Go to the documentation of this file.
56 #define DEFAULT_LOG_FILENAME "tls.log"
58 #define MODULE_NAME "LogTlsLog"
60 #define PRINT_BUF_LEN 46
62 #define OUTPUT_BUFFER_SIZE 65535
63 #define CERT_ENC_BUFFER_SIZE 2048
65 #define LOG_TLS_DEFAULT 0
66 #define LOG_TLS_EXTENDED 1
67 #define LOG_TLS_CUSTOM 2
69 #define LOG_TLS_SESSION_RESUMPTION 4
71 #define LOG_TLS_CF_VERSION 'v'
72 #define LOG_TLS_CF_DATE_NOT_BEFORE 'd'
73 #define LOG_TLS_CF_DATE_NOT_AFTER 'D'
74 #define LOG_TLS_CF_SHA1 'f'
75 #define LOG_TLS_CF_SNI 'n'
76 #define LOG_TLS_CF_SUBJECT 's'
77 #define LOG_TLS_CF_ISSUER 'i'
78 #define LOG_TLS_CF_EXTENDED 'E'
97 Port* sp,
char* dstip,
size_t dstip_len,
Port* dp,
151 if (initdata == NULL) {
152 SCLogDebug(
"Error getting context for TLSLog. \"initdata\" argument NULL");
158 if (aft->
buffer == NULL) {
184 static void LogTlsLogDeInitCtx(
OutputCtx *output_ctx)
193 static void LogTlsLogExitPrintStats(
ThreadVars *
tv,
void *data)
212 if (file_ctx == NULL) {
214 "create new file_ctx");
233 if (custom != NULL && customformat != NULL &&
ConfValIsTrue(custom)) {
235 if (!tlslog_ctx->
cf) {
245 if (extended == NULL) {
255 "session-resumption");
264 output_ctx->
data = tlslog_ctx;
265 output_ctx->
DeInit = LogTlsLogDeInitCtx;
272 result.
ctx = output_ctx;
294 static void LogTlsLogDate(
MemBuffer *buffer,
const char *title, time_t *date)
296 char timebuf[64] = {0};
304 static void LogTlsLogString(
MemBuffer *buffer,
const char *title,
311 const struct timeval *
ts,
char *srcip,
Port sp,
312 char *dstip,
Port dp)
317 "%s %s:%d -> %s:%d TLS:",
318 timebuf, srcip, sp, dstip, dp);
343 const struct timeval *
ts,
char *srcip,
Port sp,
344 char *dstip,
Port dp)
348 LogTlsLogString(aft->
buffer,
"SHA1",
357 LogTlsLogString(aft->
buffer,
"SERIAL",
366 LogTlsLogDate(aft->
buffer,
"NOTBEFORE",
371 LogTlsLogDate(aft->
buffer,
"NOTAFTER",
378 const struct timeval *
ts,
char *srcip,
Port sp,
379 char *dstip,
Port dp)
385 for (i = 0; i < tlslog_ctx->
cf->
cf_n; i++)
391 switch (node->
type) {
402 snprintf(buf,
sizeof(buf),
"%06u", (
unsigned int)
ts->tv_usec);
412 (uint8_t *)srcip,strlen(srcip));
418 (uint8_t *)dstip, strlen(dstip));
432 LogTlsLogDate(aft->
buffer,
"NOTBEFORE",
436 LogTlsLogDate(aft->
buffer,
"NOTAFTER",
473 LogTlsLogExtended(aft, ssl_state,
ts, srcip, sp, dstip, dp);
478 SCLogDebug(
"No matching parameter %%%c for custom tls log.",
487 Flow *f,
void *state,
void *tx, uint64_t tx_id)
491 int ipproto = (
PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
517 LogTlsLogCustom(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
519 LogTlsLogBasic(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
520 LogTlsLogExtended(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
522 LogTlsLogBasic(aft, ssl_state, &p->
ts, srcip, sp, dstip, dp);
540 LogTlsLogExitPrintStats);
void LogCustomFormatFree(LogCustomFormat *cf)
Frees memory held by a custom format.
SSLv[2.0|3.[0|1|2|3]] state structure.
#define LOG_TLS_SESSION_RESUMPTION
SSLStateConnp client_connp
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
#define OUTPUT_BUFFER_SIZE
#define DEFAULT_LOG_FILENAME
SSLStateConnp server_connp
#define SSL_AL_FLAG_SESSION_RESUMED
LogCustomFormat * LogCustomFormatAlloc()
Creates a custom format.
void LogTlsLogRegister(void)
#define SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_VERSION_MAX_STRLEN
int(* Write)(const char *buffer, int buffer_len, struct LogFileCtx_ *fp)
#define LOG_CF_CLIENT_PORT
#define GET_IPV6_DST_ADDR(p)
int ConfValIsTrue(const char *val)
Check if a value is true.
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
#define LOG_TLS_CF_DATE_NOT_AFTER
#define LOG_TLS_CF_SUBJECT
#define GET_IPV4_DST_ADDR_PTR(p)
#define PKT_IS_TOSERVER(p)
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
struct LogTlsLogThread_ LogTlsLogThread
Per thread variable structure.
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
#define LOG_CF_SERVER_PORT
void SSLVersionToString(uint16_t version, char *buffer)
@ SC_ERR_INVALID_ARGUMENT
#define LOG_CF_TIMESTAMP_U
void CreateTimeString(const struct timeval *ts, char *str, size_t size)
#define LOG_CF_WRITE_UNKNOWN_VALUE(buffer)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define LOG_TLS_CF_VERSION
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
#define GET_IPV4_SRC_ADDR_PTR(p)
struct LogTlsFileCtx_ LogTlsFileCtx
void(* DeInit)(struct OutputCtx_ *)
void MemBufferFree(MemBuffer *buffer)
#define MemBufferWriteString(dst,...)
Write a string buffer to the Membuffer dst.
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
LogTlsFileCtx * tlslog_ctx
int TLSGetIPInformations(const Packet *p, char *srcip, size_t srcip_len, Port *sp, char *dstip, size_t dstip_len, Port *dp, int ipproto)
#define GET_IPV6_SRC_ADDR(p)
#define LOG_TLS_CF_DATE_NOT_BEFORE
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
#define LOG_TLS_CF_ISSUER
void PrintRawUriBuf(char *retbuf, uint32_t *offset, uint32_t retbuflen, uint8_t *buf, uint32_t buflen)
#define MEMBUFFER_BUFFER(mem_buffer)
Get the MemBuffers underlying buffer.
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts)
Writes a timestamp with given format into a MemBuffer.
#define MEMBUFFER_OFFSET(mem_buffer)
Get the MemBuffers current offset.
#define LOG_CF_WRITE_SPACE_SEPARATOR(buffer)
void CreateUtcIsoTimeString(const struct timeval *ts, char *str, size_t size)
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
MemBuffer * MemBufferCreateNew(uint32_t size)
#define LOG_TLS_CF_EXTENDED
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
Parses and saves format nodes for custom format.
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.