suricata
log-tlslog.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Roliers Jean-Paul <popof.fpn@gmail.co>
22  * \author Eric Leblond <eric@regit.org>
23  * \author Victor Julien <victor@inliniac.net>
24  * \author Paulo Pacheco <fooinha@gmail.com>
25  *
26  * Implements TLS logging portion of the engine.
27  */
28 
29 #include "suricata-common.h"
30 #include "debug.h"
31 #include "detect.h"
32 #include "pkt-var.h"
33 #include "conf.h"
34 
35 #include "threads.h"
36 #include "threadvars.h"
37 #include "tm-threads.h"
38 
39 #include "util-print.h"
40 #include "util-unittest.h"
41 
42 #include "util-debug.h"
43 
44 #include "output.h"
45 #include "log-tlslog.h"
46 #include "app-layer-ssl.h"
47 #include "app-layer.h"
48 #include "app-layer-parser.h"
49 #include "util-privs.h"
50 #include "util-buffer.h"
51 
52 #include "util-logopenfile.h"
53 #include "util-time.h"
54 #include "log-cf-common.h"
55 
56 #define DEFAULT_LOG_FILENAME "tls.log"
57 
58 #define MODULE_NAME "LogTlsLog"
59 
60 #define PRINT_BUF_LEN 46
61 
62 #define OUTPUT_BUFFER_SIZE 65535
63 #define CERT_ENC_BUFFER_SIZE 2048
64 
65 #define LOG_TLS_DEFAULT 0
66 #define LOG_TLS_EXTENDED 1
67 #define LOG_TLS_CUSTOM 2
68 
69 #define LOG_TLS_SESSION_RESUMPTION 4
70 
71 #define LOG_TLS_CF_VERSION 'v'
72 #define LOG_TLS_CF_DATE_NOT_BEFORE 'd'
73 #define LOG_TLS_CF_DATE_NOT_AFTER 'D'
74 #define LOG_TLS_CF_SHA1 'f'
75 #define LOG_TLS_CF_SNI 'n'
76 #define LOG_TLS_CF_SUBJECT 's'
77 #define LOG_TLS_CF_ISSUER 'i'
78 #define LOG_TLS_CF_EXTENDED 'E'
79 
80 typedef struct LogTlsFileCtx_ {
82  uint32_t flags; /** Store mode */
85 
86 typedef struct LogTlsLogThread_ {
88 
89  /* LogTlsFileCtx has the pointer to the file and a mutex to allow
90  multithreading. */
91  uint32_t tls_cnt;
92 
95 
96 int TLSGetIPInformations(const Packet *p, char* srcip, size_t srcip_len,
97  Port* sp, char* dstip, size_t dstip_len, Port* dp,
98  int ipproto)
99 {
100  if ((PKT_IS_TOSERVER(p))) {
101  switch (ipproto) {
102  case AF_INET:
103  PrintInet(AF_INET, (const void *) GET_IPV4_SRC_ADDR_PTR(p),
104  srcip, srcip_len);
105  PrintInet(AF_INET, (const void *) GET_IPV4_DST_ADDR_PTR(p),
106  dstip, dstip_len);
107  break;
108  case AF_INET6:
109  PrintInet(AF_INET6, (const void *) GET_IPV6_SRC_ADDR(p), srcip,
110  srcip_len);
111  PrintInet(AF_INET6, (const void *) GET_IPV6_DST_ADDR(p), dstip,
112  dstip_len);
113  break;
114  default:
115  return 0;
116  }
117  *sp = p->sp;
118  *dp = p->dp;
119  } else {
120  switch (ipproto) {
121  case AF_INET:
122  PrintInet(AF_INET, (const void *) GET_IPV4_DST_ADDR_PTR(p),
123  srcip, srcip_len);
124  PrintInet(AF_INET, (const void *) GET_IPV4_SRC_ADDR_PTR(p),
125  dstip, dstip_len);
126  break;
127  case AF_INET6:
128  PrintInet(AF_INET6, (const void *) GET_IPV6_DST_ADDR(p), srcip,
129  srcip_len);
130  PrintInet(AF_INET6, (const void *) GET_IPV6_SRC_ADDR(p), dstip,
131  dstip_len);
132  break;
133  default:
134  return 0;
135  }
136  *sp = p->dp;
137  *dp = p->sp;
138  }
139  return 1;
140 }
141 
142 static TmEcode LogTlsLogThreadInit(ThreadVars *t, const void *initdata,
143  void **data)
144 {
145  LogTlsLogThread *aft = SCMalloc(sizeof(LogTlsLogThread));
146  if (unlikely(aft == NULL))
147  return TM_ECODE_FAILED;
148 
149  memset(aft, 0, sizeof(LogTlsLogThread));
150 
151  if (initdata == NULL) {
152  SCLogDebug("Error getting context for TLSLog. \"initdata\" argument NULL");
153  SCFree(aft);
154  return TM_ECODE_FAILED;
155  }
156 
158  if (aft->buffer == NULL) {
159  SCFree(aft);
160  return TM_ECODE_FAILED;
161  }
162 
163  /* Use the Output Context (file pointer and mutex) */
164  aft->tlslog_ctx = ((OutputCtx *) initdata)->data;
165 
166  *data = (void *)aft;
167  return TM_ECODE_OK;
168 }
169 
170 static TmEcode LogTlsLogThreadDeinit(ThreadVars *t, void *data)
171 {
172  LogTlsLogThread *aft = (LogTlsLogThread *)data;
173  if (aft == NULL) {
174  return TM_ECODE_OK;
175  }
176 
177  MemBufferFree(aft->buffer);
178  memset(aft, 0, sizeof(LogTlsLogThread));
179 
180  SCFree(aft);
181  return TM_ECODE_OK;
182 }
183 
184 static void LogTlsLogDeInitCtx(OutputCtx *output_ctx)
185 {
186  LogTlsFileCtx *tlslog_ctx = (LogTlsFileCtx *) output_ctx->data;
187  LogFileFreeCtx(tlslog_ctx->file_ctx);
188  LogCustomFormatFree(tlslog_ctx->cf);
189  SCFree(tlslog_ctx);
190  SCFree(output_ctx);
191 }
192 
193 static void LogTlsLogExitPrintStats(ThreadVars *tv, void *data)
194 {
195  LogTlsLogThread *aft = (LogTlsLogThread *)data;
196  if (aft == NULL) {
197  return;
198  }
199 
200  SCLogInfo("TLS logger logged %" PRIu32 " requests", aft->tls_cnt);
201 }
202 
203 /** \brief Create a new tls log LogFileCtx.
204  * \param conf Pointer to ConfNode containing this loggers configuration.
205  * \return NULL if failure, LogFileCtx* to the file_ctx if succesful
206  * */
207 static OutputInitResult LogTlsLogInitCtx(ConfNode *conf)
208 {
209  OutputInitResult result = { NULL, false };
210  LogFileCtx* file_ctx = LogFileNewCtx();
211 
212  if (file_ctx == NULL) {
213  SCLogError(SC_ERR_TLS_LOG_GENERIC, "LogTlsLogInitCtx: Couldn't "
214  "create new file_ctx");
215  return result;
216  }
217 
218  if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
219  goto filectx_error;
220  }
221 
222  LogTlsFileCtx *tlslog_ctx = SCCalloc(1, sizeof(LogTlsFileCtx));
223  if (unlikely(tlslog_ctx == NULL)) {
224  goto filectx_error;
225  }
226  tlslog_ctx->file_ctx = file_ctx;
227 
228  const char *extended = ConfNodeLookupChildValue(conf, "extended");
229  const char *custom = ConfNodeLookupChildValue(conf, "custom");
230  const char *customformat = ConfNodeLookupChildValue(conf, "customformat");
231 
232  /* If custom logging format is selected, lets parse it */
233  if (custom != NULL && customformat != NULL && ConfValIsTrue(custom)) {
234  tlslog_ctx->cf = LogCustomFormatAlloc();
235  if (!tlslog_ctx->cf) {
236  goto tlslog_error;
237  }
238 
239  tlslog_ctx->flags |= LOG_TLS_CUSTOM;
240 
241  if (!LogCustomFormatParse(tlslog_ctx->cf, customformat)) {
242  goto parser_error;
243  }
244  } else {
245  if (extended == NULL) {
246  tlslog_ctx->flags |= LOG_TLS_DEFAULT;
247  } else {
248  if (ConfValIsTrue(extended)) {
249  tlslog_ctx->flags |= LOG_TLS_EXTENDED;
250  }
251  }
252  }
253 
254  const char *resumption = ConfNodeLookupChildValue(conf,
255  "session-resumption");
256  if (resumption == NULL || ConfValIsTrue(resumption)) {
257  tlslog_ctx->flags |= LOG_TLS_SESSION_RESUMPTION;
258  }
259 
260  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
261  if (unlikely(output_ctx == NULL)) {
262  goto tlslog_error;
263  }
264  output_ctx->data = tlslog_ctx;
265  output_ctx->DeInit = LogTlsLogDeInitCtx;
266 
267  SCLogDebug("TLS log output initialized");
268 
269  /* Enable the logger for the app layer */
271 
272  result.ctx = output_ctx;
273  result.ok = true;
274  return result;
275 
276 parser_error:
277  SCLogError(SC_ERR_INVALID_ARGUMENT, "Syntax error in custom tls log "
278  "format string.");
279 tlslog_error:
280  LogCustomFormatFree(tlslog_ctx->cf);
281  SCFree(tlslog_ctx);
282 filectx_error:
283  LogFileFreeCtx(file_ctx);
284  return result;
285 }
286 
287 static void LogTlsLogVersion(MemBuffer *buffer, uint16_t version)
288 {
289  char ssl_version[SSL_VERSION_MAX_STRLEN];
290  SSLVersionToString(version, ssl_version);
291  MemBufferWriteString(buffer, "VERSION='%s'", ssl_version);
292 }
293 
294 static void LogTlsLogDate(MemBuffer *buffer, const char *title, time_t *date)
295 {
296  char timebuf[64] = {0};
297  struct timeval tv;
298  tv.tv_sec = *date;
299  tv.tv_usec = 0;
300  CreateUtcIsoTimeString(&tv, timebuf, sizeof(timebuf));
301  MemBufferWriteString(buffer, "%s='%s'", title, timebuf);
302 }
303 
304 static void LogTlsLogString(MemBuffer *buffer, const char *title,
305  const char *value)
306 {
307  MemBufferWriteString(buffer, "%s='%s'", title, value);
308 }
309 
310 static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state,
311  const struct timeval *ts, char *srcip, Port sp,
312  char *dstip, Port dp)
313 {
314  char timebuf[64];
315  CreateTimeString(ts, timebuf, sizeof(timebuf));
317  "%s %s:%d -> %s:%d TLS:",
318  timebuf, srcip, sp, dstip, dp);
319 
320  if (ssl_state->server_connp.cert0_subject != NULL) {
321  MemBufferWriteString(aft->buffer, " Subject='%s'",
322  ssl_state->server_connp.cert0_subject);
323  }
324 
325  if (ssl_state->server_connp.cert0_issuerdn != NULL) {
326  MemBufferWriteString(aft->buffer, " Issuerdn='%s'",
327  ssl_state->server_connp.cert0_issuerdn);
328  }
329 
330  if (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) {
331  /* Only log a session as 'resumed' if a certificate has not
332  been seen. */
333  if ((ssl_state->server_connp.cert0_issuerdn == NULL) &&
334  (ssl_state->server_connp.cert0_subject == NULL) &&
335  (ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
336  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
337  MemBufferWriteString(aft->buffer, " Session='resumed'");
338  }
339  }
340 }
341 
342 static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state,
343  const struct timeval *ts, char *srcip, Port sp,
344  char *dstip, Port dp)
345 {
346  if (ssl_state->server_connp.cert0_fingerprint != NULL) {
348  LogTlsLogString(aft->buffer, "SHA1",
349  ssl_state->server_connp.cert0_fingerprint);
350  }
351  if (ssl_state->client_connp.sni != NULL) {
353  LogTlsLogString(aft->buffer, "SNI", ssl_state->client_connp.sni);
354  }
355  if (ssl_state->server_connp.cert0_serial != NULL) {
357  LogTlsLogString(aft->buffer, "SERIAL",
358  ssl_state->server_connp.cert0_serial);
359  }
360 
362  LogTlsLogVersion(aft->buffer, ssl_state->server_connp.version);
363 
364  if (ssl_state->server_connp.cert0_not_before != 0) {
366  LogTlsLogDate(aft->buffer, "NOTBEFORE",
367  &ssl_state->server_connp.cert0_not_before);
368  }
369  if (ssl_state->server_connp.cert0_not_after != 0) {
371  LogTlsLogDate(aft->buffer, "NOTAFTER",
372  &ssl_state->server_connp.cert0_not_after);
373  }
374 }
375 
376 /* Custom format logging */
377 static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state,
378  const struct timeval *ts, char *srcip, Port sp,
379  char *dstip, Port dp)
380 {
381  LogTlsFileCtx *tlslog_ctx = aft->tlslog_ctx;
382  uint32_t i;
383  char buf[64];
384 
385  for (i = 0; i < tlslog_ctx->cf->cf_n; i++)
386  {
387  LogCustomFormatNode *node = tlslog_ctx->cf->cf_nodes[i];
388  if (!node) /* Should never happen */
389  continue;
390 
391  switch (node->type) {
392  case LOG_CF_LITERAL:
393  /* LITERAL */
394  MemBufferWriteString(aft->buffer, "%s", node->data);
395  break;
396  case LOG_CF_TIMESTAMP:
397  /* TIMESTAMP */
399  break;
400  case LOG_CF_TIMESTAMP_U:
401  /* TIMESTAMP USECONDS */
402  snprintf(buf, sizeof(buf), "%06u", (unsigned int) ts->tv_usec);
403  PrintRawUriBuf((char *)aft->buffer->buffer,
404  &aft->buffer->offset,
405  aft->buffer->size, (uint8_t *)buf,
406  MIN(strlen(buf),6));
407  break;
408  case LOG_CF_CLIENT_IP:
409  /* CLIENT IP ADDRESS */
410  PrintRawUriBuf((char *)aft->buffer->buffer,
411  &aft->buffer->offset, aft->buffer->size,
412  (uint8_t *)srcip,strlen(srcip));
413  break;
414  case LOG_CF_SERVER_IP:
415  /* SERVER IP ADDRESS */
416  PrintRawUriBuf((char *)aft->buffer->buffer,
417  &aft->buffer->offset, aft->buffer->size,
418  (uint8_t *)dstip, strlen(dstip));
419  break;
420  case LOG_CF_CLIENT_PORT:
421  /* CLIENT PORT */
422  MemBufferWriteString(aft->buffer, "%" PRIu16 "", sp);
423  break;
424  case LOG_CF_SERVER_PORT:
425  /* SERVER PORT */
426  MemBufferWriteString(aft->buffer, "%" PRIu16 "", dp);
427  break;
428  case LOG_TLS_CF_VERSION:
429  LogTlsLogVersion(aft->buffer, ssl_state->server_connp.version);
430  break;
432  LogTlsLogDate(aft->buffer, "NOTBEFORE",
433  &ssl_state->server_connp.cert0_not_before);
434  break;
436  LogTlsLogDate(aft->buffer, "NOTAFTER",
437  &ssl_state->server_connp.cert0_not_after);
438  break;
439  case LOG_TLS_CF_SHA1:
440  if (ssl_state->server_connp.cert0_fingerprint != NULL) {
441  MemBufferWriteString(aft->buffer, "%s",
442  ssl_state->server_connp.cert0_fingerprint);
443  } else {
445  }
446  break;
447  case LOG_TLS_CF_SNI:
448  if (ssl_state->client_connp.sni != NULL) {
449  MemBufferWriteString(aft->buffer, "%s",
450  ssl_state->client_connp.sni);
451  } else {
453  }
454  break;
455  case LOG_TLS_CF_SUBJECT:
456  if (ssl_state->server_connp.cert0_subject != NULL) {
457  MemBufferWriteString(aft->buffer, "%s",
458  ssl_state->server_connp.cert0_subject);
459  } else {
461  }
462  break;
463  case LOG_TLS_CF_ISSUER:
464  if (ssl_state->server_connp.cert0_issuerdn != NULL) {
465  MemBufferWriteString(aft->buffer, "%s",
466  ssl_state->server_connp.cert0_issuerdn);
467  } else {
469  }
470  break;
471  case LOG_TLS_CF_EXTENDED:
472  /* Extended format */
473  LogTlsLogExtended(aft, ssl_state, ts, srcip, sp, dstip, dp);
474  break;
475  default:
476  /* NO MATCH */
478  SCLogDebug("No matching parameter %%%c for custom tls log.",
479  node->type);
480  break;
481  }
482  }
483 }
484 
485 
486 static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
487  Flow *f, void *state, void *tx, uint64_t tx_id)
488 {
489  LogTlsLogThread *aft = (LogTlsLogThread *)thread_data;
490  LogTlsFileCtx *hlog = aft->tlslog_ctx;
491  int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
492 
493  SSLState *ssl_state = (SSLState *)state;
494  if (unlikely(ssl_state == NULL)) {
495  return 0;
496  }
497 
498  if (((hlog->flags & LOG_TLS_SESSION_RESUMPTION) == 0 ||
499  (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) == 0) &&
500  (ssl_state->server_connp.cert0_issuerdn == NULL ||
501  ssl_state->server_connp.cert0_subject == NULL) &&
502  ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
503  return 0;
504  }
505 
506  char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
507 
508  Port sp, dp;
509  if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN, &sp, dstip,
510  PRINT_BUF_LEN, &dp, ipproto)) {
511  return 0;
512  }
513 
514  MemBufferReset(aft->buffer);
515 
516  if (hlog->flags & LOG_TLS_CUSTOM) {
517  LogTlsLogCustom(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
518  } else if (hlog->flags & LOG_TLS_EXTENDED) {
519  LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
520  LogTlsLogExtended(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
521  } else {
522  LogTlsLogBasic(aft, ssl_state, &p->ts, srcip, sp, dstip, dp);
523  }
524 
525  MemBufferWriteString(aft->buffer, "\n");
526 
527  aft->tls_cnt++;
528 
529  hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
530  MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
531 
532  return 0;
533 }
534 
536 {
538  LogTlsLogInitCtx, ALPROTO_TLS, LogTlsLogger, TLS_HANDSHAKE_DONE,
539  TLS_HANDSHAKE_DONE, LogTlsLogThreadInit, LogTlsLogThreadDeinit,
540  LogTlsLogExitPrintStats);
541 }
LogCustomFormatFree
void LogCustomFormatFree(LogCustomFormat *cf)
Frees memory held by a custom format.
Definition: log-cf-common.c:78
SSLStateConnp_::cert0_not_before
time_t cert0_not_before
Definition: app-layer-ssl.h:215
tm-threads.h
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:212
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:243
ts
uint64_t ts
Definition: source-erf-file.c:55
SC_ERR_TLS_LOG_GENERIC
@ SC_ERR_TLS_LOG_GENERIC
Definition: util-error.h:126
LOG_TLS_SESSION_RESUMPTION
#define LOG_TLS_SESSION_RESUMPTION
Definition: log-tlslog.c:69
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:260
ALPROTO_TLS
@ ALPROTO_TLS
Definition: app-layer-protos.h:33
LogFileNewCtx
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
Definition: util-logopenfile.c:641
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
LogTlsFileCtx_::flags
uint32_t flags
Definition: log-tlslog.c:82
OUTPUT_BUFFER_SIZE
#define OUTPUT_BUFFER_SIZE
Definition: log-tlslog.c:62
DEFAULT_LOG_FILENAME
#define DEFAULT_LOG_FILENAME
Definition: log-tlslog.c:56
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:261
SSL_AL_FLAG_SESSION_RESUMED
#define SSL_AL_FLAG_SESSION_RESUMED
Definition: app-layer-ssl.h:121
threads.h
LogCustomFormatAlloc
LogCustomFormat * LogCustomFormatAlloc()
Creates a custom format.
Definition: log-cf-common.c:52
Flow_
Flow data structure.
Definition: flow.h:356
LogTlsLogRegister
void LogTlsLogRegister(void)
Definition: log-tlslog.c:535
SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:101
LogTlsLogThread_::buffer
MemBuffer * buffer
Definition: log-tlslog.c:93
LogFileCtx_
Definition: util-logopenfile.h:64
LOG_CF_LITERAL
#define LOG_CF_LITERAL
Definition: log-cf-common.h:40
SSL_VERSION_MAX_STRLEN
#define SSL_VERSION_MAX_STRLEN
Definition: app-layer-ssl.h:149
LogTlsFileCtx_::file_ctx
LogFileCtx * file_ctx
Definition: log-tlslog.c:81
LOG_TLS_CUSTOM
#define LOG_TLS_CUSTOM
Definition: log-tlslog.c:67
MIN
#define MIN(x, y)
Definition: suricata-common.h:372
util-privs.h
LogFileCtx_::Write
int(* Write)(const char *buffer, int buffer_len, struct LogFileCtx_ *fp)
Definition: util-logopenfile.h:80
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:220
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
LOG_CF_CLIENT_PORT
#define LOG_CF_CLIENT_PORT
Definition: log-cf-common.h:45
GET_IPV6_DST_ADDR
#define GET_IPV6_DST_ADDR(p)
Definition: decode.h:231
util-unittest.h
MemBuffer_::offset
uint32_t offset
Definition: util-buffer.h:30
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:213
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:521
OutputCtx_::data
void * data
Definition: tm-modules.h:81
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:82
OutputCtx_
Definition: tm-modules.h:78
SCConfLogOpenGeneric
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
Definition: util-logopenfile.c:429
LogCustomFormat_::cf_n
uint32_t cf_n
Definition: log-cf-common.h:74
LogCustomFormatNode_
Definition: log-cf-common.h:66
PRINT_BUF_LEN
#define PRINT_BUF_LEN
Definition: log-tlslog.c:60
LOG_TLS_DEFAULT
#define LOG_TLS_DEFAULT
Definition: log-tlslog.c:65
LogCustomFormatNode_::type
uint32_t type
Definition: log-cf-common.h:67
LOG_TLS_CF_DATE_NOT_AFTER
#define LOG_TLS_CF_DATE_NOT_AFTER
Definition: log-tlslog.c:73
MODULE_NAME
#define MODULE_NAME
Definition: log-tlslog.c:58
SSLStateConnp_::cert0_not_after
time_t cert0_not_after
Definition: app-layer-ssl.h:216
LOG_TLS_CF_SUBJECT
#define LOG_TLS_CF_SUBJECT
Definition: log-tlslog.c:76
util-debug.h
GET_IPV4_DST_ADDR_PTR
#define GET_IPV4_DST_ADDR_PTR(p)
Definition: decode.h:226
PKT_IS_TOSERVER
#define PKT_IS_TOSERVER(p)
Definition: decode.h:268
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:49
LOG_CF_CLIENT_IP
#define LOG_CF_CLIENT_IP
Definition: log-cf-common.h:43
LOG_CF_TIMESTAMP
#define LOG_CF_TIMESTAMP
Definition: log-cf-common.h:41
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:491
LogTlsLogThread
struct LogTlsLogThread_ LogTlsLogThread
util-print.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PrintInet
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition: util-print.c:274
pkt-var.h
Packet_::sp
Port sp
Definition: decode.h:449
LOG_CF_SERVER_PORT
#define LOG_CF_SERVER_PORT
Definition: log-cf-common.h:46
SSLVersionToString
void SSLVersionToString(uint16_t version, char *buffer)
Definition: app-layer-ssl.c:323
util-time.h
OutputInitResult_::ok
bool ok
Definition: output.h:50
log-tlslog.h
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
LOGGER_TLS
@ LOGGER_TLS
Definition: suricata-common.h:443
app-layer-parser.h
Packet_
Definition: decode.h:442
LOG_CF_TIMESTAMP_U
#define LOG_CF_TIMESTAMP_U
Definition: log-cf-common.h:42
conf.h
Port
uint16_t Port
Definition: decode.h:246
TmEcode
TmEcode
Definition: tm-threads-common.h:81
CreateTimeString
void CreateTimeString(const struct timeval *ts, char *str, size_t size)
Definition: util-time.c:276
LOG_CF_WRITE_UNKNOWN_VALUE
#define LOG_CF_WRITE_UNKNOWN_VALUE(buffer)
Definition: log-cf-common.h:59
MemBuffer_
Definition: util-buffer.h:27
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
LogCustomFormat_
Definition: log-cf-common.h:73
LOG_TLS_CF_VERSION
#define LOG_TLS_CF_VERSION
Definition: log-tlslog.c:71
LogCustomFormatNode_::data
char data[LOG_NODE_STRLEN]
Definition: log-cf-common.h:69
MemBufferReset
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
Definition: util-buffer.h:42
OutputInitResult_
Definition: output.h:48
GET_IPV4_SRC_ADDR_PTR
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition: decode.h:225
LogTlsFileCtx
struct LogTlsFileCtx_ LogTlsFileCtx
Packet_::ts
struct timeval ts
Definition: decode.h:485
suricata-common.h
OutputCtx_::DeInit
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
MemBufferFree
void MemBufferFree(MemBuffer *buffer)
Definition: util-buffer.c:82
MemBufferWriteString
#define MemBufferWriteString(dst,...)
Write a string buffer to the Membuffer dst.
Definition: util-buffer.h:162
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
version
uint8_t version
Definition: decode-gre.h:1
LogFileFreeCtx
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
Definition: util-logopenfile.c:826
LogTlsLogThread_::tls_cnt
uint32_t tls_cnt
Definition: log-tlslog.c:91
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
threadvars.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
log-cf-common.h
LogTlsLogThread_::tlslog_ctx
LogTlsFileCtx * tlslog_ctx
Definition: log-tlslog.c:87
LOG_TLS_CF_SNI
#define LOG_TLS_CF_SNI
Definition: log-tlslog.c:75
TLSGetIPInformations
int TLSGetIPInformations(const Packet *p, char *srcip, size_t srcip_len, Port *sp, char *dstip, size_t dstip_len, Port *dp, int ipproto)
Definition: log-tlslog.c:96
GET_IPV6_SRC_ADDR
#define GET_IPV6_SRC_ADDR(p)
Definition: decode.h:230
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
util-logopenfile.h
LOG_TLS_CF_DATE_NOT_BEFORE
#define LOG_TLS_CF_DATE_NOT_BEFORE
Definition: log-tlslog.c:72
util-buffer.h
LogCustomFormat_::cf_nodes
LogCustomFormatNode * cf_nodes[LOG_MAXN_NODES]
Definition: log-cf-common.h:75
OutputRegisterTxModuleWithProgress
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
Definition: output.c:370
LOG_CF_SERVER_IP
#define LOG_CF_SERVER_IP
Definition: log-cf-common.h:44
LOG_TLS_CF_ISSUER
#define LOG_TLS_CF_ISSUER
Definition: log-tlslog.c:77
LOG_CF_NONE
#define LOG_CF_NONE
Definition: log-cf-common.h:39
LOG_TLS_EXTENDED
#define LOG_TLS_EXTENDED
Definition: log-tlslog.c:66
PrintRawUriBuf
void PrintRawUriBuf(char *retbuf, uint32_t *offset, uint32_t retbuflen, uint8_t *buf, uint32_t buflen)
Definition: util-print.c:120
MemBuffer_::size
uint32_t size
Definition: util-buffer.h:29
MEMBUFFER_BUFFER
#define MEMBUFFER_BUFFER(mem_buffer)
Get the MemBuffers underlying buffer.
Definition: util-buffer.h:50
LogCustomFormatWriteTimestamp
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts)
Writes a timestamp with given format into a MemBuffer.
Definition: log-cf-common.c:209
MemBuffer_::buffer
uint8_t * buffer
Definition: util-buffer.h:28
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:217
MEMBUFFER_OFFSET
#define MEMBUFFER_OFFSET(mem_buffer)
Get the MemBuffers current offset.
Definition: util-buffer.h:55
Packet_::dp
Port dp
Definition: decode.h:457
LOG_CF_WRITE_SPACE_SEPARATOR
#define LOG_CF_WRITE_SPACE_SEPARATOR(buffer)
Definition: log-cf-common.h:56
TLS_HANDSHAKE_DONE
@ TLS_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
LogTlsFileCtx_::cf
LogCustomFormat * cf
Definition: log-tlslog.c:83
CreateUtcIsoTimeString
void CreateUtcIsoTimeString(const struct timeval *ts, char *str, size_t size)
Definition: util-time.c:234
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:262
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:214
app-layer-ssl.h
LOG_TLS_CF_SHA1
#define LOG_TLS_CF_SHA1
Definition: log-tlslog.c:74
SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
Definition: app-layer-ssl.h:128
MemBufferCreateNew
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition: util-buffer.c:32
LOG_TLS_CF_EXTENDED
#define LOG_TLS_CF_EXTENDED
Definition: log-tlslog.c:78
debug.h
output.h
LogTlsFileCtx_
Definition: log-tlslog.c:80
LogCustomFormatParse
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
Parses and saves format nodes for custom format.
Definition: log-cf-common.c:94
app-layer.h
LogTlsLogThread_
Definition: log-tlslog.c:86
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:249
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:199
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:798