suricata
output-json-dns.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  *
23  * Implements JSON DNS logging portion of the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 #include "util-mem.h"
41 #include "app-layer-parser.h"
42 #include "output.h"
43 #include "app-layer.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 
50 #include "output-json.h"
51 #include "output-json-dns.h"
52 #include "rust.h"
53 
54 /* we can do query logging as well, but it's disabled for now as the
55  * TX id handling doesn't expect it */
56 #define QUERY 0
57 
58 #define LOG_QUERIES BIT_U64(0)
59 #define LOG_ANSWERS BIT_U64(1)
60 
61 #define LOG_A BIT_U64(2)
62 #define LOG_NS BIT_U64(3)
63 #define LOG_MD BIT_U64(4)
64 #define LOG_MF BIT_U64(5)
65 #define LOG_CNAME BIT_U64(6)
66 #define LOG_SOA BIT_U64(7)
67 #define LOG_MB BIT_U64(8)
68 #define LOG_MG BIT_U64(9)
69 #define LOG_MR BIT_U64(10)
70 #define LOG_NULL BIT_U64(11)
71 #define LOG_WKS BIT_U64(12)
72 #define LOG_PTR BIT_U64(13)
73 #define LOG_HINFO BIT_U64(14)
74 #define LOG_MINFO BIT_U64(15)
75 #define LOG_MX BIT_U64(16)
76 #define LOG_TXT BIT_U64(17)
77 #define LOG_RP BIT_U64(18)
78 #define LOG_AFSDB BIT_U64(19)
79 #define LOG_X25 BIT_U64(20)
80 #define LOG_ISDN BIT_U64(21)
81 #define LOG_RT BIT_U64(22)
82 #define LOG_NSAP BIT_U64(23)
83 #define LOG_NSAPPTR BIT_U64(24)
84 #define LOG_SIG BIT_U64(25)
85 #define LOG_KEY BIT_U64(26)
86 #define LOG_PX BIT_U64(27)
87 #define LOG_GPOS BIT_U64(28)
88 #define LOG_AAAA BIT_U64(29)
89 #define LOG_LOC BIT_U64(30)
90 #define LOG_NXT BIT_U64(31)
91 #define LOG_SRV BIT_U64(32)
92 #define LOG_ATMA BIT_U64(33)
93 #define LOG_NAPTR BIT_U64(34)
94 #define LOG_KX BIT_U64(35)
95 #define LOG_CERT BIT_U64(36)
96 #define LOG_A6 BIT_U64(37)
97 #define LOG_DNAME BIT_U64(38)
98 #define LOG_OPT BIT_U64(39)
99 #define LOG_APL BIT_U64(40)
100 #define LOG_DS BIT_U64(41)
101 #define LOG_SSHFP BIT_U64(42)
102 #define LOG_IPSECKEY BIT_U64(43)
103 #define LOG_RRSIG BIT_U64(44)
104 #define LOG_NSEC BIT_U64(45)
105 #define LOG_DNSKEY BIT_U64(46)
106 #define LOG_DHCID BIT_U64(47)
107 #define LOG_NSEC3 BIT_U64(48)
108 #define LOG_NSEC3PARAM BIT_U64(49)
109 #define LOG_TLSA BIT_U64(50)
110 #define LOG_HIP BIT_U64(51)
111 #define LOG_CDS BIT_U64(52)
112 #define LOG_CDNSKEY BIT_U64(53)
113 #define LOG_SPF BIT_U64(54)
114 #define LOG_TKEY BIT_U64(55)
115 #define LOG_TSIG BIT_U64(56)
116 #define LOG_MAILA BIT_U64(57)
117 #define LOG_ANY BIT_U64(58)
118 #define LOG_URI BIT_U64(59)
119 
120 #define LOG_FORMAT_GROUPED BIT_U64(60)
121 #define LOG_FORMAT_DETAILED BIT_U64(61)
122 
123 #define LOG_FORMAT_ALL (LOG_FORMAT_GROUPED|LOG_FORMAT_DETAILED)
124 #define LOG_ALL_RRTYPES (~(uint64_t)(LOG_QUERIES|LOG_ANSWERS|LOG_FORMAT_DETAILED|LOG_FORMAT_GROUPED))
125 
126 typedef enum {
186 } DnsRRTypes;
187 
188 typedef enum {
192 
193 #define DNS_VERSION_DEFAULT DNS_VERSION_2
194 
195 static struct {
196  const char *config_rrtype;
197  uint64_t flags;
198 } dns_rrtype_fields[] = {
199  { "a", LOG_A },
200  { "ns", LOG_NS },
201  { "md", LOG_MD },
202  { "mf", LOG_MF },
203  { "cname", LOG_CNAME },
204  { "soa", LOG_SOA },
205  { "mb", LOG_MB },
206  { "mg", LOG_MG },
207  { "mr", LOG_MR },
208  { "null", LOG_NULL },
209  { "wks", LOG_WKS },
210  { "ptr", LOG_PTR },
211  { "hinfo", LOG_HINFO },
212  { "minfo", LOG_MINFO },
213  { "mx", LOG_MX },
214  { "txt", LOG_TXT },
215  { "rp", LOG_RP },
216  { "afsdb", LOG_AFSDB },
217  { "x25", LOG_X25 },
218  { "isdn", LOG_ISDN },
219  { "rt", LOG_RT },
220  { "nsap", LOG_NSAP },
221  { "nsapptr", LOG_NSAPPTR },
222  { "sig", LOG_SIG },
223  { "key", LOG_KEY },
224  { "px", LOG_PX },
225  { "gpos", LOG_GPOS },
226  { "aaaa", LOG_AAAA },
227  { "loc", LOG_LOC },
228  { "nxt", LOG_NXT },
229  { "srv", LOG_SRV },
230  { "atma", LOG_ATMA },
231  { "naptr", LOG_NAPTR },
232  { "kx", LOG_KX },
233  { "cert", LOG_CERT },
234  { "a6", LOG_A6 },
235  { "dname", LOG_DNAME },
236  { "opt", LOG_OPT },
237  { "apl", LOG_APL },
238  { "ds", LOG_DS },
239  { "sshfp", LOG_SSHFP },
240  { "ipseckey", LOG_IPSECKEY },
241  { "rrsig", LOG_RRSIG },
242  { "nsec", LOG_NSEC },
243  { "dnskey", LOG_DNSKEY },
244  { "dhcid", LOG_DHCID },
245  { "nsec3", LOG_NSEC3 },
246  { "nsec3param", LOG_NSEC3PARAM },
247  { "tlsa", LOG_TLSA },
248  { "hip", LOG_HIP },
249  { "cds", LOG_CDS },
250  { "cdnskey", LOG_CDNSKEY },
251  { "spf", LOG_SPF },
252  { "tkey", LOG_TKEY },
253  { "tsig", LOG_TSIG },
254  { "maila", LOG_MAILA },
255  { "any", LOG_ANY },
256  { "uri", LOG_URI }
257 };
258 
259 typedef struct LogDnsFileCtx_ {
261  uint64_t flags; /** Store mode */
265 
266 typedef struct LogDnsLogThread_ {
268  /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
269  uint32_t dns_cnt;
270 
273 
274 JsonBuilder *JsonDNSLogQuery(void *txptr, uint64_t tx_id)
275 {
276  JsonBuilder *queryjb = jb_new_array();
277  if (queryjb == NULL) {
278  return NULL;
279  }
280 
281  for (uint16_t i = 0; i < UINT16_MAX; i++) {
282  JsonBuilder *js = jb_new_object();
283  if (!rs_dns_log_json_query((void *)txptr, i, LOG_ALL_RRTYPES, js)) {
284  jb_free(js);
285  break;
286  }
287  jb_close(js);
288  jb_append_object(queryjb, js);
289  jb_free(js);
290  }
291 
292  jb_close(queryjb);
293  return queryjb;
294 }
295 
296 JsonBuilder *JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
297 {
298  if (!rs_dns_do_log_answer(txptr, LOG_ALL_RRTYPES)) {
299  return NULL;
300  } else {
301  JsonBuilder *js = jb_new_object();
302  rs_dns_log_json_answer(txptr, LOG_ALL_RRTYPES, js);
303  jb_close(js);
304  return js;
305  }
306 }
307 
308 static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
309  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
310 {
311  SCEnter();
312 
313  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
314  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
315 
316  if (unlikely(dnslog_ctx->flags & LOG_QUERIES) == 0) {
317  return TM_ECODE_OK;
318  }
319 
320  for (uint16_t i = 0; i < 0xffff; i++) {
321  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
322  if (unlikely(jb == NULL)) {
323  return TM_ECODE_OK;
324  }
325  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
326 
327  jb_open_object(jb, "dns");
328  if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
329  jb_free(jb);
330  break;
331  }
332  jb_close(jb);
333 
334  MemBufferReset(td->buffer);
336  jb_free(jb);
337  }
338 
340 }
341 
342 static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
343  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
344 {
345  SCEnter();
346 
347  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
348  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
349 
350  if (unlikely(dnslog_ctx->flags & LOG_ANSWERS) == 0) {
351  return TM_ECODE_OK;
352  }
353 
354  if (td->dnslog_ctx->version == DNS_VERSION_2) {
355  if (rs_dns_do_log_answer(txptr, td->dnslog_ctx->flags)) {
356  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
357  if (unlikely(jb == NULL)) {
358  return TM_ECODE_OK;
359  }
360  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
361 
362  jb_open_object(jb, "dns");
363  rs_dns_log_json_answer(txptr, td->dnslog_ctx->flags, jb);
364  jb_close(jb);
365  MemBufferReset(td->buffer);
367  jb_free(jb);
368  }
369  } else {
370  /* Log answers. */
371  for (uint16_t i = 0; i < UINT16_MAX; i++) {
372  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
373  if (unlikely(jb == NULL)) {
374  return TM_ECODE_OK;
375  }
376  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
377 
378  JsonBuilder *answer = rs_dns_log_json_answer_v1(txptr, i,
379  td->dnslog_ctx->flags);
380  if (answer == NULL) {
381  jb_free(jb);
382  break;
383  }
384  jb_set_object(jb, "dns", answer);
385 
386  MemBufferReset(td->buffer);
388  jb_free(jb);
389  }
390  /* Log authorities. */
391  for (uint16_t i = 0; i < UINT16_MAX; i++) {
392  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
393  if (unlikely(jb == NULL)) {
394  return TM_ECODE_OK;
395  }
396  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
397 
398  JsonBuilder *answer = rs_dns_log_json_authority_v1(txptr, i,
399  td->dnslog_ctx->flags);
400  if (answer == NULL) {
401  jb_free(jb);
402  break;
403  }
404  jb_set_object(jb, "dns", answer);
405 
406  MemBufferReset(td->buffer);
408  jb_free(jb);
409  }
410  }
411 
413 }
414 
415 static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
416 {
417  LogDnsLogThread *aft = SCMalloc(sizeof(LogDnsLogThread));
418  if (unlikely(aft == NULL))
419  return TM_ECODE_FAILED;
420  memset(aft, 0, sizeof(LogDnsLogThread));
421 
422  if(initdata == NULL)
423  {
424  SCLogDebug("Error getting context for EveLogDNS. \"initdata\" argument NULL");
425  SCFree(aft);
426  return TM_ECODE_FAILED;
427  }
428 
430  if (aft->buffer == NULL) {
431  SCFree(aft);
432  return TM_ECODE_FAILED;
433  }
434 
435  /* Use the Ouptut Context (file pointer and mutex) */
436  aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
437 
438  *data = (void *)aft;
439  return TM_ECODE_OK;
440 }
441 
442 static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
443 {
444  LogDnsLogThread *aft = (LogDnsLogThread *)data;
445  if (aft == NULL) {
446  return TM_ECODE_OK;
447  }
448 
449  MemBufferFree(aft->buffer);
450  /* clear memory */
451  memset(aft, 0, sizeof(LogDnsLogThread));
452 
453  SCFree(aft);
454  return TM_ECODE_OK;
455 }
456 
457 static void LogDnsLogDeInitCtx(OutputCtx *output_ctx)
458 {
459  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
460  LogFileFreeCtx(dnslog_ctx->file_ctx);
461  SCFree(dnslog_ctx);
462  SCFree(output_ctx);
463 }
464 
465 static void LogDnsLogDeInitCtxSub(OutputCtx *output_ctx)
466 {
467  SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
468  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
469  SCFree(dnslog_ctx);
470  SCFree(output_ctx);
471 }
472 
473 static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
474  const char *query_key, const char *answer_key,
475  const char *answer_types_key)
476 {
477  const char *query = ConfNodeLookupChildValue(conf, query_key);
478  if (query != NULL) {
479  if (ConfValIsTrue(query)) {
480  dnslog_ctx->flags |= LOG_QUERIES;
481  } else {
482  dnslog_ctx->flags &= ~LOG_QUERIES;
483  }
484  } else {
485  if (dnslog_ctx->version == DNS_VERSION_2) {
486  dnslog_ctx->flags |= LOG_QUERIES;
487  }
488  }
489 
490  const char *response = ConfNodeLookupChildValue(conf, answer_key);
491  if (response != NULL) {
492  if (ConfValIsTrue(response)) {
493  dnslog_ctx->flags |= LOG_ANSWERS;
494  } else {
495  dnslog_ctx->flags &= ~LOG_ANSWERS;
496  }
497  } else {
498  if (dnslog_ctx->version == DNS_VERSION_2) {
499  dnslog_ctx->flags |= LOG_ANSWERS;
500  }
501  }
502 
503  ConfNode *custom;
504  if ((custom = ConfNodeLookupChild(conf, answer_types_key)) != NULL) {
505  dnslog_ctx->flags &= ~LOG_ALL_RRTYPES;
506  ConfNode *field;
507  TAILQ_FOREACH(field, &custom->head, next)
508  {
509  if (field != NULL)
510  {
511  DnsRRTypes f;
512  for (f = DNS_RRTYPE_A; f < DNS_RRTYPE_MAX; f++)
513  {
514  if (strcasecmp(dns_rrtype_fields[f].config_rrtype,
515  field->val) == 0)
516  {
517  dnslog_ctx->flags |= dns_rrtype_fields[f].flags;
518  break;
519  }
520  }
521  }
522  }
523  } else {
524  if (dnslog_ctx->version == DNS_VERSION_2) {
525  dnslog_ctx->flags |= LOG_ALL_RRTYPES;
526  }
527  }
528 }
529 
530 static DnsVersion JsonDnsParseVersion(ConfNode *conf)
531 {
532  if (conf == NULL) {
533  return DNS_VERSION_DEFAULT;
534  }
535 
537  intmax_t config_version;
538  const ConfNode *has_version = ConfNodeLookupChild(conf, "version");
539 
540  if (has_version != NULL) {
541  bool invalid = false;
542  if (ConfGetChildValueInt(conf, "version", &config_version)) {
543  switch(config_version) {
544  case 1:
546  break;
547  case 2:
549  break;
550  default:
551  invalid = true;
552  break;
553  }
554  } else {
555  invalid = true;
556  }
557  if (invalid) {
559  "invalid eve-log dns version option: %s, "
560  "defaulting to version %u",
561  has_version->val, version);
562  }
563  } else {
564  SCLogConfig("eve-log dns version not set, defaulting to version %u",
565  version);
566  }
567 
568  return version;
569 }
570 
571 static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
572 {
573  dnslog_ctx->flags = ~0UL;
574 
575  if (conf) {
576  if (dnslog_ctx->version == DNS_VERSION_1) {
577  JsonDnsLogParseConfig(dnslog_ctx, conf, "query", "answer", "custom");
578  } else {
579  JsonDnsLogParseConfig(dnslog_ctx, conf, "requests", "responses", "types");
580 
581  if (dnslog_ctx->flags & LOG_ANSWERS) {
582  ConfNode *format;
583  if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
584  dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
585  ConfNode *field;
586  TAILQ_FOREACH(field, &format->head, next) {
587  if (strcasecmp(field->val, "detailed") == 0) {
588  dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
589  } else if (strcasecmp(field->val, "grouped") == 0) {
590  dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
591  }
592  }
593  } else {
594  dnslog_ctx->flags |= LOG_FORMAT_ALL;
595  }
596  }
597  }
598  }
599 }
600 
601 static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
602 {
603  OutputInitResult result = { NULL, false };
604  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
605  if (enabled != NULL && !ConfValIsTrue(enabled)) {
606  result.ok = true;
607  return result;
608  }
609 
610  DnsVersion version = JsonDnsParseVersion(conf);
611 
612  OutputJsonCtx *ojc = parent_ctx->data;
613 
614  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
615  if (unlikely(dnslog_ctx == NULL)) {
616  return result;
617  }
618  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
619 
620  dnslog_ctx->file_ctx = ojc->file_ctx;
621  dnslog_ctx->cfg = ojc->cfg;
622 
623  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
624  if (unlikely(output_ctx == NULL)) {
625  SCFree(dnslog_ctx);
626  return result;
627  }
628 
629  output_ctx->data = dnslog_ctx;
630  output_ctx->DeInit = LogDnsLogDeInitCtxSub;
631 
632  dnslog_ctx->version = version;
633  JsonDnsLogInitFilters(dnslog_ctx, conf);
634 
635  SCLogDebug("DNS log sub-module initialized");
636 
639 
640  result.ctx = output_ctx;
641  result.ok = true;
642  return result;
643 }
644 
645 #define DEFAULT_LOG_FILENAME "dns.json"
646 /** \brief Create a new dns log LogFileCtx.
647  * \param conf Pointer to ConfNode containing this loggers configuration.
648  * \return NULL if failure, LogFileCtx* to the file_ctx if succesful
649  * */
650 static OutputInitResult JsonDnsLogInitCtx(ConfNode *conf)
651 {
652  OutputInitResult result = { NULL, false };
653  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
654  if (enabled != NULL && !ConfValIsTrue(enabled)) {
655  return result;
656  }
657 
658  DnsVersion version = JsonDnsParseVersion(conf);
659 
660  LogFileCtx *file_ctx = LogFileNewCtx();
661 
662  if(file_ctx == NULL) {
663  SCLogError(SC_ERR_DNS_LOG_GENERIC, "couldn't create new file_ctx");
664  return result;
665  }
666 
667  if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
668  LogFileFreeCtx(file_ctx);
669  return result;
670  }
671 
672  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
673  if (unlikely(dnslog_ctx == NULL)) {
674  LogFileFreeCtx(file_ctx);
675  return result;
676  }
677  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
678 
679  dnslog_ctx->file_ctx = file_ctx;
680 
681  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
682  if (unlikely(output_ctx == NULL)) {
683  LogFileFreeCtx(file_ctx);
684  SCFree(dnslog_ctx);
685  return result;
686  }
687 
688  output_ctx->data = dnslog_ctx;
689  output_ctx->DeInit = LogDnsLogDeInitCtx;
690 
691  dnslog_ctx->version = version;
692  JsonDnsLogInitFilters(dnslog_ctx, conf);
693 
694  SCLogDebug("DNS log output initialized");
695 
698 
699  result.ctx = output_ctx;
700  result.ok = true;
701  return result;
702 }
703 
704 
705 #define MODULE_NAME "JsonDnsLog"
707 {
708  /* Logger for requests. */
710  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer,
711  0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
712 
713  /* Logger for replies. */
715  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient,
716  1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
717 
718  /* Sub-logger for requests. */
720  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
721  JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit,
722  LogDnsLogThreadDeinit, NULL);
723 
724  /* Sub-logger for replies. */
726  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
727  JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit,
728  NULL);
729 }
DNS_RRTYPE_PX
@ DNS_RRTYPE_PX
Definition: output-json-dns.c:152
ConfGetChildValueInt
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:469
tm-threads.h
DNS_RRTYPE_AAAA
@ DNS_RRTYPE_AAAA
Definition: output-json-dns.c:154
DNS_RRTYPE_GPOS
@ DNS_RRTYPE_GPOS
Definition: output-json-dns.c:153
LOG_MR
#define LOG_MR
Definition: output-json-dns.c:69
DNS_RRTYPE_TKEY
@ DNS_RRTYPE_TKEY
Definition: output-json-dns.c:180
DNS_RRTYPE_ANY
@ DNS_RRTYPE_ANY
Definition: output-json-dns.c:183
LOG_NULL
#define LOG_NULL
Definition: output-json-dns.c:70
LOG_NSEC3PARAM
#define LOG_NSEC3PARAM
Definition: output-json-dns.c:108
DNS_RRTYPE_OPT
@ DNS_RRTYPE_OPT
Definition: output-json-dns.c:164
LOG_NSEC
#define LOG_NSEC
Definition: output-json-dns.c:104
LOG_RP
#define LOG_RP
Definition: output-json-dns.c:77
LOG_GPOS
#define LOG_GPOS
Definition: output-json-dns.c:87
DNS_RRTYPE_NULL
@ DNS_RRTYPE_NULL
Definition: output-json-dns.c:136
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
MODULE_NAME
#define MODULE_NAME
Definition: output-json-dns.c:705
DNS_RRTYPE_MX
@ DNS_RRTYPE_MX
Definition: output-json-dns.c:141
ConfNode_::val
char * val
Definition: conf.h:34
DNS_RRTYPE_HIP
@ DNS_RRTYPE_HIP
Definition: output-json-dns.c:176
OutputJsonCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json.h:111
LOG_NXT
#define LOG_NXT
Definition: output-json-dns.c:90
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
DNS_RRTYPE_LOC
@ DNS_RRTYPE_LOC
Definition: output-json-dns.c:155
LOG_TLSA
#define LOG_TLSA
Definition: output-json-dns.c:109
LogFileNewCtx
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
Definition: util-logopenfile.c:517
DNS_RRTYPE_NS
@ DNS_RRTYPE_NS
Definition: output-json-dns.c:128
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DNS_RRTYPE_MAX
@ DNS_RRTYPE_MAX
Definition: output-json-dns.c:185
DNS_RRTYPE_X25
@ DNS_RRTYPE_X25
Definition: output-json-dns.c:145
DnsRRTypes
DnsRRTypes
Definition: output-json-dns.c:126
JSON_OUTPUT_BUFFER_SIZE
#define JSON_OUTPUT_BUFFER_SIZE
Definition: output-json.h:62
threads.h
LOG_TKEY
#define LOG_TKEY
Definition: output-json-dns.c:114
OutputJsonCtx_
Definition: output-json.h:108
Flow_
Flow data structure.
Definition: flow.h:343
OutputJsonCommonSettings_
Definition: output-json.h:99
DNS_RRTYPE_TSIG
@ DNS_RRTYPE_TSIG
Definition: output-json-dns.c:181
LogFileCtx_
Definition: util-logopenfile.h:52
LOG_LOC
#define LOG_LOC
Definition: output-json-dns.c:89
LOG_TSIG
#define LOG_TSIG
Definition: output-json-dns.c:115
LOG_APL
#define LOG_APL
Definition: output-json-dns.c:99
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
LOG_DNSKEY
#define LOG_DNSKEY
Definition: output-json-dns.c:105
OutputJsonBuilderBuffer
int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer)
Definition: output-json.c:1431
rust.h
DNS_RRTYPE_DHCID
@ DNS_RRTYPE_DHCID
Definition: output-json-dns.c:172
LOG_DNAME
#define LOG_DNAME
Definition: output-json-dns.c:97
LOGGER_JSON_DNS_TC
@ LOGGER_JSON_DNS_TC
Definition: suricata-common.h:449
util-privs.h
LOG_ANSWERS
#define LOG_ANSWERS
Definition: output-json-dns.c:59
EveAddCommonOptions
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, JsonBuilder *js)
Definition: output-json.c:673
LOG_NSEC3
#define LOG_NSEC3
Definition: output-json-dns.c:107
LOG_DS
#define LOG_DS
Definition: output-json-dns.c:100
LOG_MAILA
#define LOG_MAILA
Definition: output-json-dns.c:116
LOG_NS
#define LOG_NS
Definition: output-json-dns.c:62
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:79
LOG_CERT
#define LOG_CERT
Definition: output-json-dns.c:95
DNS_RRTYPE_SPF
@ DNS_RRTYPE_SPF
Definition: output-json-dns.c:179
DNS_RRTYPE_WKS
@ DNS_RRTYPE_WKS
Definition: output-json-dns.c:137
LogDnsFileCtx_::flags
uint64_t flags
Definition: output-json-dns.c:261
DEFAULT_LOG_FILENAME
#define DEFAULT_LOG_FILENAME
Definition: output-json-dns.c:645
LOG_MD
#define LOG_MD
Definition: output-json-dns.c:63
DNS_VERSION_1
@ DNS_VERSION_1
Definition: output-json-dns.c:189
LOG_SOA
#define LOG_SOA
Definition: output-json-dns.c:66
LOG_NAPTR
#define LOG_NAPTR
Definition: output-json-dns.c:93
LOG_WKS
#define LOG_WKS
Definition: output-json-dns.c:71
util-unittest.h
LOG_CDS
#define LOG_CDS
Definition: output-json-dns.c:111
LogDnsLogThread_::dns_cnt
uint32_t dns_cnt
Definition: output-json-dns.c:269
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:566
OutputCtx_::data
void * data
Definition: tm-modules.h:81
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:78
JsonDNSLogAnswer
JsonBuilder * JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
Definition: output-json-dns.c:296
OutputCtx_
Definition: tm-modules.h:78
SCConfLogOpenGeneric
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
Definition: util-logopenfile.c:305
LOG_URI
#define LOG_URI
Definition: output-json-dns.c:118
LOG_SRV
#define LOG_SRV
Definition: output-json-dns.c:91
LOG_HINFO
#define LOG_HINFO
Definition: output-json-dns.c:73
DNS_RRTYPE_URI
@ DNS_RRTYPE_URI
Definition: output-json-dns.c:184
DNS_RRTYPE_HINFO
@ DNS_RRTYPE_HINFO
Definition: output-json-dns.c:139
DNS_RRTYPE_NSEC
@ DNS_RRTYPE_NSEC
Definition: output-json-dns.c:170
LOG_ATMA
#define LOG_ATMA
Definition: output-json-dns.c:92
LOG_KEY
#define LOG_KEY
Definition: output-json-dns.c:85
LOG_ALL_RRTYPES
#define LOG_ALL_RRTYPES
Definition: output-json-dns.c:124
util-debug.h
DNS_RRTYPE_MF
@ DNS_RRTYPE_MF
Definition: output-json-dns.c:130
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:42
CreateEveHeader
JsonBuilder * CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr)
Definition: output-json.c:1286
LOG_MINFO
#define LOG_MINFO
Definition: output-json-dns.c:74
LOG_SIG
#define LOG_SIG
Definition: output-json-dns.c:84
DNS_RRTYPE_RP
@ DNS_RRTYPE_RP
Definition: output-json-dns.c:143
output-json.h
LOG_KX
#define LOG_KX
Definition: output-json-dns.c:94
LOG_A
#define LOG_A
Definition: output-json-dns.c:61
LOG_MF
#define LOG_MF
Definition: output-json-dns.c:64
OutputRegisterTxSubModuleWithProgress
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Definition: output.c:379
LogDnsFileCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json-dns.c:263
SC_ERR_DNS_LOG_GENERIC
@ SC_ERR_DNS_LOG_GENERIC
Definition: util-error.h:264
DNS_RRTYPE_CDNSKEY
@ DNS_RRTYPE_CDNSKEY
Definition: output-json-dns.c:178
LogDnsLogThread_
Definition: output-json-dns.c:266
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:471
DNS_RRTYPE_IPSECKEY
@ DNS_RRTYPE_IPSECKEY
Definition: output-json-dns.c:168
util-print.h
DNS_RRTYPE_KEY
@ DNS_RRTYPE_KEY
Definition: output-json-dns.c:151
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DNS_RRTYPE_NSEC3PARAM
@ DNS_RRTYPE_NSEC3PARAM
Definition: output-json-dns.c:174
pkt-var.h
LOG_RT
#define LOG_RT
Definition: output-json-dns.c:81
LOG_SSHFP
#define LOG_SSHFP
Definition: output-json-dns.c:101
util-time.h
OutputInitResult_::ok
bool ok
Definition: output.h:43
DNS_RRTYPE_A
@ DNS_RRTYPE_A
Definition: output-json-dns.c:127
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
DNS_RRTYPE_DNAME
@ DNS_RRTYPE_DNAME
Definition: output-json-dns.c:163
app-layer-parser.h
DNS_RRTYPE_RRSIG
@ DNS_RRTYPE_RRSIG
Definition: output-json-dns.c:169
DNS_RRTYPE_DS
@ DNS_RRTYPE_DS
Definition: output-json-dns.c:166
LOG_RRSIG
#define LOG_RRSIG
Definition: output-json-dns.c:103
LOG_MG
#define LOG_MG
Definition: output-json-dns.c:68
DNS_RRTYPE_MAILA
@ DNS_RRTYPE_MAILA
Definition: output-json-dns.c:182
DNS_RRTYPE_TXT
@ DNS_RRTYPE_TXT
Definition: output-json-dns.c:142
Packet_
Definition: decode.h:411
DNS_RRTYPE_AFSDB
@ DNS_RRTYPE_AFSDB
Definition: output-json-dns.c:144
DNS_RRTYPE_ATMA
@ DNS_RRTYPE_ATMA
Definition: output-json-dns.c:158
DNS_RRTYPE_KX
@ DNS_RRTYPE_KX
Definition: output-json-dns.c:160
DNS_RRTYPE_PTR
@ DNS_RRTYPE_PTR
Definition: output-json-dns.c:138
conf.h
DNS_RRTYPE_NSAP
@ DNS_RRTYPE_NSAP
Definition: output-json-dns.c:148
LOG_ANY
#define LOG_ANY
Definition: output-json-dns.c:117
TmEcode
TmEcode
Definition: tm-threads-common.h:77
LOG_MB
#define LOG_MB
Definition: output-json-dns.c:67
LogDnsFileCtx_
Definition: output-json-dns.c:259
LOG_PTR
#define LOG_PTR
Definition: output-json-dns.c:72
DNS_RRTYPE_ISDN
@ DNS_RRTYPE_ISDN
Definition: output-json-dns.c:146
util-proto-name.h
MemBuffer_
Definition: util-buffer.h:27
DNS_RRTYPE_TLSA
@ DNS_RRTYPE_TLSA
Definition: output-json-dns.c:175
DNS_RRTYPE_NSEC3
@ DNS_RRTYPE_NSEC3
Definition: output-json-dns.c:173
DNS_VERSION_2
@ DNS_VERSION_2
Definition: output-json-dns.c:190
DNS_RRTYPE_A6
@ DNS_RRTYPE_A6
Definition: output-json-dns.c:162
DNS_RRTYPE_CERT
@ DNS_RRTYPE_CERT
Definition: output-json-dns.c:161
LogDnsFileCtx_::version
DnsVersion version
Definition: output-json-dns.c:262
ConfNodeLookupChild
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:815
LOG_HIP
#define LOG_HIP
Definition: output-json-dns.c:110
util-mem.h
LOG_NSAP
#define LOG_NSAP
Definition: output-json-dns.c:82
MemBufferReset
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
Definition: util-buffer.h:42
LOG_AAAA
#define LOG_AAAA
Definition: output-json-dns.c:88
LOG_DHCID
#define LOG_DHCID
Definition: output-json-dns.c:106
OutputInitResult_
Definition: output.h:41
DNS_RRTYPE_SIG
@ DNS_RRTYPE_SIG
Definition: output-json-dns.c:150
DNS_RRTYPE_NXT
@ DNS_RRTYPE_NXT
Definition: output-json-dns.c:156
LOG_CNAME
#define LOG_CNAME
Definition: output-json-dns.c:65
suricata-common.h
OutputCtx_::DeInit
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
MemBufferFree
void MemBufferFree(MemBuffer *buffer)
Definition: util-buffer.c:82
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
version
uint8_t version
Definition: decode-gre.h:1
LogFileFreeCtx
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
Definition: util-logopenfile.c:539
LogDnsFileCtx
struct LogDnsFileCtx_ LogDnsFileCtx
LOG_QUERIES
#define LOG_QUERIES
Definition: output-json-dns.c:58
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
LogDnsLogThread_::buffer
MemBuffer * buffer
Definition: output-json-dns.c:271
LOG_FORMAT_GROUPED
#define LOG_FORMAT_GROUPED
Definition: output-json-dns.c:120
LogDnsLogThread
struct LogDnsLogThread_ LogDnsLogThread
threadvars.h
LOG_DIR_FLOW
@ LOG_DIR_FLOW
Definition: output-json.h:39
output-json-dns.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
LOG_NSAPPTR
#define LOG_NSAPPTR
Definition: output-json-dns.c:83
DNS_VERSION_DEFAULT
#define DNS_VERSION_DEFAULT
Definition: output-json-dns.c:193
DNS_RRTYPE_DNSKEY
@ DNS_RRTYPE_DNSKEY
Definition: output-json-dns.c:171
JsonDnsLogRegister
void JsonDnsLogRegister(void)
Definition: output-json-dns.c:706
DNS_RRTYPE_MG
@ DNS_RRTYPE_MG
Definition: output-json-dns.c:134
LOG_CDNSKEY
#define LOG_CDNSKEY
Definition: output-json-dns.c:112
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DNS_RRTYPE_MR
@ DNS_RRTYPE_MR
Definition: output-json-dns.c:135
ConfNode_
Definition: conf.h:32
LOG_ISDN
#define LOG_ISDN
Definition: output-json-dns.c:80
util-logopenfile.h
LOG_OPT
#define LOG_OPT
Definition: output-json-dns.c:98
util-buffer.h
OutputRegisterTxModuleWithProgress
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
Definition: output.c:368
DNS_RRTYPE_SOA
@ DNS_RRTYPE_SOA
Definition: output-json-dns.c:132
DNS_RRTYPE_RT
@ DNS_RRTYPE_RT
Definition: output-json-dns.c:147
OutputJsonCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json.h:109
JsonDNSLogQuery
JsonBuilder * JsonDNSLogQuery(void *txptr, uint64_t tx_id)
Definition: output-json-dns.c:274
LOG_X25
#define LOG_X25
Definition: output-json-dns.c:79
LOG_MX
#define LOG_MX
Definition: output-json-dns.c:75
DNS_RRTYPE_APL
@ DNS_RRTYPE_APL
Definition: output-json-dns.c:165
DNS_RRTYPE_SSHFP
@ DNS_RRTYPE_SSHFP
Definition: output-json-dns.c:167
LOG_FORMAT_DETAILED
#define LOG_FORMAT_DETAILED
Definition: output-json-dns.c:121
DnsVersion
DnsVersion
Definition: output-json-dns.c:188
DNS_RRTYPE_NSAPPTR
@ DNS_RRTYPE_NSAPPTR
Definition: output-json-dns.c:149
DNS_RRTYPE_MB
@ DNS_RRTYPE_MB
Definition: output-json-dns.c:133
DNS_RRTYPE_CDS
@ DNS_RRTYPE_CDS
Definition: output-json-dns.c:177
LOG_FORMAT_ALL
#define LOG_FORMAT_ALL
Definition: output-json-dns.c:123
LOG_TXT
#define LOG_TXT
Definition: output-json-dns.c:76
LOGGER_JSON_DNS_TS
@ LOGGER_JSON_DNS_TS
Definition: suricata-common.h:448
flags
uint64_t flags
Definition: output-json-dns.c:197
LogDnsFileCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json-dns.c:260
LOG_IPSECKEY
#define LOG_IPSECKEY
Definition: output-json-dns.c:102
DNS_RRTYPE_MD
@ DNS_RRTYPE_MD
Definition: output-json-dns.c:129
DNS_RRTYPE_NAPTR
@ DNS_RRTYPE_NAPTR
Definition: output-json-dns.c:159
DNS_RRTYPE_SRV
@ DNS_RRTYPE_SRV
Definition: output-json-dns.c:157
DNS_RRTYPE_MINFO
@ DNS_RRTYPE_MINFO
Definition: output-json-dns.c:140
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
LogDnsLogThread_::dnslog_ctx
LogDnsFileCtx * dnslog_ctx
Definition: output-json-dns.c:267
LOG_A6
#define LOG_A6
Definition: output-json-dns.c:96
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
MemBufferCreateNew
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition: util-buffer.c:32
debug.h
output.h
DNS_RRTYPE_CNAME
@ DNS_RRTYPE_CNAME
Definition: output-json-dns.c:131
LOG_PX
#define LOG_PX
Definition: output-json-dns.c:86
LOG_SPF
#define LOG_SPF
Definition: output-json-dns.c:113
app-layer.h
config_rrtype
const char * config_rrtype
Definition: output-json-dns.c:196
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:843
LOG_AFSDB
#define LOG_AFSDB
Definition: output-json-dns.c:78