57 #define DEFAULT_LOG_FILENAME "tls.log" 59 #define MODULE_NAME "LogTlsLog" 61 #define PRINT_BUF_LEN 46 63 #define OUTPUT_BUFFER_SIZE 65535 64 #define CERT_ENC_BUFFER_SIZE 2048 66 #define LOG_TLS_DEFAULT 0 67 #define LOG_TLS_EXTENDED 1 68 #define LOG_TLS_CUSTOM 2 70 #define LOG_TLS_SESSION_RESUMPTION 4 72 #define LOG_TLS_CF_VERSION 'v' 73 #define LOG_TLS_CF_DATE_NOT_BEFORE 'd' 74 #define LOG_TLS_CF_DATE_NOT_AFTER 'D' 75 #define LOG_TLS_CF_SHA1 'f' 76 #define LOG_TLS_CF_SNI 'n' 77 #define LOG_TLS_CF_SUBJECT 's' 78 #define LOG_TLS_CF_ISSUER 'i' 79 #define LOG_TLS_CF_EXTENDED 'E' 98 Port* sp,
char* dstip,
size_t dstip_len,
Port* dp,
152 if (initdata == NULL) {
153 SCLogDebug(
"Error getting context for TLSLog. \"initdata\" argument NULL");
159 if (aft->
buffer == NULL) {
185 static void LogTlsLogDeInitCtx(
OutputCtx *output_ctx)
194 static void LogTlsLogExitPrintStats(
ThreadVars *tv,
void *data)
213 if (file_ctx == NULL) {
215 "create new file_ctx");
234 if (custom != NULL && customformat != NULL &&
ConfValIsTrue(custom)) {
236 if (!tlslog_ctx->
cf) {
246 if (extended == NULL) {
256 "session-resumption");
265 output_ctx->
data = tlslog_ctx;
266 output_ctx->
DeInit = LogTlsLogDeInitCtx;
273 result.
ctx = output_ctx;
295 static void LogTlsLogDate(
MemBuffer *buffer,
const char *title, time_t *date)
297 char timebuf[64] = {0};
305 static void LogTlsLogString(
MemBuffer *buffer,
const char *title,
312 const struct timeval *
ts,
char *srcip,
Port sp,
313 char *dstip,
Port dp)
318 "%s %s:%d -> %s:%d TLS:",
319 timebuf, srcip, sp, dstip, dp);
344 const struct timeval *
ts,
char *srcip,
Port sp,
345 char *dstip,
Port dp)
349 LogTlsLogString(aft->
buffer,
"SHA1",
358 LogTlsLogString(aft->
buffer,
"SERIAL",
367 LogTlsLogDate(aft->
buffer,
"NOTBEFORE",
372 LogTlsLogDate(aft->
buffer,
"NOTAFTER",
379 const struct timeval *
ts,
char *srcip,
Port sp,
380 char *dstip,
Port dp)
386 for (i = 0; i < tlslog_ctx->
cf->
cf_n; i++)
392 switch (node->
type) {
403 snprintf(buf,
sizeof(buf),
"%06u", (
unsigned int)
ts->tv_usec);
413 (uint8_t *)srcip,strlen(srcip));
419 (uint8_t *)dstip, strlen(dstip));
433 LogTlsLogDate(aft->
buffer,
"NOTBEFORE",
437 LogTlsLogDate(aft->
buffer,
"NOTAFTER",
474 LogTlsLogExtended(aft, ssl_state,
ts, srcip, sp, dstip, dp);
479 SCLogDebug(
"No matching parameter %%%c for custom tls log.",
488 Flow *f,
void *state,
void *tx, uint64_t
tx_id)
492 int ipproto = (
PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
518 LogTlsLogCustom(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
520 LogTlsLogBasic(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
521 LogTlsLogExtended(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
523 LogTlsLogBasic(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
541 LogTlsLogExitPrintStats);
#define LOG_TLS_CF_DATE_NOT_AFTER
struct LogTlsLogThread_ LogTlsLogThread
#define SSL_AL_FLAG_SESSION_RESUMED
MemBuffer * MemBufferCreateNew(uint32_t size)
#define GET_IPV4_SRC_ADDR_PTR(p)
#define SSL_AL_FLAG_STATE_SERVER_HELLO
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
Parses and saves format nodes for custom format.
#define MemBufferWriteString(dst,...)
Write a string buffer to the Membuffer dst.
#define LOG_CF_WRITE_SPACE_SEPARATOR(buffer)
#define LOG_TLS_CF_VERSION
#define GET_IPV4_DST_ADDR_PTR(p)
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
SSLStateConnp server_connp
void(* DeInit)(struct OutputCtx_ *)
#define LOG_TLS_CF_SUBJECT
void CreateUtcIsoTimeString(const struct timeval *ts, char *str, size_t size)
#define LOG_CF_CLIENT_PORT
void SSLVersionToString(uint16_t version, char *buffer)
#define SSL_VERSION_MAX_STRLEN
#define LOG_TLS_CF_EXTENDED
SSLv[2.0|3.[0|1|2|3]] state structure.
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
#define LOG_CF_SERVER_PORT
LogTlsFileCtx * tlslog_ctx
struct LogTlsFileCtx_ LogTlsFileCtx
int TLSGetIPInformations(const Packet *p, char *srcip, size_t srcip_len, Port *sp, char *dstip, size_t dstip_len, Port *dp, int ipproto)
#define GET_IPV6_DST_ADDR(p)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
#define LOG_CF_WRITE_UNKNOWN_VALUE(buffer)
#define LOG_CF_TIMESTAMP_U
#define LOG_TLS_CF_ISSUER
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
#define PKT_IS_TOSERVER(p)
#define DEFAULT_LOG_FILENAME
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
#define LOG_TLS_CF_DATE_NOT_BEFORE
#define LOG_TLS_SESSION_RESUMPTION
#define MEMBUFFER_BUFFER(mem_buffer)
Get the MemBuffers underlying buffer.
int ConfValIsTrue(const char *val)
Check if a value is true.
void PrintRawUriBuf(char *retbuf, uint32_t *offset, uint32_t retbuflen, uint8_t *buf, uint32_t buflen)
int(* Write)(const char *buffer, int buffer_len, struct LogFileCtx_ *fp)
#define GET_IPV6_SRC_ADDR(p)
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define OUTPUT_BUFFER_SIZE
#define MEMBUFFER_OFFSET(mem_buffer)
Get the MemBuffers current offset.
Per thread variable structure.
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts)
Writes a timestamp with given format into a MemBuffer.
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
void LogTlsLogRegister(void)
SSLStateConnp client_connp
void MemBufferFree(MemBuffer *buffer)
void LogCustomFormatFree(LogCustomFormat *cf)
Frees memory held by a custom format.
void CreateTimeString(const struct timeval *ts, char *str, size_t size)
LogCustomFormat * LogCustomFormatAlloc()
Creates a custom format.