56 #define MODULE_NAME "LogTlsStoreLog"
58 static char tls_logfile_base_dir[PATH_MAX] =
"/tmp";
60 static char logging_dir_not_writable;
62 #define LOGGING_WRITE_ISSUE_LIMIT 6
71 static int CreateFileName(
const Packet *p,
SSLState *state,
char *filename,
size_t filename_size)
79 if (snprintf(path,
sizeof(path),
"%s/%ld.%ld-%d.pem",
81 (
long int)p->
ts.tv_sec,
82 (
long int)p->
ts.tv_usec,
83 file_id) ==
sizeof(path))
86 strlcpy(filename, path, filename_size);
92 #define PEMHEADER "-----BEGIN CERTIFICATE-----\n"
93 #define PEMFOOTER "-----END CERTIFICATE-----\n"
95 char filename[PATH_MAX] =
"";
99 unsigned char* pembase64ptr = NULL;
107 CreateFileName(p, state, filename,
sizeof(filename));
108 if (strlen(filename) == 0) {
113 fp = fopen(filename,
"w");
117 "Can't create PEM file '%s' in '%s' directory",
118 filename, tls_logfile_base_dir);
119 logging_dir_not_writable++;
125 pemlen = Base64EncodeBufferSize(cert->
cert_len);
142 if (ret != SC_BASE64_OK) {
152 size_t loffset = pemlen >= 64 ? 64 : pemlen;
153 if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
155 if (fwrite(
"\n", 1, 1, fp) != 1)
169 memcpy(filename + (strlen(filename) - 3),
"meta", 4);
170 fpmeta = fopen(filename,
"w");
171 if (fpmeta != NULL) {
172 #define PRINT_BUF_LEN 46
178 goto end_fwrite_fpmeta;
179 if (fprintf(fpmeta,
"TIME: %s\n", timebuf) < 0)
180 goto end_fwrite_fpmeta;
182 if (fprintf(fpmeta,
"PCAP PKT NUM: %"PRIu64
"\n", p->
pcap_cnt) < 0)
183 goto end_fwrite_fpmeta;
185 if (fprintf(fpmeta,
"SRC IP: %s\n", srcip) < 0)
186 goto end_fwrite_fpmeta;
187 if (fprintf(fpmeta,
"DST IP: %s\n", dstip) < 0)
188 goto end_fwrite_fpmeta;
189 if (fprintf(fpmeta,
"PROTO: %" PRIu32
"\n", p->
proto) < 0)
190 goto end_fwrite_fpmeta;
192 if (fprintf(fpmeta,
"SRC PORT: %" PRIu16
"\n", sp) < 0)
193 goto end_fwrite_fpmeta;
194 if (fprintf(fpmeta,
"DST PORT: %" PRIu16
"\n", dp) < 0)
195 goto end_fwrite_fpmeta;
198 if (fprintf(fpmeta,
"TLS SUBJECT: %s\n"
200 "TLS FINGERPRINT: %s\n",
204 goto end_fwrite_fpmeta;
210 "Can't create meta file '%s' in '%s' directory",
211 filename, tls_logfile_base_dir);
212 logging_dir_not_writable++;
225 logging_dir_not_writable++;
232 logging_dir_not_writable++;
246 void *tx, uint64_t tx_id)
248 if (p->
flow == NULL) {
257 if (ssl_state == NULL) {
258 SCLogDebug(
"no tls state, so no request logging");
275 Flow *f,
void *state,
void *tx, uint64_t tx_id)
278 int ipproto = (
PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
286 LogTlsLogPem(aft, p, ssl_state, ipproto);
292 static TmEcode LogTlsStoreLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
299 if (initdata == NULL) {
300 SCLogDebug(
"Error getting context for LogTLSStore. \"initdata\" argument NULL");
305 struct stat stat_buf;
307 if (stat(tls_logfile_base_dir, &stat_buf) != 0) {
310 ret =
SCMkDir(tls_logfile_base_dir, S_IRWXU|S_IXGRP|S_IRGRP);
315 "Cannot create certs drop directory %s: %s",
316 tls_logfile_base_dir, strerror(err));
320 SCLogInfo(
"Created certs drop directory %s",
321 tls_logfile_base_dir);
347 static void LogTlsStoreLogExitPrintStats(
ThreadVars *
tv,
void *data)
364 static void LogTlsStoreLogDeInitCtx(
OutputCtx *output_ctx)
380 output_ctx->
data = NULL;
381 output_ctx->
DeInit = LogTlsStoreLogDeInitCtx;
384 const char *s_default_log_dir = NULL;
387 const char *s_base_dir = NULL;
389 if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
391 s_default_log_dir,
sizeof(tls_logfile_base_dir));
395 s_base_dir,
sizeof(tls_logfile_base_dir));
397 snprintf(tls_logfile_base_dir,
sizeof(tls_logfile_base_dir),
398 "%s/%s", s_default_log_dir, s_base_dir);
402 SCLogInfo(
"storing certs in %s", tls_logfile_base_dir);
407 result.
ctx = output_ctx;
415 "tls-store", LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLogger,
416 LogTlsStoreCondition, LogTlsStoreLogThreadInit,
417 LogTlsStoreLogThreadDeinit, LogTlsStoreLogExitPrintStats);