
ctx = output_ctx;
440 LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLogger, LogTlsStoreCondition,
441 LogTlsStoreLogThreadInit, LogTlsStoreLogThreadDeinit);
444 LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLoggerClient, LogTlsStoreConditionClient,
445 LogTlsStoreLogThreadInit, LogTlsStoreLogThreadDeinit);
struct HtpBodyChunk_ * next
void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
const char * SCConfNodeLookupChildValue(const SCConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
int TLSGetIPInformations(const Packet *p, char *srcip, socklen_t srcip_len, Port *sp, char *dstip, socklen_t dstip_len, Port *dp, int ipproto)
void LogTlsStoreRegister(void)
struct LogTlsStoreLogThread_ LogTlsStoreLogThread
#define LOGGING_WRITE_ISSUE_LIMIT
void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with condition.
#define TAILQ_FOREACH(var, head, field)
#define TAILQ_EMPTY(head)
void(* DeInit)(struct OutputCtx_ *)
SSLv[2.0|3.[0|1|2|3]] state structure.
SSLStateConnp server_connp
SSLStateConnp client_connp
Per thread variable structure.
@ LOGGER_TLS_STORE_CLIENT
size_t strlcpy(char *dst, const char *src, size_t siz)
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
#define SC_ATOMIC_DECLARE(type, name)
wrapper for declaring atomic variables.
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
const char * SCConfigGetLogDirectory(void)
#define SCReturnCT(x, type)
#define SCLogWarning(...)
Macro used to log WARNING messages.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define SCLogError(...)
Macro used to log ERROR messages.
#define SCRealloc(ptr, sz)
int PathIsAbsolute(const char *path)
Check if a path is absolute.
void CreateTimeString(const SCTime_t ts, char *str, size_t size)