suricata
output-json-dns.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  *
23  * Implements JSON DNS logging portion of the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 #include "util-mem.h"
41 #include "app-layer-parser.h"
42 #include "output.h"
43 #include "app-layer-dns-udp.h"
44 #include "app-layer.h"
45 #include "util-privs.h"
46 #include "util-buffer.h"
47 #include "util-proto-name.h"
48 #include "util-logopenfile.h"
49 #include "util-time.h"
50 
51 #include "output-json.h"
52 #include "output-json-dns.h"
53 
54 #include "rust-dns-log-gen.h"
55 
56 /* we can do query logging as well, but it's disabled for now as the
57  * TX id handling doesn't expect it */
58 #define QUERY 0
59 
60 #define LOG_QUERIES BIT_U64(0)
61 #define LOG_ANSWERS BIT_U64(1)
62 
63 #define LOG_A BIT_U64(2)
64 #define LOG_NS BIT_U64(3)
65 #define LOG_MD BIT_U64(4)
66 #define LOG_MF BIT_U64(5)
67 #define LOG_CNAME BIT_U64(6)
68 #define LOG_SOA BIT_U64(7)
69 #define LOG_MB BIT_U64(8)
70 #define LOG_MG BIT_U64(9)
71 #define LOG_MR BIT_U64(10)
72 #define LOG_NULL BIT_U64(11)
73 #define LOG_WKS BIT_U64(12)
74 #define LOG_PTR BIT_U64(13)
75 #define LOG_HINFO BIT_U64(14)
76 #define LOG_MINFO BIT_U64(15)
77 #define LOG_MX BIT_U64(16)
78 #define LOG_TXT BIT_U64(17)
79 #define LOG_RP BIT_U64(18)
80 #define LOG_AFSDB BIT_U64(19)
81 #define LOG_X25 BIT_U64(20)
82 #define LOG_ISDN BIT_U64(21)
83 #define LOG_RT BIT_U64(22)
84 #define LOG_NSAP BIT_U64(23)
85 #define LOG_NSAPPTR BIT_U64(24)
86 #define LOG_SIG BIT_U64(25)
87 #define LOG_KEY BIT_U64(26)
88 #define LOG_PX BIT_U64(27)
89 #define LOG_GPOS BIT_U64(28)
90 #define LOG_AAAA BIT_U64(29)
91 #define LOG_LOC BIT_U64(30)
92 #define LOG_NXT BIT_U64(31)
93 #define LOG_SRV BIT_U64(32)
94 #define LOG_ATMA BIT_U64(33)
95 #define LOG_NAPTR BIT_U64(34)
96 #define LOG_KX BIT_U64(35)
97 #define LOG_CERT BIT_U64(36)
98 #define LOG_A6 BIT_U64(37)
99 #define LOG_DNAME BIT_U64(38)
100 #define LOG_OPT BIT_U64(39)
101 #define LOG_APL BIT_U64(40)
102 #define LOG_DS BIT_U64(41)
103 #define LOG_SSHFP BIT_U64(42)
104 #define LOG_IPSECKEY BIT_U64(43)
105 #define LOG_RRSIG BIT_U64(44)
106 #define LOG_NSEC BIT_U64(45)
107 #define LOG_DNSKEY BIT_U64(46)
108 #define LOG_DHCID BIT_U64(47)
109 #define LOG_NSEC3 BIT_U64(48)
110 #define LOG_NSEC3PARAM BIT_U64(49)
111 #define LOG_TLSA BIT_U64(50)
112 #define LOG_HIP BIT_U64(51)
113 #define LOG_CDS BIT_U64(52)
114 #define LOG_CDNSKEY BIT_U64(53)
115 #define LOG_SPF BIT_U64(54)
116 #define LOG_TKEY BIT_U64(55)
117 #define LOG_TSIG BIT_U64(56)
118 #define LOG_MAILA BIT_U64(57)
119 #define LOG_ANY BIT_U64(58)
120 #define LOG_URI BIT_U64(59)
121 
122 #define LOG_FORMAT_GROUPED BIT_U64(60)
123 #define LOG_FORMAT_DETAILED BIT_U64(61)
124 
125 #define LOG_FORMAT_ALL (LOG_FORMAT_GROUPED|LOG_FORMAT_DETAILED)
126 #define LOG_ALL_RRTYPES (~(uint64_t)(LOG_QUERIES|LOG_ANSWERS|LOG_FORMAT_DETAILED|LOG_FORMAT_GROUPED))
127 
128 typedef enum {
188 } DnsRRTypes;
189 
190 typedef enum {
193 } DnsVersion;
194 
195 #define DNS_VERSION_DEFAULT DNS_VERSION_2
196 
197 static struct {
198  const char *config_rrtype;
199  uint64_t flags;
200 } dns_rrtype_fields[] = {
201  { "a", LOG_A },
202  { "ns", LOG_NS },
203  { "md", LOG_MD },
204  { "mf", LOG_MF },
205  { "cname", LOG_CNAME },
206  { "soa", LOG_SOA },
207  { "mb", LOG_MB },
208  { "mg", LOG_MG },
209  { "mr", LOG_MR },
210  { "null", LOG_NULL },
211  { "wks", LOG_WKS },
212  { "ptr", LOG_PTR },
213  { "hinfo", LOG_HINFO },
214  { "minfo", LOG_MINFO },
215  { "mx", LOG_MX },
216  { "txt", LOG_TXT },
217  { "rp", LOG_RP },
218  { "afsdb", LOG_AFSDB },
219  { "x25", LOG_X25 },
220  { "isdn", LOG_ISDN },
221  { "rt", LOG_RT },
222  { "nsap", LOG_NSAP },
223  { "nsapptr", LOG_NSAPPTR },
224  { "sig", LOG_SIG },
225  { "key", LOG_KEY },
226  { "px", LOG_PX },
227  { "gpos", LOG_GPOS },
228  { "aaaa", LOG_AAAA },
229  { "loc", LOG_LOC },
230  { "nxt", LOG_NXT },
231  { "srv", LOG_SRV },
232  { "atma", LOG_ATMA },
233  { "naptr", LOG_NAPTR },
234  { "kx", LOG_KX },
235  { "cert", LOG_CERT },
236  { "a6", LOG_A6 },
237  { "dname", LOG_DNAME },
238  { "opt", LOG_OPT },
239  { "apl", LOG_APL },
240  { "ds", LOG_DS },
241  { "sshfp", LOG_SSHFP },
242  { "ipseckey", LOG_IPSECKEY },
243  { "rrsig", LOG_RRSIG },
244  { "nsec", LOG_NSEC },
245  { "dnskey", LOG_DNSKEY },
246  { "dhcid", LOG_DHCID },
247  { "nsec3", LOG_NSEC3 },
248  { "nsec3param", LOG_NSEC3PARAM },
249  { "tlsa", LOG_TLSA },
250  { "hip", LOG_HIP },
251  { "cds", LOG_CDS },
252  { "cdnskey", LOG_CDNSKEY },
253  { "spf", LOG_SPF },
254  { "tkey", LOG_TKEY },
255  { "tsig", LOG_TSIG },
256  { "maila", LOG_MAILA },
257  { "any", LOG_ANY },
258  { "uri", LOG_URI }
259 };
260 
261 typedef struct LogDnsFileCtx_ {
263  uint64_t flags; /** Store mode */
265  OutputJsonCommonSettings cfg;
266 } LogDnsFileCtx;
267 
268 typedef struct LogDnsLogThread_ {
270  /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
271  uint32_t dns_cnt;
272 
275 
276 json_t *JsonDNSLogQuery(void *txptr, uint64_t tx_id)
277 {
278  json_t *queryjs = json_array();
279  if (queryjs == NULL)
280  return NULL;
281 
282  for (uint16_t i = 0; i < UINT16_MAX; i++) {
283  json_t *dns = rs_dns_log_json_query((void *)txptr, i, LOG_ALL_RRTYPES);
284  if (unlikely(dns == NULL)) {
285  break;
286  }
287  json_array_append_new(queryjs, dns);
288  }
289 
290  return queryjs;
291 }
292 
293 json_t *JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
294 {
295  return rs_dns_log_json_answer(txptr, LOG_ALL_RRTYPES);
296 }
297 
298 static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
299  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
300 {
301  SCEnter();
302 
303  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
304  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
305  json_t *js;
306 
307  if (unlikely(dnslog_ctx->flags & LOG_QUERIES) == 0) {
308  return TM_ECODE_OK;
309  }
310 
311  for (uint16_t i = 0; i < 0xffff; i++) {
312  js = CreateJSONHeader(p, LOG_DIR_PACKET, "dns");
313  if (unlikely(js == NULL)) {
314  return TM_ECODE_OK;
315  }
316  JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js);
317 
318  json_t *dns = rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags);
319  if (unlikely(dns == NULL)) {
320  json_decref(js);
321  break;
322  }
323  json_object_set_new(js, "dns", dns);
324  MemBufferReset(td->buffer);
325  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
326  json_decref(js);
327  }
328 
330 }
331 
332 static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
333  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
334 {
335  SCEnter();
336 
337  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
338  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
339 
340  if (unlikely(dnslog_ctx->flags & LOG_ANSWERS) == 0) {
341  return TM_ECODE_OK;
342  }
343 
344  json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "dns");
345  if (unlikely(js == NULL))
346  return TM_ECODE_OK;
347 
348  JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js);
349 
350  if (td->dnslog_ctx->version == DNS_VERSION_2) {
351  json_t *answer = rs_dns_log_json_answer(txptr,
352  td->dnslog_ctx->flags);
353  if (answer != NULL) {
354  json_object_set_new(js, "dns", answer);
355  MemBufferReset(td->buffer);
356  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
357  }
358  } else {
359  /* Log answers. */
360  for (uint16_t i = 0; i < UINT16_MAX; i++) {
361  json_t *answer = rs_dns_log_json_answer_v1(txptr, i,
362  td->dnslog_ctx->flags);
363  if (answer == NULL) {
364  break;
365  }
366  json_object_set_new(js, "dns", answer);
367  MemBufferReset(td->buffer);
368  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
369  json_object_del(js, "dns");
370  }
371  /* Log authorities. */
372  for (uint16_t i = 0; i < UINT16_MAX; i++) {
373  json_t *answer = rs_dns_log_json_authority_v1(txptr, i,
374  td->dnslog_ctx->flags);
375  if (answer == NULL) {
376  break;
377  }
378  json_object_set_new(js, "dns", answer);
379  MemBufferReset(td->buffer);
380  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
381  json_object_del(js, "dns");
382  }
383  }
384 
385  json_decref(js);
386 
388 }
389 
390 #define OUTPUT_BUFFER_SIZE 65536
391 static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
392 {
393  LogDnsLogThread *aft = SCMalloc(sizeof(LogDnsLogThread));
394  if (unlikely(aft == NULL))
395  return TM_ECODE_FAILED;
396  memset(aft, 0, sizeof(LogDnsLogThread));
397 
398  if(initdata == NULL)
399  {
400  SCLogDebug("Error getting context for EveLogDNS. \"initdata\" argument NULL");
401  SCFree(aft);
402  return TM_ECODE_FAILED;
403  }
404 
406  if (aft->buffer == NULL) {
407  SCFree(aft);
408  return TM_ECODE_FAILED;
409  }
410 
411  /* Use the Ouptut Context (file pointer and mutex) */
412  aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
413 
414  *data = (void *)aft;
415  return TM_ECODE_OK;
416 }
417 
418 static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
419 {
420  LogDnsLogThread *aft = (LogDnsLogThread *)data;
421  if (aft == NULL) {
422  return TM_ECODE_OK;
423  }
424 
425  MemBufferFree(aft->buffer);
426  /* clear memory */
427  memset(aft, 0, sizeof(LogDnsLogThread));
428 
429  SCFree(aft);
430  return TM_ECODE_OK;
431 }
432 
433 static void LogDnsLogDeInitCtx(OutputCtx *output_ctx)
434 {
435  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
436  LogFileFreeCtx(dnslog_ctx->file_ctx);
437  SCFree(dnslog_ctx);
438  SCFree(output_ctx);
439 }
440 
441 static void LogDnsLogDeInitCtxSub(OutputCtx *output_ctx)
442 {
443  SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
444  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
445  SCFree(dnslog_ctx);
446  SCFree(output_ctx);
447 }
448 
449 static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
450  const char *query_key, const char *answer_key,
451  const char *answer_types_key)
452 {
453  const char *query = ConfNodeLookupChildValue(conf, query_key);
454  if (query != NULL) {
455  if (ConfValIsTrue(query)) {
456  dnslog_ctx->flags |= LOG_QUERIES;
457  } else {
458  dnslog_ctx->flags &= ~LOG_QUERIES;
459  }
460  } else {
461  if (dnslog_ctx->version == DNS_VERSION_2) {
462  dnslog_ctx->flags |= LOG_QUERIES;
463  }
464  }
465 
466  const char *response = ConfNodeLookupChildValue(conf, answer_key);
467  if (response != NULL) {
468  if (ConfValIsTrue(response)) {
469  dnslog_ctx->flags |= LOG_ANSWERS;
470  } else {
471  dnslog_ctx->flags &= ~LOG_ANSWERS;
472  }
473  } else {
474  if (dnslog_ctx->version == DNS_VERSION_2) {
475  dnslog_ctx->flags |= LOG_ANSWERS;
476  }
477  }
478 
479  ConfNode *custom;
480  if ((custom = ConfNodeLookupChild(conf, answer_types_key)) != NULL) {
481  dnslog_ctx->flags &= ~LOG_ALL_RRTYPES;
482  ConfNode *field;
483  TAILQ_FOREACH(field, &custom->head, next)
484  {
485  if (field != NULL)
486  {
487  DnsRRTypes f;
488  for (f = DNS_RRTYPE_A; f < DNS_RRTYPE_MAX; f++)
489  {
490  if (strcasecmp(dns_rrtype_fields[f].config_rrtype,
491  field->val) == 0)
492  {
493  dnslog_ctx->flags |= dns_rrtype_fields[f].flags;
494  break;
495  }
496  }
497  }
498  }
499  } else {
500  if (dnslog_ctx->version == DNS_VERSION_2) {
501  dnslog_ctx->flags |= LOG_ALL_RRTYPES;
502  }
503  }
504 }
505 
506 static DnsVersion JsonDnsParseVersion(ConfNode *conf)
507 {
508  if (conf == NULL) {
509  return DNS_VERSION_DEFAULT;
510  }
511 
513  intmax_t config_version;
514  if (ConfGetChildValueInt(conf, "version", &config_version)) {
515  switch(config_version) {
516  case 1:
517  version = DNS_VERSION_1;
518  break;
519  case 2:
520  version = DNS_VERSION_2;
521  break;
522  default:
524  "invalid eve-log dns version option: %"PRIuMAX", "
525  "forcing it to version %u",
526  config_version, DNS_VERSION_DEFAULT);
527  version = DNS_VERSION_DEFAULT;
528  break;
529  }
530  } else {
532  "eve-log dns version not found, forcing it to version %u",
534  version = DNS_VERSION_DEFAULT;
535  }
536  return version;
537 }
538 
539 static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
540 {
541  dnslog_ctx->flags = ~0UL;
542 
543  if (conf) {
544  if (dnslog_ctx->version == DNS_VERSION_1) {
545  JsonDnsLogParseConfig(dnslog_ctx, conf, "query", "answer", "custom");
546  } else {
547  JsonDnsLogParseConfig(dnslog_ctx, conf, "requests", "responses", "types");
548 
549  if (dnslog_ctx->flags & LOG_ANSWERS) {
550  ConfNode *format;
551  if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
552  dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
553  ConfNode *field;
554  TAILQ_FOREACH(field, &format->head, next) {
555  if (strcasecmp(field->val, "detailed") == 0) {
556  dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
557  } else if (strcasecmp(field->val, "grouped") == 0) {
558  dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
559  }
560  }
561  } else {
562  dnslog_ctx->flags |= LOG_FORMAT_ALL;
563  }
564  }
565  }
566  }
567 }
568 
569 static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
570 {
571  OutputInitResult result = { NULL, false };
572  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
573  if (enabled != NULL && !ConfValIsTrue(enabled)) {
574  result.ok = true;
575  return result;
576  }
577 
578  DnsVersion version = JsonDnsParseVersion(conf);
579 
580  OutputJsonCtx *ojc = parent_ctx->data;
581 
582  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
583  if (unlikely(dnslog_ctx == NULL)) {
584  return result;
585  }
586  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
587 
588  dnslog_ctx->file_ctx = ojc->file_ctx;
589  dnslog_ctx->cfg = ojc->cfg;
590 
591  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
592  if (unlikely(output_ctx == NULL)) {
593  SCFree(dnslog_ctx);
594  return result;
595  }
596 
597  output_ctx->data = dnslog_ctx;
598  output_ctx->DeInit = LogDnsLogDeInitCtxSub;
599 
600  dnslog_ctx->version = version;
601  JsonDnsLogInitFilters(dnslog_ctx, conf);
602 
603  SCLogDebug("DNS log sub-module initialized");
604 
607 
608  result.ctx = output_ctx;
609  result.ok = true;
610  return result;
611 }
612 
613 #define DEFAULT_LOG_FILENAME "dns.json"
614 /** \brief Create a new dns log LogFileCtx.
615  * \param conf Pointer to ConfNode containing this loggers configuration.
616  * \return NULL if failure, LogFileCtx* to the file_ctx if succesful
617  * */
618 static OutputInitResult JsonDnsLogInitCtx(ConfNode *conf)
619 {
620  OutputInitResult result = { NULL, false };
621  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
622  if (enabled != NULL && !ConfValIsTrue(enabled)) {
623  return result;
624  }
625 
626  DnsVersion version = JsonDnsParseVersion(conf);
627 
629 
630  if(file_ctx == NULL) {
631  SCLogError(SC_ERR_DNS_LOG_GENERIC, "couldn't create new file_ctx");
632  return result;
633  }
634 
635  if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
636  LogFileFreeCtx(file_ctx);
637  return result;
638  }
639 
640  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
641  if (unlikely(dnslog_ctx == NULL)) {
642  LogFileFreeCtx(file_ctx);
643  return result;
644  }
645  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
646 
647  dnslog_ctx->file_ctx = file_ctx;
648 
649  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
650  if (unlikely(output_ctx == NULL)) {
651  LogFileFreeCtx(file_ctx);
652  SCFree(dnslog_ctx);
653  return result;
654  }
655 
656  output_ctx->data = dnslog_ctx;
657  output_ctx->DeInit = LogDnsLogDeInitCtx;
658 
659  dnslog_ctx->version = version;
660  JsonDnsLogInitFilters(dnslog_ctx, conf);
661 
662  SCLogDebug("DNS log output initialized");
663 
666 
667  result.ctx = output_ctx;
668  result.ok = true;
669  return result;
670 }
671 
672 
673 #define MODULE_NAME "JsonDnsLog"
675 {
676  /* Logger for requests. */
678  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer,
679  0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
680 
681  /* Logger for replies. */
683  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient,
684  1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
685 
686  /* Sub-logger for requests. */
688  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
689  JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit,
690  LogDnsLogThreadDeinit, NULL);
691 
692  /* Sub-logger for replies. */
694  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
695  JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit,
696  NULL);
697 }
DnsRRTypes
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition: util-buffer.c:32
#define LOG_MF
#define LOG_PX
#define LOG_TKEY
#define LOG_DHCID
#define LOG_GPOS
#define SCLogDebug(...)
Definition: util-debug.h:335
#define LOG_NXT
#define LOG_NSAP
#define LOG_FORMAT_ALL
#define LOG_MD
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
struct HtpBodyChunk_ * next
#define LOG_SSHFP
#define LOG_SPF
#define DNS_VERSION_DEFAULT
#define LOG_CNAME
#define LOG_HINFO
#define LOG_NSEC3
#define LOG_AFSDB
#define LOG_ALL_RRTYPES
#define LOG_URI
#define LOG_TLSA
#define unlikely(expr)
Definition: util-optimize.h:35
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
Definition: util-buffer.h:42
#define LOG_SIG
#define LOG_PTR
#define LOG_FORMAT_DETAILED
#define LOG_MX
#define LOG_AAAA
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
#define LOG_CDS
#define LOG_CERT
char * val
Definition: conf.h:34
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:815
#define LOG_KX
#define LOG_SRV
#define MODULE_NAME
#define LOG_RP
void JsonDnsLogRegister(void)
#define LOG_NSAPPTR
#define LOG_QUERIES
#define LOG_MG
#define SCCalloc(nm, a)
Definition: util-mem.h:197
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:843
#define LOG_ATMA
#define LOG_MR
#define LOG_LOC
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
struct LogDnsFileCtx_ LogDnsFileCtx
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
#define LOG_NSEC3PARAM
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
Definition: output.c:355
DnsVersion
#define SCEnter(...)
Definition: util-debug.h:337
#define LOG_ANSWERS
#define LOG_NS
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
#define LOG_TXT
LogFileCtx * file_ctx
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
#define LOG_NULL
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Definition: output.c:366
#define SCReturnInt(x)
Definition: util-debug.h:341
#define LOG_FORMAT_GROUPED
#define LOG_MB
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
#define LOG_WKS
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:566
#define LOG_KEY
#define LOG_RRSIG
MemBuffer * buffer
Definition: conf.h:32
OutputCtx * ctx
Definition: output.h:42
#define SCMalloc(a)
Definition: util-mem.h:166
#define LOG_CDNSKEY
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
#define SCFree(a)
Definition: util-mem.h:228
struct LogDnsLogThread_ LogDnsLogThread
uint16_t tx_id
#define DEFAULT_LOG_FILENAME
#define OUTPUT_BUFFER_SIZE
#define LOG_A
void * data
Definition: tm-modules.h:81
#define LOG_MAILA
OutputJsonCommonSettings cfg
#define LOG_DNSKEY
#define LOG_RT
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:469
json_t * JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
#define LOG_NSEC
#define LOG_MINFO
json_t * JsonDNSLogQuery(void *txptr, uint64_t tx_id)
const char * config_rrtype
#define LOG_DS
Per thread variable structure.
Definition: threadvars.h:57
#define LOG_APL
DnsVersion version
#define LOG_NAPTR
#define LOG_DNAME
#define LOG_HIP
Flow data structure.
Definition: flow.h:325
#define LOG_TSIG
#define LOG_OPT
uint64_t flags
#define LOG_A6
#define LOG_ANY
void MemBufferFree(MemBuffer *buffer)
Definition: util-buffer.c:82
#define LOG_IPSECKEY
LogDnsFileCtx * dnslog_ctx
#define LOG_ISDN
#define LOG_SOA
#define LOG_X25