suricata
output-json-dns.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  *
23  * Implements JSON DNS logging portion of the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "conf.h"
28 
29 #include "threadvars.h"
30 
31 #include "util-debug.h"
32 #include "util-mem.h"
33 #include "app-layer-parser.h"
34 #include "output.h"
35 
36 #include "output-json.h"
37 #include "output-json-dns.h"
38 #include "rust.h"
39 
40 #define LOG_QUERIES BIT_U64(0)
41 #define LOG_ANSWERS BIT_U64(1)
42 
43 #define LOG_A BIT_U64(2)
44 #define LOG_NS BIT_U64(3)
45 #define LOG_MD BIT_U64(4)
46 #define LOG_MF BIT_U64(5)
47 #define LOG_CNAME BIT_U64(6)
48 #define LOG_SOA BIT_U64(7)
49 #define LOG_MB BIT_U64(8)
50 #define LOG_MG BIT_U64(9)
51 #define LOG_MR BIT_U64(10)
52 #define LOG_NULL BIT_U64(11)
53 #define LOG_WKS BIT_U64(12)
54 #define LOG_PTR BIT_U64(13)
55 #define LOG_HINFO BIT_U64(14)
56 #define LOG_MINFO BIT_U64(15)
57 #define LOG_MX BIT_U64(16)
58 #define LOG_TXT BIT_U64(17)
59 #define LOG_RP BIT_U64(18)
60 #define LOG_AFSDB BIT_U64(19)
61 #define LOG_X25 BIT_U64(20)
62 #define LOG_ISDN BIT_U64(21)
63 #define LOG_RT BIT_U64(22)
64 #define LOG_NSAP BIT_U64(23)
65 #define LOG_NSAPPTR BIT_U64(24)
66 #define LOG_SIG BIT_U64(25)
67 #define LOG_KEY BIT_U64(26)
68 #define LOG_PX BIT_U64(27)
69 #define LOG_GPOS BIT_U64(28)
70 #define LOG_AAAA BIT_U64(29)
71 #define LOG_LOC BIT_U64(30)
72 #define LOG_NXT BIT_U64(31)
73 #define LOG_SRV BIT_U64(32)
74 #define LOG_ATMA BIT_U64(33)
75 #define LOG_NAPTR BIT_U64(34)
76 #define LOG_KX BIT_U64(35)
77 #define LOG_CERT BIT_U64(36)
78 #define LOG_A6 BIT_U64(37)
79 #define LOG_DNAME BIT_U64(38)
80 #define LOG_OPT BIT_U64(39)
81 #define LOG_APL BIT_U64(40)
82 #define LOG_DS BIT_U64(41)
83 #define LOG_SSHFP BIT_U64(42)
84 #define LOG_IPSECKEY BIT_U64(43)
85 #define LOG_RRSIG BIT_U64(44)
86 #define LOG_NSEC BIT_U64(45)
87 #define LOG_DNSKEY BIT_U64(46)
88 #define LOG_DHCID BIT_U64(47)
89 #define LOG_NSEC3 BIT_U64(48)
90 #define LOG_NSEC3PARAM BIT_U64(49)
91 #define LOG_TLSA BIT_U64(50)
92 #define LOG_HIP BIT_U64(51)
93 #define LOG_CDS BIT_U64(52)
94 #define LOG_CDNSKEY BIT_U64(53)
95 #define LOG_SPF BIT_U64(54)
96 #define LOG_TKEY BIT_U64(55)
97 #define LOG_TSIG BIT_U64(56)
98 #define LOG_MAILA BIT_U64(57)
99 #define LOG_ANY BIT_U64(58)
100 #define LOG_URI BIT_U64(59)
101 
102 #define LOG_FORMAT_GROUPED BIT_U64(60)
103 #define LOG_FORMAT_DETAILED BIT_U64(61)
104 #define LOG_HTTPS BIT_U64(62)
105 
106 #define LOG_FORMAT_ALL (LOG_FORMAT_GROUPED|LOG_FORMAT_DETAILED)
107 #define LOG_ALL_RRTYPES (~(uint64_t)(LOG_QUERIES|LOG_ANSWERS|LOG_FORMAT_DETAILED|LOG_FORMAT_GROUPED))
108 
109 typedef enum {
170 } DnsRRTypes;
171 
172 static struct {
173  const char *config_rrtype;
174  uint64_t flags;
175 } dns_rrtype_fields[] = {
176  // clang-format off
177  { "a", LOG_A },
178  { "ns", LOG_NS },
179  { "md", LOG_MD },
180  { "mf", LOG_MF },
181  { "cname", LOG_CNAME },
182  { "soa", LOG_SOA },
183  { "mb", LOG_MB },
184  { "mg", LOG_MG },
185  { "mr", LOG_MR },
186  { "null", LOG_NULL },
187  { "wks", LOG_WKS },
188  { "ptr", LOG_PTR },
189  { "hinfo", LOG_HINFO },
190  { "minfo", LOG_MINFO },
191  { "mx", LOG_MX },
192  { "txt", LOG_TXT },
193  { "rp", LOG_RP },
194  { "afsdb", LOG_AFSDB },
195  { "x25", LOG_X25 },
196  { "isdn", LOG_ISDN },
197  { "rt", LOG_RT },
198  { "nsap", LOG_NSAP },
199  { "nsapptr", LOG_NSAPPTR },
200  { "sig", LOG_SIG },
201  { "key", LOG_KEY },
202  { "px", LOG_PX },
203  { "gpos", LOG_GPOS },
204  { "aaaa", LOG_AAAA },
205  { "loc", LOG_LOC },
206  { "nxt", LOG_NXT },
207  { "srv", LOG_SRV },
208  { "atma", LOG_ATMA },
209  { "naptr", LOG_NAPTR },
210  { "kx", LOG_KX },
211  { "cert", LOG_CERT },
212  { "a6", LOG_A6 },
213  { "dname", LOG_DNAME },
214  { "opt", LOG_OPT },
215  { "apl", LOG_APL },
216  { "ds", LOG_DS },
217  { "sshfp", LOG_SSHFP },
218  { "ipseckey", LOG_IPSECKEY },
219  { "rrsig", LOG_RRSIG },
220  { "nsec", LOG_NSEC },
221  { "dnskey", LOG_DNSKEY },
222  { "dhcid", LOG_DHCID },
223  { "nsec3", LOG_NSEC3 },
224  { "nsec3param", LOG_NSEC3PARAM },
225  { "tlsa", LOG_TLSA },
226  { "hip", LOG_HIP },
227  { "cds", LOG_CDS },
228  { "cdnskey", LOG_CDNSKEY },
229  { "https", LOG_HTTPS },
230  { "spf", LOG_SPF },
231  { "tkey", LOG_TKEY },
232  { "tsig", LOG_TSIG },
233  { "maila", LOG_MAILA },
234  { "any", LOG_ANY },
235  { "uri", LOG_URI }
236  // clang-format on
237 };
238 
239 typedef struct LogDnsFileCtx_ {
240  uint64_t flags; /** Store mode */
243 
244 typedef struct LogDnsLogThread_ {
248 
249 static JsonBuilder *JsonDNSLogQuery(void *txptr)
250 {
251  JsonBuilder *queryjb = jb_new_array();
252  if (queryjb == NULL) {
253  return NULL;
254  }
255  bool has_query = false;
256 
257  for (uint16_t i = 0; i < UINT16_MAX; i++) {
258  JsonBuilder *js = jb_new_object();
259  if (!SCDnsLogJsonQuery((void *)txptr, i, LOG_ALL_RRTYPES, js)) {
260  jb_free(js);
261  break;
262  }
263  jb_close(js);
264  has_query = true;
265  jb_append_object(queryjb, js);
266  jb_free(js);
267  }
268 
269  if (!has_query) {
270  jb_free(queryjb);
271  return NULL;
272  }
273 
274  jb_close(queryjb);
275  return queryjb;
276 }
277 
278 static JsonBuilder *JsonDNSLogAnswer(void *txptr)
279 {
280  if (!SCDnsLogAnswerEnabled(txptr, LOG_ALL_RRTYPES)) {
281  return NULL;
282  } else {
283  JsonBuilder *js = jb_new_object();
284  SCDnsLogJsonAnswer(txptr, LOG_ALL_RRTYPES, js);
285  jb_close(js);
286  return js;
287  }
288 }
289 
290 bool AlertJsonDns(void *txptr, JsonBuilder *js)
291 {
292  bool r = false;
293  jb_open_object(js, "dns");
294  JsonBuilder *qjs = JsonDNSLogQuery(txptr);
295  if (qjs != NULL) {
296  jb_set_object(js, "query", qjs);
297  jb_free(qjs);
298  r = true;
299  }
300  JsonBuilder *ajs = JsonDNSLogAnswer(txptr);
301  if (ajs != NULL) {
302  jb_set_object(js, "answer", ajs);
303  jb_free(ajs);
304  r = true;
305  }
306  jb_close(js);
307  return r;
308 }
309 
310 static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
311  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
312 {
313  SCEnter();
314 
315  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
316  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
317 
318  if (unlikely(dnslog_ctx->flags & LOG_QUERIES) == 0) {
319  return TM_ECODE_OK;
320  }
321 
322  for (uint16_t i = 0; i < 0xffff; i++) {
323  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
324  if (unlikely(jb == NULL)) {
325  return TM_ECODE_OK;
326  }
327 
328  jb_open_object(jb, "dns");
329  if (!SCDnsLogJsonQuery(txptr, i, td->dnslog_ctx->flags, jb)) {
330  jb_free(jb);
331  break;
332  }
333  jb_close(jb);
334 
335  OutputJsonBuilderBuffer(jb, td->ctx);
336  jb_free(jb);
337  }
338 
340 }
341 
342 static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
343  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
344 {
345  SCEnter();
346 
347  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
348  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
349 
350  if (unlikely(dnslog_ctx->flags & LOG_ANSWERS) == 0) {
351  return TM_ECODE_OK;
352  }
353 
354  if (SCDnsLogAnswerEnabled(txptr, td->dnslog_ctx->flags)) {
355  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
356  if (unlikely(jb == NULL)) {
357  return TM_ECODE_OK;
358  }
359 
360  jb_open_object(jb, "dns");
361  SCDnsLogJsonAnswer(txptr, td->dnslog_ctx->flags, jb);
362  jb_close(jb);
363  OutputJsonBuilderBuffer(jb, td->ctx);
364  jb_free(jb);
365  }
366 
368 }
369 
370 static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate,
371  void *txptr, uint64_t tx_id)
372 {
373  if (SCDnsTxIsRequest(txptr)) {
374  return JsonDnsLoggerToServer(tv, thread_data, p, f, alstate, txptr, tx_id);
375  } else if (SCDnsTxIsResponse(txptr)) {
376  return JsonDnsLoggerToClient(tv, thread_data, p, f, alstate, txptr, tx_id);
377  }
378  return TM_ECODE_OK;
379 }
380 
381 static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
382 {
383  LogDnsLogThread *aft = SCCalloc(1, sizeof(LogDnsLogThread));
384  if (unlikely(aft == NULL))
385  return TM_ECODE_FAILED;
386 
387  if(initdata == NULL)
388  {
389  SCLogDebug("Error getting context for EveLogDNS. \"initdata\" argument NULL");
390  goto error_exit;
391  }
392 
393  /* Use the Output Context (file pointer and mutex) */
394  aft->dnslog_ctx = ((OutputCtx *)initdata)->data;
395  aft->ctx = CreateEveThreadCtx(t, aft->dnslog_ctx->eve_ctx);
396  if (!aft->ctx) {
397  goto error_exit;
398  }
399 
400  *data = (void *)aft;
401  return TM_ECODE_OK;
402 
403 error_exit:
404  SCFree(aft);
405  return TM_ECODE_FAILED;
406 }
407 
408 static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
409 {
410  LogDnsLogThread *aft = (LogDnsLogThread *)data;
411  if (aft == NULL) {
412  return TM_ECODE_OK;
413  }
414  FreeEveThreadCtx(aft->ctx);
415 
416  /* clear memory */
417  memset(aft, 0, sizeof(LogDnsLogThread));
418 
419  SCFree(aft);
420  return TM_ECODE_OK;
421 }
422 
423 static void LogDnsLogDeInitCtxSub(OutputCtx *output_ctx)
424 {
425  SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
426  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
427  SCFree(dnslog_ctx);
428  SCFree(output_ctx);
429 }
430 
431 static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
432  const char *query_key, const char *answer_key,
433  const char *answer_types_key)
434 {
435  const char *query = ConfNodeLookupChildValue(conf, query_key);
436  if (query != NULL) {
437  if (ConfValIsTrue(query)) {
438  dnslog_ctx->flags |= LOG_QUERIES;
439  } else {
440  dnslog_ctx->flags &= ~LOG_QUERIES;
441  }
442  } else {
443  dnslog_ctx->flags |= LOG_QUERIES;
444  }
445 
446  const char *response = ConfNodeLookupChildValue(conf, answer_key);
447  if (response != NULL) {
448  if (ConfValIsTrue(response)) {
449  dnslog_ctx->flags |= LOG_ANSWERS;
450  } else {
451  dnslog_ctx->flags &= ~LOG_ANSWERS;
452  }
453  } else {
454  dnslog_ctx->flags |= LOG_ANSWERS;
455  }
456 
457  ConfNode *custom;
458  if ((custom = ConfNodeLookupChild(conf, answer_types_key)) != NULL) {
459  dnslog_ctx->flags &= ~LOG_ALL_RRTYPES;
460  ConfNode *field;
461  TAILQ_FOREACH (field, &custom->head, next) {
462  DnsRRTypes f;
463  for (f = DNS_RRTYPE_A; f < DNS_RRTYPE_MAX; f++) {
464  if (strcasecmp(dns_rrtype_fields[f].config_rrtype, field->val) == 0) {
465  dnslog_ctx->flags |= dns_rrtype_fields[f].flags;
466  break;
467  }
468  }
469  }
470  } else {
471  dnslog_ctx->flags |= LOG_ALL_RRTYPES;
472  }
473 }
474 
475 static void JsonDnsCheckVersion(ConfNode *conf)
476 {
477  if (conf == NULL) {
478  return;
479  }
480 
481  static bool v1_deprecation_warned = false;
482  const ConfNode *has_version = ConfNodeLookupChild(conf, "version");
483  if (has_version != NULL) {
484  bool invalid = false;
485  intmax_t config_version;
486  if (ConfGetChildValueInt(conf, "version", &config_version)) {
487  switch(config_version) {
488  case 2:
489  break;
490  case 1:
491  if (!v1_deprecation_warned) {
492  SCLogWarning("DNS EVE v1 logging has been removed, will use v2");
493  v1_deprecation_warned = true;
494  }
495  break;
496  default:
497  invalid = true;
498  break;
499  }
500  } else {
501  invalid = true;
502  }
503  if (invalid) {
504  SCLogWarning("Invalid EVE DNS version \"%s\", will use v2", has_version->val);
505  }
506  }
507 }
508 
509 static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
510 {
511  dnslog_ctx->flags = ~0ULL;
512 
513  if (conf) {
514  JsonDnsLogParseConfig(dnslog_ctx, conf, "requests", "responses", "types");
515  if (dnslog_ctx->flags & LOG_ANSWERS) {
516  ConfNode *format;
517  if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
518  uint64_t flags = 0;
519  ConfNode *field;
520  TAILQ_FOREACH (field, &format->head, next) {
521  if (strcasecmp(field->val, "detailed") == 0) {
523  } else if (strcasecmp(field->val, "grouped") == 0) {
525  } else {
526  SCLogWarning("Invalid JSON DNS log format: %s", field->val);
527  }
528  }
529  if (flags) {
530  dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
531  dnslog_ctx->flags |= flags;
532  } else {
533  SCLogWarning("Empty EVE DNS format array, using defaults");
534  }
535  } else {
536  dnslog_ctx->flags |= LOG_FORMAT_ALL;
537  }
538  }
539  }
540 }
541 
542 static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
543 {
544  OutputInitResult result = { NULL, false };
545  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
546  if (enabled != NULL && !ConfValIsTrue(enabled)) {
547  result.ok = true;
548  return result;
549  }
550 
551  /* As only a single version of logging is supported, this exists to warn about
552  * unsupported versions. */
553  JsonDnsCheckVersion(conf);
554 
555  OutputJsonCtx *ojc = parent_ctx->data;
556 
557  LogDnsFileCtx *dnslog_ctx = SCCalloc(1, sizeof(LogDnsFileCtx));
558  if (unlikely(dnslog_ctx == NULL)) {
559  return result;
560  }
561 
562  dnslog_ctx->eve_ctx = ojc;
563 
564  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
565  if (unlikely(output_ctx == NULL)) {
566  SCFree(dnslog_ctx);
567  return result;
568  }
569 
570  output_ctx->data = dnslog_ctx;
571  output_ctx->DeInit = LogDnsLogDeInitCtxSub;
572 
573  JsonDnsLogInitFilters(dnslog_ctx, conf);
574 
575  SCLogDebug("DNS log sub-module initialized");
576 
579 
580  result.ctx = output_ctx;
581  result.ok = true;
582  return result;
583 }
584 
585 
586 #define MODULE_NAME "JsonDnsLog"
588 {
589  OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", MODULE_NAME, "eve-log.dns",
590  JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLogger, LogDnsLogThreadInit,
591  LogDnsLogThreadDeinit, NULL);
592 }
DNS_RRTYPE_PX
@ DNS_RRTYPE_PX
Definition: output-json-dns.c:135
ConfGetChildValueInt
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:434
DNS_RRTYPE_AAAA
@ DNS_RRTYPE_AAAA
Definition: output-json-dns.c:137
DNS_RRTYPE_GPOS
@ DNS_RRTYPE_GPOS
Definition: output-json-dns.c:136
LOG_MR
#define LOG_MR
Definition: output-json-dns.c:51
DNS_RRTYPE_TKEY
@ DNS_RRTYPE_TKEY
Definition: output-json-dns.c:164
DNS_RRTYPE_ANY
@ DNS_RRTYPE_ANY
Definition: output-json-dns.c:167
LOG_NULL
#define LOG_NULL
Definition: output-json-dns.c:52
LOG_NSEC3PARAM
#define LOG_NSEC3PARAM
Definition: output-json-dns.c:90
DNS_RRTYPE_OPT
@ DNS_RRTYPE_OPT
Definition: output-json-dns.c:147
LOG_NSEC
#define LOG_NSEC
Definition: output-json-dns.c:86
LOG_RP
#define LOG_RP
Definition: output-json-dns.c:59
LOG_GPOS
#define LOG_GPOS
Definition: output-json-dns.c:69
DNS_RRTYPE_NULL
@ DNS_RRTYPE_NULL
Definition: output-json-dns.c:119
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
MODULE_NAME
#define MODULE_NAME
Definition: output-json-dns.c:586
DNS_RRTYPE_MX
@ DNS_RRTYPE_MX
Definition: output-json-dns.c:124
ConfNode_::val
char * val
Definition: conf.h:34
DNS_RRTYPE_HIP
@ DNS_RRTYPE_HIP
Definition: output-json-dns.c:159
LOG_NXT
#define LOG_NXT
Definition: output-json-dns.c:72
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
DNS_RRTYPE_LOC
@ DNS_RRTYPE_LOC
Definition: output-json-dns.c:138
LOG_TLSA
#define LOG_TLSA
Definition: output-json-dns.c:91
DNS_RRTYPE_NS
@ DNS_RRTYPE_NS
Definition: output-json-dns.c:111
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DNS_RRTYPE_MAX
@ DNS_RRTYPE_MAX
Definition: output-json-dns.c:169
FreeEveThreadCtx
void FreeEveThreadCtx(OutputJsonThreadCtx *ctx)
Definition: output-json-common.c:58
DNS_RRTYPE_X25
@ DNS_RRTYPE_X25
Definition: output-json-dns.c:128
DnsRRTypes
DnsRRTypes
Definition: output-json-dns.c:109
LOG_TKEY
#define LOG_TKEY
Definition: output-json-dns.c:96
OutputJsonCtx_
Definition: output-json.h:81
Flow_
Flow data structure.
Definition: flow.h:356
DNS_RRTYPE_TSIG
@ DNS_RRTYPE_TSIG
Definition: output-json-dns.c:165
DNS_RRTYPE_HTTPS
@ DNS_RRTYPE_HTTPS
Definition: output-json-dns.c:162
LOG_LOC
#define LOG_LOC
Definition: output-json-dns.c:71
OutputJsonBuilderBuffer
int OutputJsonBuilderBuffer(JsonBuilder *js, OutputJsonThreadCtx *ctx)
Definition: output-json.c:931
LOG_TSIG
#define LOG_TSIG
Definition: output-json-dns.c:97
LOG_APL
#define LOG_APL
Definition: output-json-dns.c:81
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
CreateEveThreadCtx
OutputJsonThreadCtx * CreateEveThreadCtx(ThreadVars *t, OutputJsonCtx *ctx)
Definition: output-json-common.c:29
LOG_DNSKEY
#define LOG_DNSKEY
Definition: output-json-dns.c:87
rust.h
DNS_RRTYPE_DHCID
@ DNS_RRTYPE_DHCID
Definition: output-json-dns.c:155
LOG_DNAME
#define LOG_DNAME
Definition: output-json-dns.c:79
LOG_ANSWERS
#define LOG_ANSWERS
Definition: output-json-dns.c:41
LOG_NSEC3
#define LOG_NSEC3
Definition: output-json-dns.c:89
LOG_DS
#define LOG_DS
Definition: output-json-dns.c:82
LOG_MAILA
#define LOG_MAILA
Definition: output-json-dns.c:98
LOG_NS
#define LOG_NS
Definition: output-json-dns.c:44
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
LOG_CERT
#define LOG_CERT
Definition: output-json-dns.c:77
DNS_RRTYPE_SPF
@ DNS_RRTYPE_SPF
Definition: output-json-dns.c:163
DNS_RRTYPE_WKS
@ DNS_RRTYPE_WKS
Definition: output-json-dns.c:120
LogDnsFileCtx_::flags
uint64_t flags
Definition: output-json-dns.c:240
LOG_MD
#define LOG_MD
Definition: output-json-dns.c:45
LOG_SOA
#define LOG_SOA
Definition: output-json-dns.c:48
LOG_NAPTR
#define LOG_NAPTR
Definition: output-json-dns.c:75
LOG_WKS
#define LOG_WKS
Definition: output-json-dns.c:53
LOG_CDS
#define LOG_CDS
Definition: output-json-dns.c:93
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:537
OutputCtx_::data
void * data
Definition: tm-modules.h:88
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
OutputCtx_
Definition: tm-modules.h:85
LOG_URI
#define LOG_URI
Definition: output-json-dns.c:100
LOG_SRV
#define LOG_SRV
Definition: output-json-dns.c:73
OutputJsonThreadCtx_
Definition: output-json.h:89
LOG_HINFO
#define LOG_HINFO
Definition: output-json-dns.c:55
DNS_RRTYPE_URI
@ DNS_RRTYPE_URI
Definition: output-json-dns.c:168
LogDnsFileCtx_::eve_ctx
OutputJsonCtx * eve_ctx
Definition: output-json-dns.c:241
DNS_RRTYPE_HINFO
@ DNS_RRTYPE_HINFO
Definition: output-json-dns.c:122
DNS_RRTYPE_NSEC
@ DNS_RRTYPE_NSEC
Definition: output-json-dns.c:153
LOG_ATMA
#define LOG_ATMA
Definition: output-json-dns.c:74
LOG_KEY
#define LOG_KEY
Definition: output-json-dns.c:67
LOG_ALL_RRTYPES
#define LOG_ALL_RRTYPES
Definition: output-json-dns.c:107
util-debug.h
DNS_RRTYPE_MF
@ DNS_RRTYPE_MF
Definition: output-json-dns.c:113
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:47
LOG_MINFO
#define LOG_MINFO
Definition: output-json-dns.c:56
LOG_SIG
#define LOG_SIG
Definition: output-json-dns.c:66
DNS_RRTYPE_RP
@ DNS_RRTYPE_RP
Definition: output-json-dns.c:126
output-json.h
LOG_KX
#define LOG_KX
Definition: output-json-dns.c:76
LOG_A
#define LOG_A
Definition: output-json-dns.c:43
LOG_MF
#define LOG_MF
Definition: output-json-dns.c:46
DNS_RRTYPE_CDNSKEY
@ DNS_RRTYPE_CDNSKEY
Definition: output-json-dns.c:161
LogDnsLogThread_
Definition: output-json-dns.c:244
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:463
DNS_RRTYPE_IPSECKEY
@ DNS_RRTYPE_IPSECKEY
Definition: output-json-dns.c:151
CreateEveHeader
JsonBuilder * CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
Definition: output-json.c:780
DNS_RRTYPE_KEY
@ DNS_RRTYPE_KEY
Definition: output-json-dns.c:134
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
DNS_RRTYPE_NSEC3PARAM
@ DNS_RRTYPE_NSEC3PARAM
Definition: output-json-dns.c:157
LOG_RT
#define LOG_RT
Definition: output-json-dns.c:63
LogDnsLogThread_::ctx
OutputJsonThreadCtx * ctx
Definition: output-json-dns.c:246
LOG_SSHFP
#define LOG_SSHFP
Definition: output-json-dns.c:83
OutputInitResult_::ok
bool ok
Definition: output.h:48
DNS_RRTYPE_A
@ DNS_RRTYPE_A
Definition: output-json-dns.c:110
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
DNS_RRTYPE_DNAME
@ DNS_RRTYPE_DNAME
Definition: output-json-dns.c:146
app-layer-parser.h
DNS_RRTYPE_RRSIG
@ DNS_RRTYPE_RRSIG
Definition: output-json-dns.c:152
DNS_RRTYPE_DS
@ DNS_RRTYPE_DS
Definition: output-json-dns.c:149
LOG_RRSIG
#define LOG_RRSIG
Definition: output-json-dns.c:85
LOG_MG
#define LOG_MG
Definition: output-json-dns.c:50
DNS_RRTYPE_MAILA
@ DNS_RRTYPE_MAILA
Definition: output-json-dns.c:166
DNS_RRTYPE_TXT
@ DNS_RRTYPE_TXT
Definition: output-json-dns.c:125
Packet_
Definition: decode.h:482
DNS_RRTYPE_AFSDB
@ DNS_RRTYPE_AFSDB
Definition: output-json-dns.c:127
DNS_RRTYPE_ATMA
@ DNS_RRTYPE_ATMA
Definition: output-json-dns.c:141
DNS_RRTYPE_KX
@ DNS_RRTYPE_KX
Definition: output-json-dns.c:143
DNS_RRTYPE_PTR
@ DNS_RRTYPE_PTR
Definition: output-json-dns.c:121
conf.h
DNS_RRTYPE_NSAP
@ DNS_RRTYPE_NSAP
Definition: output-json-dns.c:131
LOG_ANY
#define LOG_ANY
Definition: output-json-dns.c:99
TmEcode
TmEcode
Definition: tm-threads-common.h:83
LOG_MB
#define LOG_MB
Definition: output-json-dns.c:49
LogDnsFileCtx_
Definition: output-json-dns.c:239
LOG_PTR
#define LOG_PTR
Definition: output-json-dns.c:54
DNS_RRTYPE_ISDN
@ DNS_RRTYPE_ISDN
Definition: output-json-dns.c:129
DNS_RRTYPE_TLSA
@ DNS_RRTYPE_TLSA
Definition: output-json-dns.c:158
DNS_RRTYPE_NSEC3
@ DNS_RRTYPE_NSEC3
Definition: output-json-dns.c:156
LOG_HTTPS
#define LOG_HTTPS
Definition: output-json-dns.c:104
DNS_RRTYPE_A6
@ DNS_RRTYPE_A6
Definition: output-json-dns.c:145
DNS_RRTYPE_CERT
@ DNS_RRTYPE_CERT
Definition: output-json-dns.c:144
ConfNodeLookupChild
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:786
LOG_HIP
#define LOG_HIP
Definition: output-json-dns.c:92
util-mem.h
LOG_NSAP
#define LOG_NSAP
Definition: output-json-dns.c:64
LOG_AAAA
#define LOG_AAAA
Definition: output-json-dns.c:70
LOG_DHCID
#define LOG_DHCID
Definition: output-json-dns.c:88
OutputInitResult_
Definition: output.h:46
DNS_RRTYPE_SIG
@ DNS_RRTYPE_SIG
Definition: output-json-dns.c:133
AlertJsonDns
bool AlertJsonDns(void *txptr, JsonBuilder *js)
Definition: output-json-dns.c:290
DNS_RRTYPE_NXT
@ DNS_RRTYPE_NXT
Definition: output-json-dns.c:139
LOG_CNAME
#define LOG_CNAME
Definition: output-json-dns.c:47
suricata-common.h
OutputCtx_::DeInit
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:91
LogDnsFileCtx
struct LogDnsFileCtx_ LogDnsFileCtx
LOG_QUERIES
#define LOG_QUERIES
Definition: output-json-dns.c:40
OutputRegisterTxSubModule
void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Definition: output.c:405
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
LOG_FORMAT_GROUPED
#define LOG_FORMAT_GROUPED
Definition: output-json-dns.c:102
LogDnsLogThread
struct LogDnsLogThread_ LogDnsLogThread
threadvars.h
LOG_DIR_FLOW
@ LOG_DIR_FLOW
Definition: output-json.h:38
output-json-dns.h
LOG_NSAPPTR
#define LOG_NSAPPTR
Definition: output-json-dns.c:65
LOGGER_JSON_TX
@ LOGGER_JSON_TX
Definition: suricata-common.h:467
DNS_RRTYPE_DNSKEY
@ DNS_RRTYPE_DNSKEY
Definition: output-json-dns.c:154
JsonDnsLogRegister
void JsonDnsLogRegister(void)
Definition: output-json-dns.c:587
DNS_RRTYPE_MG
@ DNS_RRTYPE_MG
Definition: output-json-dns.c:117
LOG_CDNSKEY
#define LOG_CDNSKEY
Definition: output-json-dns.c:94
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DNS_RRTYPE_MR
@ DNS_RRTYPE_MR
Definition: output-json-dns.c:118
ConfNode_
Definition: conf.h:32
LOG_ISDN
#define LOG_ISDN
Definition: output-json-dns.c:62
LOG_OPT
#define LOG_OPT
Definition: output-json-dns.c:80
DNS_RRTYPE_SOA
@ DNS_RRTYPE_SOA
Definition: output-json-dns.c:115
DNS_RRTYPE_RT
@ DNS_RRTYPE_RT
Definition: output-json-dns.c:130
LOG_X25
#define LOG_X25
Definition: output-json-dns.c:61
LOG_MX
#define LOG_MX
Definition: output-json-dns.c:57
DNS_RRTYPE_APL
@ DNS_RRTYPE_APL
Definition: output-json-dns.c:148
DNS_RRTYPE_SSHFP
@ DNS_RRTYPE_SSHFP
Definition: output-json-dns.c:150
LOG_FORMAT_DETAILED
#define LOG_FORMAT_DETAILED
Definition: output-json-dns.c:103
DNS_RRTYPE_NSAPPTR
@ DNS_RRTYPE_NSAPPTR
Definition: output-json-dns.c:132
DNS_RRTYPE_MB
@ DNS_RRTYPE_MB
Definition: output-json-dns.c:116
DNS_RRTYPE_CDS
@ DNS_RRTYPE_CDS
Definition: output-json-dns.c:160
LOG_FORMAT_ALL
#define LOG_FORMAT_ALL
Definition: output-json-dns.c:106
LOG_TXT
#define LOG_TXT
Definition: output-json-dns.c:58
flags
uint64_t flags
Definition: output-json-dns.c:174
LOG_IPSECKEY
#define LOG_IPSECKEY
Definition: output-json-dns.c:84
DNS_RRTYPE_MD
@ DNS_RRTYPE_MD
Definition: output-json-dns.c:112
DNS_RRTYPE_NAPTR
@ DNS_RRTYPE_NAPTR
Definition: output-json-dns.c:142
DNS_RRTYPE_SRV
@ DNS_RRTYPE_SRV
Definition: output-json-dns.c:140
DNS_RRTYPE_MINFO
@ DNS_RRTYPE_MINFO
Definition: output-json-dns.c:123
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
LogDnsLogThread_::dnslog_ctx
LogDnsFileCtx * dnslog_ctx
Definition: output-json-dns.c:245
LOG_A6
#define LOG_A6
Definition: output-json-dns.c:78
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
output.h
DNS_RRTYPE_CNAME
@ DNS_RRTYPE_CNAME
Definition: output-json-dns.c:114
LOG_PX
#define LOG_PX
Definition: output-json-dns.c:68
LOG_SPF
#define LOG_SPF
Definition: output-json-dns.c:95
config_rrtype
const char * config_rrtype
Definition: output-json-dns.c:173
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:814
LOG_AFSDB
#define LOG_AFSDB
Definition: output-json-dns.c:60