Go to the documentation of this file.
57 #define MODULE_NAME "LogTlsStoreLog"
59 static char tls_logfile_base_dir[PATH_MAX] =
"/tmp";
61 static char logging_dir_not_writable;
63 #define LOGGING_WRITE_ISSUE_LIMIT 6
72 static int CreateFileName(
const Packet *p,
SSLState *state,
char *filename,
size_t filename_size)
80 if (snprintf(path,
sizeof(path),
"%s/%ld.%ld-%d.pem",
82 (
long int)p->
ts.tv_sec,
83 (
long int)p->
ts.tv_usec,
84 file_id) ==
sizeof(path))
87 strlcpy(filename, path, filename_size);
93 #define PEMHEADER "-----BEGIN CERTIFICATE-----\n"
94 #define PEMFOOTER "-----END CERTIFICATE-----\n"
96 char filename[PATH_MAX] =
"";
100 unsigned char* pembase64ptr = NULL;
108 CreateFileName(p, state, filename,
sizeof(filename));
109 if (strlen(filename) == 0) {
114 fp = fopen(filename,
"w");
118 "Can't create PEM file '%s' in '%s' directory",
119 filename, tls_logfile_base_dir);
120 logging_dir_not_writable++;
153 size_t loffset = pemlen >= 64 ? 64 : pemlen;
154 if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
156 if (fwrite(
"\n", 1, 1, fp) != 1)
170 memcpy(filename + (strlen(filename) - 3),
"meta", 4);
171 fpmeta = fopen(filename,
"w");
172 if (fpmeta != NULL) {
173 #define PRINT_BUF_LEN 46
179 goto end_fwrite_fpmeta;
180 if (fprintf(fpmeta,
"TIME: %s\n", timebuf) < 0)
181 goto end_fwrite_fpmeta;
183 if (fprintf(fpmeta,
"PCAP PKT NUM: %"PRIu64
"\n", p->
pcap_cnt) < 0)
184 goto end_fwrite_fpmeta;
186 if (fprintf(fpmeta,
"SRC IP: %s\n", srcip) < 0)
187 goto end_fwrite_fpmeta;
188 if (fprintf(fpmeta,
"DST IP: %s\n", dstip) < 0)
189 goto end_fwrite_fpmeta;
190 if (fprintf(fpmeta,
"PROTO: %" PRIu32
"\n", p->
proto) < 0)
191 goto end_fwrite_fpmeta;
193 if (fprintf(fpmeta,
"SRC PORT: %" PRIu16
"\n", sp) < 0)
194 goto end_fwrite_fpmeta;
195 if (fprintf(fpmeta,
"DST PORT: %" PRIu16
"\n", dp) < 0)
196 goto end_fwrite_fpmeta;
199 if (fprintf(fpmeta,
"TLS SUBJECT: %s\n"
201 "TLS FINGERPRINT: %s\n",
205 goto end_fwrite_fpmeta;
211 "Can't create meta file '%s' in '%s' directory",
212 filename, tls_logfile_base_dir);
213 logging_dir_not_writable++;
226 logging_dir_not_writable++;
233 logging_dir_not_writable++;
247 void *tx, uint64_t tx_id)
249 if (p->
flow == NULL) {
258 if (ssl_state == NULL) {
259 SCLogDebug(
"no tls state, so no request logging");
276 Flow *f,
void *state,
void *tx, uint64_t tx_id)
279 int ipproto = (
PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
287 LogTlsLogPem(aft, p, ssl_state, ipproto);
293 static TmEcode LogTlsStoreLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
300 if (initdata == NULL) {
301 SCLogDebug(
"Error getting context for LogTLSStore. \"initdata\" argument NULL");
306 struct stat stat_buf;
308 if (stat(tls_logfile_base_dir, &stat_buf) != 0) {
311 ret =
SCMkDir(tls_logfile_base_dir, S_IRWXU|S_IXGRP|S_IRGRP);
316 "Cannot create certs drop directory %s: %s",
317 tls_logfile_base_dir, strerror(err));
321 SCLogInfo(
"Created certs drop directory %s",
322 tls_logfile_base_dir);
348 static void LogTlsStoreLogExitPrintStats(
ThreadVars *
tv,
void *data)
365 static void LogTlsStoreLogDeInitCtx(
OutputCtx *output_ctx)
381 output_ctx->
data = NULL;
382 output_ctx->
DeInit = LogTlsStoreLogDeInitCtx;
385 const char *s_default_log_dir = NULL;
388 const char *s_base_dir = NULL;
390 if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
392 s_default_log_dir,
sizeof(tls_logfile_base_dir));
396 s_base_dir,
sizeof(tls_logfile_base_dir));
398 snprintf(tls_logfile_base_dir,
sizeof(tls_logfile_base_dir),
399 "%s/%s", s_default_log_dir, s_base_dir);
403 SCLogInfo(
"storing certs in %s", tls_logfile_base_dir);
408 result.
ctx = output_ctx;
416 "tls-store", LogTlsStoreLogInitCtx,
ALPROTO_TLS, LogTlsStoreLogger,
417 LogTlsStoreCondition, LogTlsStoreLogThreadInit,
418 LogTlsStoreLogThreadDeinit, LogTlsStoreLogExitPrintStats);
void LogTlsStoreRegister(void)
SSLv[2.0|3.[0|1|2|3]] state structure.
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
struct HtpBodyChunk_ * next
SSLStateConnp server_connp
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
#define TAILQ_EMPTY(head)
#define TAILQ_FOREACH(var, head, field)
@ SC_ERR_INVALID_ARGUMENTS
size_t strlcpy(char *dst, const char *src, size_t siz)
int Base64Encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen)
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Per thread variable structure.
struct LogTlsStoreLogThread_ LogTlsStoreLogThread
void CreateTimeString(const struct timeval *ts, char *str, size_t size)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define SCRealloc(ptr, sz)
void(* DeInit)(struct OutputCtx_ *)
int PathIsAbsolute(const char *path)
Check if a path is absolute.
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int TLSGetIPInformations(const Packet *p, char *srcip, size_t srcip_len, Port *sp, char *dstip, size_t dstip_len, Port *dp, int ipproto)
const char * ConfigGetLogDirectory()
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
#define SCReturnCT(x, type)
#define BASE64_BUFFER_SIZE(x)
#define LOGGING_WRITE_ISSUE_LIMIT
SC_ATOMIC_DECLARE(unsigned int, cert_id)
void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with condition.
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.