44 #define MODULE_NAME "LogTlsStoreLog"
46 static char tls_logfile_base_dir[PATH_MAX] =
"/tmp";
48 static char logging_dir_not_writable;
50 #define LOGGING_WRITE_ISSUE_LIMIT 6
59 static int CreateFileName(
60 const Packet *p,
SSLState *state,
char *filename,
size_t filename_size,
const bool client)
65 const char *dir = client ?
"client-" :
"";
70 if (snprintf(path,
sizeof(path),
"%s/%s%ld.%ld-%d.pem", tls_logfile_base_dir, dir,
72 file_id) ==
sizeof(path))
75 strlcpy(filename, path, filename_size);
82 #define PEMHEADER "-----BEGIN CERTIFICATE-----\n"
83 #define PEMFOOTER "-----END CERTIFICATE-----\n"
85 char filename[PATH_MAX] =
"";
89 unsigned char* pembase64ptr = NULL;
99 CreateFileName(p, state, filename,
sizeof(filename), client);
100 if (strlen(filename) == 0) {
105 fp = fopen(filename,
"w");
109 "Can't create PEM file '%s' in '%s' directory", filename, tls_logfile_base_dir);
110 logging_dir_not_writable++;
116 pemlen = Base64EncodeBufferSize(cert->
cert_len);
123 SCLogWarning(
"Can't allocate data for base64 encoding");
133 if (ret != SC_BASE64_OK) {
134 SCLogWarning(
"Invalid return of Base64Encode function");
143 size_t loffset = pemlen >= 64 ? 64 : pemlen;
144 if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
146 if (fwrite(
"\n", 1, 1, fp) != 1)
160 memcpy(filename + (strlen(filename) - 3),
"meta", 4);
161 fpmeta = fopen(filename,
"w");
162 if (fpmeta != NULL) {
163 #define PRINT_BUF_LEN 46
169 goto end_fwrite_fpmeta;
170 if (fprintf(fpmeta,
"TIME: %s\n", timebuf) < 0)
171 goto end_fwrite_fpmeta;
173 if (fprintf(fpmeta,
"PCAP PKT NUM: %"PRIu64
"\n", p->
pcap_cnt) < 0)
174 goto end_fwrite_fpmeta;
176 if (fprintf(fpmeta,
"SRC IP: %s\n", srcip) < 0)
177 goto end_fwrite_fpmeta;
178 if (fprintf(fpmeta,
"DST IP: %s\n", dstip) < 0)
179 goto end_fwrite_fpmeta;
180 if (fprintf(fpmeta,
"PROTO: %" PRIu32
"\n", p->
proto) < 0)
181 goto end_fwrite_fpmeta;
182 if (PacketIsTCP(p) || PacketIsUDP(p)) {
183 if (fprintf(fpmeta,
"SRC PORT: %" PRIu16
"\n", sp) < 0)
184 goto end_fwrite_fpmeta;
185 if (fprintf(fpmeta,
"DST PORT: %" PRIu16
"\n", dp) < 0)
186 goto end_fwrite_fpmeta;
192 "TLS FINGERPRINT: %s\n",
194 goto end_fwrite_fpmeta;
199 SCLogWarning(
"Can't create meta file '%s' in '%s' directory", filename,
200 tls_logfile_base_dir);
201 logging_dir_not_writable++;
214 logging_dir_not_writable++;
221 logging_dir_not_writable++;
234 static bool LogTlsStoreCondition(
237 if (p->
flow == NULL) {
241 if (!(PacketIsTCP(p))) {
246 if (ssl_state == NULL) {
247 SCLogDebug(
"no tls state, so no request logging");
265 static bool LogTlsStoreConditionClient(
268 if (p->
flow == NULL) {
272 if (!(PacketIsTCP(p))) {
277 if (ssl_state == NULL) {
278 SCLogDebug(
"no tls state, so no request logging");
297 void *state,
void *tx, uint64_t tx_id)
300 int ipproto = (PacketIsIPv4(p)) ? AF_INET : AF_INET6;
309 LogTlsLogPem(aft, p, ssl_state, connp, ipproto);
316 void *state,
void *tx, uint64_t tx_id)
319 int ipproto = (PacketIsIPv4(p)) ? AF_INET : AF_INET6;
328 LogTlsLogPem(aft, p, ssl_state, connp, ipproto);
334 static TmEcode LogTlsStoreLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
340 if (initdata == NULL) {
341 SCLogDebug(
"Error getting context for LogTLSStore. \"initdata\" argument NULL");
346 struct stat stat_buf;
348 if (stat(tls_logfile_base_dir, &stat_buf) != 0) {
351 ret =
SCMkDir(tls_logfile_base_dir, S_IRWXU|S_IXGRP|S_IRGRP);
355 SCLogError(
"Cannot create certs drop directory %s: %s", tls_logfile_base_dir,
360 SCLogInfo(
"Created certs drop directory %s",
361 tls_logfile_base_dir);
387 static void LogTlsStoreLogExitPrintStats(
ThreadVars *
tv,
void *data)
404 static void LogTlsStoreLogDeInitCtx(
OutputCtx *output_ctx)
420 output_ctx->
data = NULL;
421 output_ctx->
DeInit = LogTlsStoreLogDeInitCtx;
425 if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
427 s_default_log_dir,
sizeof(tls_logfile_base_dir));
431 s_base_dir,
sizeof(tls_logfile_base_dir));
433 snprintf(tls_logfile_base_dir,
sizeof(tls_logfile_base_dir),
434 "%s/%s", s_default_log_dir, s_base_dir);
438 SCLogInfo(
"storing certs in %s", tls_logfile_base_dir);
443 result.
ctx = output_ctx;
451 "tls-store", LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLogger,
452 LogTlsStoreCondition, LogTlsStoreLogThreadInit,
453 LogTlsStoreLogThreadDeinit, LogTlsStoreLogExitPrintStats);
456 LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLoggerClient, LogTlsStoreConditionClient,
457 LogTlsStoreLogThreadInit, LogTlsStoreLogThreadDeinit, LogTlsStoreLogExitPrintStats);