/src/suricata7/src/output-json-dcerpc.c
Line | Count | Source |
1 | | /* Copyright (C) 2017-2021 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | #include "suricata-common.h" |
19 | | #include "util-buffer.h" |
20 | | #include "output.h" |
21 | | #include "output-json.h" |
22 | | #include "app-layer-parser.h" |
23 | | #include "output-json-dcerpc.h" |
24 | | #include "rust.h" |
25 | | |
26 | | |
27 | | static int JsonDCERPCLogger(ThreadVars *tv, void *thread_data, |
28 | | const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id) |
29 | 0 | { |
30 | 0 | OutputJsonThreadCtx *thread = thread_data; |
31 | |
|
32 | 0 | JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dcerpc", NULL, thread->ctx); |
33 | 0 | if (unlikely(jb == NULL)) { |
34 | 0 | return TM_ECODE_FAILED; |
35 | 0 | } |
36 | | |
37 | 0 | jb_open_object(jb, "dcerpc"); |
38 | 0 | if (p->proto == IPPROTO_TCP) { |
39 | 0 | if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) { |
40 | 0 | goto error; |
41 | 0 | } |
42 | 0 | } else { |
43 | 0 | if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) { |
44 | 0 | goto error; |
45 | 0 | } |
46 | 0 | } |
47 | 0 | jb_close(jb); |
48 | |
|
49 | 0 | MemBufferReset(thread->buffer); |
50 | 0 | OutputJsonBuilderBuffer(jb, thread); |
51 | |
|
52 | 0 | jb_free(jb); |
53 | 0 | return TM_ECODE_OK; |
54 | | |
55 | 0 | error: |
56 | 0 | jb_free(jb); |
57 | 0 | return TM_ECODE_FAILED; |
58 | 0 | } |
59 | | |
60 | | static OutputInitResult DCERPCLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) |
61 | 0 | { |
62 | 0 | AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_DCERPC); |
63 | 0 | AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_DCERPC); |
64 | 0 | return OutputJsonLogInitSub(conf, parent_ctx); |
65 | 0 | } |
66 | | |
67 | | void JsonDCERPCLogRegister(void) |
68 | 71 | { |
69 | | /* Register as an eve sub-module. */ |
70 | 71 | OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonDCERPCLog", "eve-log.dcerpc", |
71 | 71 | DCERPCLogInitSub, ALPROTO_DCERPC, JsonDCERPCLogger, JsonLogThreadInit, |
72 | 71 | JsonLogThreadDeinit, NULL); |
73 | | |
74 | 71 | SCLogDebug("DCERPC JSON logger registered."); |
75 | 71 | } |