suricata.8.0.0/output-json-dcerpc_8c_source.html

/* Copyright (C) 2017-2021 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


#include "suricata-common.h"

#include "util-buffer.h"

#include "output.h"

#include "output-json.h"

#include "app-layer-parser.h"

#include "output-json-dcerpc.h"

#include "rust.h"


static int JsonDCERPCLogger(ThreadVars *tv, void *thread_data,

    const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)

{

    OutputJsonThreadCtx *thread = thread_data;


    SCJsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dcerpc", NULL, thread->ctx);

    if (unlikely(jb == NULL)) {

        return TM_ECODE_FAILED;

    }


    SCJbOpenObject(jb, "dcerpc");

    if (p->proto == IPPROTO_TCP) {

        if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) {

            goto error;

        }

    } else {

        if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) {

            goto error;

        }

    }

    SCJbClose(jb);


    MemBufferReset(thread->buffer);

    OutputJsonBuilderBuffer(tv, p, p->flow, jb, thread);


    SCJbFree(jb);

    return TM_ECODE_OK;


error:

    SCJbFree(jb);

    return TM_ECODE_FAILED;

}


static OutputInitResult DCERPCLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)

{

    SCAppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC);

    SCAppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC);

    return OutputJsonLogInitSub(conf, parent_ctx);

}


void JsonDCERPCLogRegister(void)

{

    /* Register as an eve sub-module. */

    OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonDCERPCLog", "eve-log.dcerpc",

            DCERPCLogInitSub, ALPROTO_DCERPC, JsonDCERPCLogger, JsonLogThreadInit,

            JsonLogThreadDeinit);


    SCLogDebug("DCERPC JSON logger registered.");

}


SCAppLayerParserRegisterLogger
void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition app-layer-parser.c:491

app-layer-parser.h

ALPROTO_DCERPC
@ ALPROTO_DCERPC
Definition app-layer-protos.h:44

tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32

LOG_DIR_FLOW
@ LOG_DIR_FLOW
Definition output-eve-bindgen.h:33

OutputJsonLogInitSub
OutputInitResult OutputJsonLogInitSub(SCConfNode *conf, OutputCtx *parent_ctx)
Definition output-json-common.c:82

JsonLogThreadInit
TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data)
Definition output-json-common.c:99

JsonLogThreadDeinit
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data)
Definition output-json-common.c:132

JsonDCERPCLogRegister
void JsonDCERPCLogRegister(void)
Definition output-json-dcerpc.c:67

output-json-dcerpc.h

CreateEveHeader
SCJsonBuilder * CreateEveHeader(const Packet *p, enum SCOutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
Definition output-json.c:850

OutputJsonBuilderBuffer
void OutputJsonBuilderBuffer(ThreadVars *tv, const Packet *p, Flow *f, SCJsonBuilder *js, OutputJsonThreadCtx *ctx)
Definition output-json.c:1015

output-json.h

OutputRegisterTxSubModule
void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition output.c:406

output.h

rust.h

Flow_
Flow data structure.
Definition flow.h:356

OutputCtx_
Definition tm-modules.h:88

OutputInitResult_
Definition output.h:46

OutputJsonThreadCtx_
Definition output-json.h:83

OutputJsonThreadCtx_::buffer
MemBuffer * buffer
Definition output-json.h:86

OutputJsonThreadCtx_::ctx
OutputJsonCtx * ctx
Definition output-json.h:84

Packet_
Definition decode.h:501

Packet_::flow
struct Flow_ * flow
Definition decode.h:546

Packet_::proto
uint8_t proto
Definition decode.h:523

SCConfNode_
Definition conf.h:37

ThreadVars_
Per thread variable structure.
Definition threadvars.h:58

suricata-common.h

LOGGER_JSON_TX
@ LOGGER_JSON_TX
Definition suricata-common.h:485

TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82

TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81

util-buffer.h

SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275

unlikely
#define unlikely(expr)
Definition util-optimize.h:35