44 #define MODULE_NAME "LogTlsStoreLog"
46 static char tls_logfile_base_dir[PATH_MAX] =
"/tmp";
48 static char logging_dir_not_writable;
50 #define LOGGING_WRITE_ISSUE_LIMIT 6
59 static int CreateFileName(
const Packet *p,
SSLState *state,
char *filename,
size_t filename_size)
67 if (snprintf(path,
sizeof(path),
"%s/%ld.%ld-%d.pem", tls_logfile_base_dir,
69 file_id) ==
sizeof(path))
72 strlcpy(filename, path, filename_size);
78 #define PEMHEADER "-----BEGIN CERTIFICATE-----\n"
79 #define PEMFOOTER "-----END CERTIFICATE-----\n"
81 char filename[PATH_MAX] =
"";
85 unsigned char* pembase64ptr = NULL;
93 CreateFileName(p, state, filename,
sizeof(filename));
94 if (strlen(filename) == 0) {
99 fp = fopen(filename,
"w");
103 "Can't create PEM file '%s' in '%s' directory", filename, tls_logfile_base_dir);
104 logging_dir_not_writable++;
110 pemlen = Base64EncodeBufferSize(cert->
cert_len);
117 SCLogWarning(
"Can't allocate data for base64 encoding");
127 if (ret != SC_BASE64_OK) {
128 SCLogWarning(
"Invalid return of Base64Encode function");
137 size_t loffset = pemlen >= 64 ? 64 : pemlen;
138 if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
140 if (fwrite(
"\n", 1, 1, fp) != 1)
154 memcpy(filename + (strlen(filename) - 3),
"meta", 4);
155 fpmeta = fopen(filename,
"w");
156 if (fpmeta != NULL) {
157 #define PRINT_BUF_LEN 46
163 goto end_fwrite_fpmeta;
164 if (fprintf(fpmeta,
"TIME: %s\n", timebuf) < 0)
165 goto end_fwrite_fpmeta;
167 if (fprintf(fpmeta,
"PCAP PKT NUM: %"PRIu64
"\n", p->
pcap_cnt) < 0)
168 goto end_fwrite_fpmeta;
170 if (fprintf(fpmeta,
"SRC IP: %s\n", srcip) < 0)
171 goto end_fwrite_fpmeta;
172 if (fprintf(fpmeta,
"DST IP: %s\n", dstip) < 0)
173 goto end_fwrite_fpmeta;
174 if (fprintf(fpmeta,
"PROTO: %" PRIu32
"\n", p->
proto) < 0)
175 goto end_fwrite_fpmeta;
177 if (fprintf(fpmeta,
"SRC PORT: %" PRIu16
"\n", sp) < 0)
178 goto end_fwrite_fpmeta;
179 if (fprintf(fpmeta,
"DST PORT: %" PRIu16
"\n", dp) < 0)
180 goto end_fwrite_fpmeta;
183 if (fprintf(fpmeta,
"TLS SUBJECT: %s\n"
185 "TLS FINGERPRINT: %s\n",
189 goto end_fwrite_fpmeta;
194 SCLogWarning(
"Can't create meta file '%s' in '%s' directory", filename,
195 tls_logfile_base_dir);
196 logging_dir_not_writable++;
209 logging_dir_not_writable++;
216 logging_dir_not_writable++;
230 void *tx, uint64_t tx_id)
232 if (p->
flow == NULL) {
241 if (ssl_state == NULL) {
242 SCLogDebug(
"no tls state, so no request logging");
259 Flow *f,
void *state,
void *tx, uint64_t tx_id)
262 int ipproto = (
PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
270 LogTlsLogPem(aft, p, ssl_state, ipproto);
276 static TmEcode LogTlsStoreLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
283 if (initdata == NULL) {
284 SCLogDebug(
"Error getting context for LogTLSStore. \"initdata\" argument NULL");
289 struct stat stat_buf;
291 if (stat(tls_logfile_base_dir, &stat_buf) != 0) {
294 ret =
SCMkDir(tls_logfile_base_dir, S_IRWXU|S_IXGRP|S_IRGRP);
298 SCLogError(
"Cannot create certs drop directory %s: %s", tls_logfile_base_dir,
303 SCLogInfo(
"Created certs drop directory %s",
304 tls_logfile_base_dir);
330 static void LogTlsStoreLogExitPrintStats(
ThreadVars *
tv,
void *data)
347 static void LogTlsStoreLogDeInitCtx(
OutputCtx *output_ctx)
363 output_ctx->
data = NULL;
364 output_ctx->
DeInit = LogTlsStoreLogDeInitCtx;
367 const char *s_default_log_dir = NULL;
370 const char *s_base_dir = NULL;
372 if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
374 s_default_log_dir,
sizeof(tls_logfile_base_dir));
378 s_base_dir,
sizeof(tls_logfile_base_dir));
380 snprintf(tls_logfile_base_dir,
sizeof(tls_logfile_base_dir),
381 "%s/%s", s_default_log_dir, s_base_dir);
385 SCLogInfo(
"storing certs in %s", tls_logfile_base_dir);
390 result.
ctx = output_ctx;
398 "tls-store", LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLogger,
399 LogTlsStoreCondition, LogTlsStoreLogThreadInit,
400 LogTlsStoreLogThreadDeinit, LogTlsStoreLogExitPrintStats);