suricata
log-tlslog.c File Reference
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "log-tlslog.h"
#include "app-layer-ssl.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "util-crypt.h"
#include "util-time.h"
#include "log-cf-common.h"
Include dependency graph for log-tlslog.c:

Go to the source code of this file.

Data Structures

struct  LogTlsFileCtx_
 
struct  LogTlsLogThread_
 

Macros

#define DEFAULT_LOG_FILENAME   "tls.log"
 
#define MODULE_NAME   "LogTlsLog"
 
#define OUTPUT_BUFFER_SIZE   65535
 
#define CERT_ENC_BUFFER_SIZE   2048
 
#define LOG_TLS_DEFAULT   0
 
#define LOG_TLS_EXTENDED   1
 
#define LOG_TLS_CUSTOM   2
 
#define LOG_TLS_SESSION_RESUMPTION   4
 
#define LOG_TLS_CF_VERSION   'v'
 
#define LOG_TLS_CF_DATE_NOT_BEFORE   'd'
 
#define LOG_TLS_CF_DATE_NOT_AFTER   'D'
 
#define LOG_TLS_CF_SHA1   'f'
 
#define LOG_TLS_CF_SNI   'n'
 
#define LOG_TLS_CF_SUBJECT   's'
 
#define LOG_TLS_CF_ISSUER   'i'
 
#define LOG_TLS_CF_EXTENDED   'E'
 
#define PRINT_BUF_LEN   46
 

Typedefs

typedef struct LogTlsFileCtx_ LogTlsFileCtx
 
typedef struct LogTlsLogThread_ LogTlsLogThread
 

Functions

int TLSGetIPInformations (const Packet *p, char *srcip, size_t srcip_len, Port *sp, char *dstip, size_t dstip_len, Port *dp, int ipproto)
 
void LogTlsLogRegister (void)
 

Detailed Description

Author
Roliers Jean-Paul popof.nosp@m..fpn.nosp@m.@gmai.nosp@m.l.co
Eric Leblond eric@.nosp@m.regi.nosp@m.t.org
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Paulo Pacheco fooin.nosp@m.ha@g.nosp@m.mail..nosp@m.com

Implements TLS logging portion of the engine. The TLS logger is implemented as a packet logger, as the TLS parser is not transaction aware.

Definition in file log-tlslog.c.

Macro Definition Documentation

#define CERT_ENC_BUFFER_SIZE   2048

Definition at line 64 of file log-tlslog.c.

#define DEFAULT_LOG_FILENAME   "tls.log"

Definition at line 59 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_DATE_NOT_AFTER   'D'

Definition at line 73 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_DATE_NOT_BEFORE   'd'

Definition at line 72 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_EXTENDED   'E'

Definition at line 78 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_ISSUER   'i'

Definition at line 77 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_SHA1   'f'

Definition at line 74 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_SNI   'n'

Definition at line 75 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_SUBJECT   's'

Definition at line 76 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CF_VERSION   'v'

Definition at line 71 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_CUSTOM   2

Definition at line 68 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_DEFAULT   0

Definition at line 66 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_EXTENDED   1

Definition at line 67 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define LOG_TLS_SESSION_RESUMPTION   4

Definition at line 69 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define MODULE_NAME   "LogTlsLog"

Definition at line 61 of file log-tlslog.c.

Referenced by LogTlsLogRegister().

#define OUTPUT_BUFFER_SIZE   65535

Definition at line 63 of file log-tlslog.c.

Referenced by TLSGetIPInformations().

#define PRINT_BUF_LEN   46

Referenced by TLSGetIPInformations().

Typedef Documentation

typedef struct LogTlsFileCtx_ LogTlsFileCtx

Function Documentation

void LogTlsLogRegister ( void  )

Definition at line 500 of file log-tlslog.c.

References ALPROTO_TLS, LOGGER_TLS, MODULE_NAME, OutputRegisterTxModuleWithProgress(), and TLS_HANDSHAKE_DONE.

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:

Here is the caller graph for this function:

int TLSGetIPInformations ( const Packet p,
char *  srcip,
size_t  srcip_len,
Port sp,
char *  dstip,
size_t  dstip_len,
Port dp,
int  ipproto 
)

Definition at line 145 of file log-tlslog.c.

References ALPROTO_TLS, AppLayerParserRegisterLogger(), MemBuffer_::buffer, LogTlsLogThread_::buffer, SSLStateConnp_::cert0_fingerprint, SSLStateConnp_::cert0_issuerdn, SSLStateConnp_::cert0_not_after, SSLStateConnp_::cert0_not_before, SSLStateConnp_::cert0_subject, LogTlsFileCtx_::cf, LogCustomFormat_::cf_n, LogCustomFormat_::cf_nodes, SSLState_::client_connp, ConfNodeLookupChildValue(), ConfValIsTrue(), CreateTimeString(), OutputInitResult_::ctx, LogCustomFormatNode_::data, OutputCtx_::data, DEFAULT_LOG_FILENAME, OutputCtx_::DeInit, Packet_::dp, LogTlsFileCtx_::file_ctx, LogTlsFileCtx_::flags, SSLState_::flags, GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, LOG_CF_CLIENT_IP, LOG_CF_CLIENT_PORT, LOG_CF_LITERAL, LOG_CF_NONE, LOG_CF_SERVER_IP, LOG_CF_SERVER_PORT, LOG_CF_TIMESTAMP, LOG_CF_TIMESTAMP_U, LOG_CF_WRITE_UNKNOWN_VALUE, LOG_TLS_CF_DATE_NOT_AFTER, LOG_TLS_CF_DATE_NOT_BEFORE, LOG_TLS_CF_EXTENDED, LOG_TLS_CF_ISSUER, LOG_TLS_CF_SHA1, LOG_TLS_CF_SNI, LOG_TLS_CF_SUBJECT, LOG_TLS_CF_VERSION, LOG_TLS_CUSTOM, LOG_TLS_DEFAULT, LOG_TLS_EXTENDED, LOG_TLS_SESSION_RESUMPTION, LogCustomFormatAlloc(), LogCustomFormatFree(), LogCustomFormatParse(), LogCustomFormatWriteTimestamp(), LogFileFreeCtx(), LogFileNewCtx(), MEMBUFFER_BUFFER, MEMBUFFER_OFFSET, MemBufferCreateNew(), MemBufferFree(), MemBufferReset, MemBufferWriteString, MIN, MemBuffer_::offset, OutputInitResult_::ok, OUTPUT_BUFFER_SIZE, PKT_IS_IPV4, PKT_IS_TOSERVER, PRINT_BUF_LEN, PrintInet(), PrintRawUriBuf(), SC_ERR_INVALID_ARGUMENT, SC_ERR_TLS_LOG_GENERIC, SCCalloc, SCConfLogOpenGeneric(), SCFree, SCLogDebug, SCLogError, SCLogInfo, SCMalloc, SSLState_::server_connp, MemBuffer_::size, SSLStateConnp_::sni, Packet_::sp, SSL_AL_FLAG_LOG_WITHOUT_CERT, SSL_AL_FLAG_SESSION_RESUMED, SSL_AL_FLAG_STATE_SERVER_HELLO, LogTlsLogThread_::tls_cnt, TLSGetIPInformations(), LogTlsLogThread_::tlslog_ctx, TM_ECODE_FAILED, TM_ECODE_OK, ts, Packet_::ts, tx_id, LogCustomFormatNode_::type, unlikely, SSLStateConnp_::version, and LogFileCtx_::Write.

Referenced by TLSGetIPInformations().

Here is the call graph for this function:

Here is the caller graph for this function: