suricata
output-json-dns.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  *
23  * Implements JSON DNS logging portion of the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 #include "util-mem.h"
41 #include "app-layer-parser.h"
42 #include "output.h"
43 #include "app-layer.h"
44 #include "util-privs.h"
45 #include "util-buffer.h"
46 #include "util-proto-name.h"
47 #include "util-logopenfile.h"
48 #include "util-time.h"
49 
50 #include "output-json.h"
51 #include "output-json-dns.h"
52 #include "rust.h"
53 
54 /* we can do query logging as well, but it's disabled for now as the
55  * TX id handling doesn't expect it */
56 #define QUERY 0
57 
58 #define LOG_QUERIES BIT_U64(0)
59 #define LOG_ANSWERS BIT_U64(1)
60 
61 #define LOG_A BIT_U64(2)
62 #define LOG_NS BIT_U64(3)
63 #define LOG_MD BIT_U64(4)
64 #define LOG_MF BIT_U64(5)
65 #define LOG_CNAME BIT_U64(6)
66 #define LOG_SOA BIT_U64(7)
67 #define LOG_MB BIT_U64(8)
68 #define LOG_MG BIT_U64(9)
69 #define LOG_MR BIT_U64(10)
70 #define LOG_NULL BIT_U64(11)
71 #define LOG_WKS BIT_U64(12)
72 #define LOG_PTR BIT_U64(13)
73 #define LOG_HINFO BIT_U64(14)
74 #define LOG_MINFO BIT_U64(15)
75 #define LOG_MX BIT_U64(16)
76 #define LOG_TXT BIT_U64(17)
77 #define LOG_RP BIT_U64(18)
78 #define LOG_AFSDB BIT_U64(19)
79 #define LOG_X25 BIT_U64(20)
80 #define LOG_ISDN BIT_U64(21)
81 #define LOG_RT BIT_U64(22)
82 #define LOG_NSAP BIT_U64(23)
83 #define LOG_NSAPPTR BIT_U64(24)
84 #define LOG_SIG BIT_U64(25)
85 #define LOG_KEY BIT_U64(26)
86 #define LOG_PX BIT_U64(27)
87 #define LOG_GPOS BIT_U64(28)
88 #define LOG_AAAA BIT_U64(29)
89 #define LOG_LOC BIT_U64(30)
90 #define LOG_NXT BIT_U64(31)
91 #define LOG_SRV BIT_U64(32)
92 #define LOG_ATMA BIT_U64(33)
93 #define LOG_NAPTR BIT_U64(34)
94 #define LOG_KX BIT_U64(35)
95 #define LOG_CERT BIT_U64(36)
96 #define LOG_A6 BIT_U64(37)
97 #define LOG_DNAME BIT_U64(38)
98 #define LOG_OPT BIT_U64(39)
99 #define LOG_APL BIT_U64(40)
100 #define LOG_DS BIT_U64(41)
101 #define LOG_SSHFP BIT_U64(42)
102 #define LOG_IPSECKEY BIT_U64(43)
103 #define LOG_RRSIG BIT_U64(44)
104 #define LOG_NSEC BIT_U64(45)
105 #define LOG_DNSKEY BIT_U64(46)
106 #define LOG_DHCID BIT_U64(47)
107 #define LOG_NSEC3 BIT_U64(48)
108 #define LOG_NSEC3PARAM BIT_U64(49)
109 #define LOG_TLSA BIT_U64(50)
110 #define LOG_HIP BIT_U64(51)
111 #define LOG_CDS BIT_U64(52)
112 #define LOG_CDNSKEY BIT_U64(53)
113 #define LOG_SPF BIT_U64(54)
114 #define LOG_TKEY BIT_U64(55)
115 #define LOG_TSIG BIT_U64(56)
116 #define LOG_MAILA BIT_U64(57)
117 #define LOG_ANY BIT_U64(58)
118 #define LOG_URI BIT_U64(59)
119 
120 #define LOG_FORMAT_GROUPED BIT_U64(60)
121 #define LOG_FORMAT_DETAILED BIT_U64(61)
122 
123 #define LOG_FORMAT_ALL (LOG_FORMAT_GROUPED|LOG_FORMAT_DETAILED)
124 #define LOG_ALL_RRTYPES (~(uint64_t)(LOG_QUERIES|LOG_ANSWERS|LOG_FORMAT_DETAILED|LOG_FORMAT_GROUPED))
125 
126 typedef enum {
186 } DnsRRTypes;
187 
188 typedef enum {
192 
193 #define DNS_VERSION_DEFAULT DNS_VERSION_2
194 
195 static struct {
196  const char *config_rrtype;
197  uint64_t flags;
198 } dns_rrtype_fields[] = {
199  { "a", LOG_A },
200  { "ns", LOG_NS },
201  { "md", LOG_MD },
202  { "mf", LOG_MF },
203  { "cname", LOG_CNAME },
204  { "soa", LOG_SOA },
205  { "mb", LOG_MB },
206  { "mg", LOG_MG },
207  { "mr", LOG_MR },
208  { "null", LOG_NULL },
209  { "wks", LOG_WKS },
210  { "ptr", LOG_PTR },
211  { "hinfo", LOG_HINFO },
212  { "minfo", LOG_MINFO },
213  { "mx", LOG_MX },
214  { "txt", LOG_TXT },
215  { "rp", LOG_RP },
216  { "afsdb", LOG_AFSDB },
217  { "x25", LOG_X25 },
218  { "isdn", LOG_ISDN },
219  { "rt", LOG_RT },
220  { "nsap", LOG_NSAP },
221  { "nsapptr", LOG_NSAPPTR },
222  { "sig", LOG_SIG },
223  { "key", LOG_KEY },
224  { "px", LOG_PX },
225  { "gpos", LOG_GPOS },
226  { "aaaa", LOG_AAAA },
227  { "loc", LOG_LOC },
228  { "nxt", LOG_NXT },
229  { "srv", LOG_SRV },
230  { "atma", LOG_ATMA },
231  { "naptr", LOG_NAPTR },
232  { "kx", LOG_KX },
233  { "cert", LOG_CERT },
234  { "a6", LOG_A6 },
235  { "dname", LOG_DNAME },
236  { "opt", LOG_OPT },
237  { "apl", LOG_APL },
238  { "ds", LOG_DS },
239  { "sshfp", LOG_SSHFP },
240  { "ipseckey", LOG_IPSECKEY },
241  { "rrsig", LOG_RRSIG },
242  { "nsec", LOG_NSEC },
243  { "dnskey", LOG_DNSKEY },
244  { "dhcid", LOG_DHCID },
245  { "nsec3", LOG_NSEC3 },
246  { "nsec3param", LOG_NSEC3PARAM },
247  { "tlsa", LOG_TLSA },
248  { "hip", LOG_HIP },
249  { "cds", LOG_CDS },
250  { "cdnskey", LOG_CDNSKEY },
251  { "spf", LOG_SPF },
252  { "tkey", LOG_TKEY },
253  { "tsig", LOG_TSIG },
254  { "maila", LOG_MAILA },
255  { "any", LOG_ANY },
256  { "uri", LOG_URI }
257 };
258 
259 typedef struct LogDnsFileCtx_ {
261  uint64_t flags; /** Store mode */
265 
266 typedef struct LogDnsLogThread_ {
268  /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
272 
273 JsonBuilder *JsonDNSLogQuery(void *txptr, uint64_t tx_id)
274 {
275  JsonBuilder *queryjb = jb_new_array();
276  if (queryjb == NULL) {
277  return NULL;
278  }
279 
280  for (uint16_t i = 0; i < UINT16_MAX; i++) {
281  JsonBuilder *js = jb_new_object();
282  if (!rs_dns_log_json_query((void *)txptr, i, LOG_ALL_RRTYPES, js)) {
283  jb_free(js);
284  break;
285  }
286  jb_close(js);
287  jb_append_object(queryjb, js);
288  jb_free(js);
289  }
290 
291  jb_close(queryjb);
292  return queryjb;
293 }
294 
295 JsonBuilder *JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
296 {
297  if (!rs_dns_do_log_answer(txptr, LOG_ALL_RRTYPES)) {
298  return NULL;
299  } else {
300  JsonBuilder *js = jb_new_object();
301  rs_dns_log_json_answer(txptr, LOG_ALL_RRTYPES, js);
302  jb_close(js);
303  return js;
304  }
305 }
306 
307 static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
308  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
309 {
310  SCEnter();
311 
312  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
313  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
314 
315  if (unlikely(dnslog_ctx->flags & LOG_QUERIES) == 0) {
316  return TM_ECODE_OK;
317  }
318 
319  for (uint16_t i = 0; i < 0xffff; i++) {
320  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
321  if (unlikely(jb == NULL)) {
322  return TM_ECODE_OK;
323  }
324  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
325 
326  jb_open_object(jb, "dns");
327  if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
328  jb_free(jb);
329  break;
330  }
331  jb_close(jb);
332 
333  MemBufferReset(td->buffer);
334  OutputJsonBuilderBuffer(jb, td->file_ctx, &td->buffer);
335  jb_free(jb);
336  }
337 
339 }
340 
341 static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
342  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
343 {
344  SCEnter();
345 
346  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
347  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
348 
349  if (unlikely(dnslog_ctx->flags & LOG_ANSWERS) == 0) {
350  return TM_ECODE_OK;
351  }
352 
353  if (td->dnslog_ctx->version == DNS_VERSION_2) {
354  if (rs_dns_do_log_answer(txptr, td->dnslog_ctx->flags)) {
355  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
356  if (unlikely(jb == NULL)) {
357  return TM_ECODE_OK;
358  }
359  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
360 
361  jb_open_object(jb, "dns");
362  rs_dns_log_json_answer(txptr, td->dnslog_ctx->flags, jb);
363  jb_close(jb);
364  MemBufferReset(td->buffer);
365  OutputJsonBuilderBuffer(jb, td->file_ctx, &td->buffer);
366  jb_free(jb);
367  }
368  } else {
369  /* Log answers. */
370  for (uint16_t i = 0; i < UINT16_MAX; i++) {
371  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
372  if (unlikely(jb == NULL)) {
373  return TM_ECODE_OK;
374  }
375  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
376 
377  JsonBuilder *answer = rs_dns_log_json_answer_v1(txptr, i,
378  td->dnslog_ctx->flags);
379  if (answer == NULL) {
380  jb_free(jb);
381  break;
382  }
383  jb_set_object(jb, "dns", answer);
384 
385  MemBufferReset(td->buffer);
386  OutputJsonBuilderBuffer(jb, td->file_ctx, &td->buffer);
387  jb_free(jb);
388  }
389  /* Log authorities. */
390  for (uint16_t i = 0; i < UINT16_MAX; i++) {
391  JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
392  if (unlikely(jb == NULL)) {
393  return TM_ECODE_OK;
394  }
395  EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
396 
397  JsonBuilder *answer = rs_dns_log_json_authority_v1(txptr, i,
398  td->dnslog_ctx->flags);
399  if (answer == NULL) {
400  jb_free(jb);
401  break;
402  }
403  jb_set_object(jb, "dns", answer);
404 
405  MemBufferReset(td->buffer);
406  OutputJsonBuilderBuffer(jb, td->file_ctx, &td->buffer);
407  jb_free(jb);
408  }
409  }
410 
412 }
413 
414 static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
415 {
416  LogDnsLogThread *aft = SCCalloc(1, sizeof(LogDnsLogThread));
417  if (unlikely(aft == NULL))
418  return TM_ECODE_FAILED;
419 
420  if(initdata == NULL)
421  {
422  SCLogDebug("Error getting context for EveLogDNS. \"initdata\" argument NULL");
423  goto error_exit;
424  }
425 
427  if (aft->buffer == NULL) {
428  goto error_exit;
429  }
430 
431  /* Use the Ouptut Context (file pointer and mutex) */
432  aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
434  if (!aft->file_ctx) {
435  goto error_exit;
436  }
437 
438  *data = (void *)aft;
439  return TM_ECODE_OK;
440 
441 error_exit:
442  if (aft->buffer != NULL) {
443  MemBufferFree(aft->buffer);
444  }
445  SCFree(aft);
446  return TM_ECODE_FAILED;
447 }
448 
449 static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
450 {
451  LogDnsLogThread *aft = (LogDnsLogThread *)data;
452  if (aft == NULL) {
453  return TM_ECODE_OK;
454  }
455 
456  MemBufferFree(aft->buffer);
457  /* clear memory */
458  memset(aft, 0, sizeof(LogDnsLogThread));
459 
460  SCFree(aft);
461  return TM_ECODE_OK;
462 }
463 
464 static void LogDnsLogDeInitCtxSub(OutputCtx *output_ctx)
465 {
466  SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
467  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
468  SCFree(dnslog_ctx);
469  SCFree(output_ctx);
470 }
471 
472 static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
473  const char *query_key, const char *answer_key,
474  const char *answer_types_key)
475 {
476  const char *query = ConfNodeLookupChildValue(conf, query_key);
477  if (query != NULL) {
478  if (ConfValIsTrue(query)) {
479  dnslog_ctx->flags |= LOG_QUERIES;
480  } else {
481  dnslog_ctx->flags &= ~LOG_QUERIES;
482  }
483  } else {
484  if (dnslog_ctx->version == DNS_VERSION_2) {
485  dnslog_ctx->flags |= LOG_QUERIES;
486  }
487  }
488 
489  const char *response = ConfNodeLookupChildValue(conf, answer_key);
490  if (response != NULL) {
491  if (ConfValIsTrue(response)) {
492  dnslog_ctx->flags |= LOG_ANSWERS;
493  } else {
494  dnslog_ctx->flags &= ~LOG_ANSWERS;
495  }
496  } else {
497  if (dnslog_ctx->version == DNS_VERSION_2) {
498  dnslog_ctx->flags |= LOG_ANSWERS;
499  }
500  }
501 
502  ConfNode *custom;
503  if ((custom = ConfNodeLookupChild(conf, answer_types_key)) != NULL) {
504  dnslog_ctx->flags &= ~LOG_ALL_RRTYPES;
505  ConfNode *field;
506  TAILQ_FOREACH(field, &custom->head, next)
507  {
508  if (field != NULL)
509  {
510  DnsRRTypes f;
511  for (f = DNS_RRTYPE_A; f < DNS_RRTYPE_MAX; f++)
512  {
513  if (strcasecmp(dns_rrtype_fields[f].config_rrtype,
514  field->val) == 0)
515  {
516  dnslog_ctx->flags |= dns_rrtype_fields[f].flags;
517  break;
518  }
519  }
520  }
521  }
522  } else {
523  if (dnslog_ctx->version == DNS_VERSION_2) {
524  dnslog_ctx->flags |= LOG_ALL_RRTYPES;
525  }
526  }
527 }
528 
529 static DnsVersion JsonDnsParseVersion(ConfNode *conf)
530 {
531  if (conf == NULL) {
532  return DNS_VERSION_DEFAULT;
533  }
534 
536  intmax_t config_version;
537  const ConfNode *has_version = ConfNodeLookupChild(conf, "version");
538 
539  if (has_version != NULL) {
540  bool invalid = false;
541  if (ConfGetChildValueInt(conf, "version", &config_version)) {
542  switch(config_version) {
543  case 1:
545  break;
546  case 2:
548  break;
549  default:
550  invalid = true;
551  break;
552  }
553  } else {
554  invalid = true;
555  }
556  if (invalid) {
558  "invalid eve-log dns version option: %s, "
559  "defaulting to version %u",
560  has_version->val, version);
561  }
562  } else {
563  SCLogConfig("eve-log dns version not set, defaulting to version %u",
564  version);
565  }
566 
567  return version;
568 }
569 
570 static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
571 {
572  dnslog_ctx->flags = ~0UL;
573 
574  if (conf) {
575  if (dnslog_ctx->version == DNS_VERSION_1) {
576  JsonDnsLogParseConfig(dnslog_ctx, conf, "query", "answer", "custom");
577  } else {
578  JsonDnsLogParseConfig(dnslog_ctx, conf, "requests", "responses", "types");
579 
580  if (dnslog_ctx->flags & LOG_ANSWERS) {
581  ConfNode *format;
582  if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
583  dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
584  ConfNode *field;
585  TAILQ_FOREACH(field, &format->head, next) {
586  if (strcasecmp(field->val, "detailed") == 0) {
587  dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
588  } else if (strcasecmp(field->val, "grouped") == 0) {
589  dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
590  }
591  }
592  } else {
593  dnslog_ctx->flags |= LOG_FORMAT_ALL;
594  }
595  }
596  }
597  }
598 }
599 
600 static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
601 {
602  OutputInitResult result = { NULL, false };
603  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
604  if (enabled != NULL && !ConfValIsTrue(enabled)) {
605  result.ok = true;
606  return result;
607  }
608 
609  DnsVersion version = JsonDnsParseVersion(conf);
610 
611  OutputJsonCtx *ojc = parent_ctx->data;
612 
613  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
614  if (unlikely(dnslog_ctx == NULL)) {
615  return result;
616  }
617  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
618 
619  dnslog_ctx->file_ctx = ojc->file_ctx;
620  dnslog_ctx->cfg = ojc->cfg;
621 
622  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
623  if (unlikely(output_ctx == NULL)) {
624  SCFree(dnslog_ctx);
625  return result;
626  }
627 
628  output_ctx->data = dnslog_ctx;
629  output_ctx->DeInit = LogDnsLogDeInitCtxSub;
630 
631  dnslog_ctx->version = version;
632  JsonDnsLogInitFilters(dnslog_ctx, conf);
633 
634  SCLogDebug("DNS log sub-module initialized");
635 
638 
639  result.ctx = output_ctx;
640  result.ok = true;
641  return result;
642 }
643 
644 
645 #define MODULE_NAME "JsonDnsLog"
647 {
648  /* Sub-logger for requests. */
650  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
651  JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit,
652  LogDnsLogThreadDeinit, NULL);
653 
654  /* Sub-logger for replies. */
656  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
657  JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit,
658  NULL);
659 }
DNS_RRTYPE_PX
@ DNS_RRTYPE_PX
Definition: output-json-dns.c:152
ConfGetChildValueInt
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:468
tm-threads.h
DNS_RRTYPE_AAAA
@ DNS_RRTYPE_AAAA
Definition: output-json-dns.c:154
DNS_RRTYPE_GPOS
@ DNS_RRTYPE_GPOS
Definition: output-json-dns.c:153
LOG_MR
#define LOG_MR
Definition: output-json-dns.c:69
DNS_RRTYPE_TKEY
@ DNS_RRTYPE_TKEY
Definition: output-json-dns.c:180
DNS_RRTYPE_ANY
@ DNS_RRTYPE_ANY
Definition: output-json-dns.c:183
LOG_NULL
#define LOG_NULL
Definition: output-json-dns.c:70
LOG_NSEC3PARAM
#define LOG_NSEC3PARAM
Definition: output-json-dns.c:108
DNS_RRTYPE_OPT
@ DNS_RRTYPE_OPT
Definition: output-json-dns.c:164
LOG_NSEC
#define LOG_NSEC
Definition: output-json-dns.c:104
LOG_RP
#define LOG_RP
Definition: output-json-dns.c:77
LOG_GPOS
#define LOG_GPOS
Definition: output-json-dns.c:87
DNS_RRTYPE_NULL
@ DNS_RRTYPE_NULL
Definition: output-json-dns.c:136
ALPROTO_DNS
@ ALPROTO_DNS
Definition: app-layer-protos.h:41
MODULE_NAME
#define MODULE_NAME
Definition: output-json-dns.c:645
DNS_RRTYPE_MX
@ DNS_RRTYPE_MX
Definition: output-json-dns.c:141
ConfNode_::val
char * val
Definition: conf.h:34
DNS_RRTYPE_HIP
@ DNS_RRTYPE_HIP
Definition: output-json-dns.c:176
OutputJsonCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json.h:104
LOG_NXT
#define LOG_NXT
Definition: output-json-dns.c:90
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
DNS_RRTYPE_LOC
@ DNS_RRTYPE_LOC
Definition: output-json-dns.c:155
LOG_TLSA
#define LOG_TLSA
Definition: output-json-dns.c:109
DNS_RRTYPE_NS
@ DNS_RRTYPE_NS
Definition: output-json-dns.c:128
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
DNS_RRTYPE_MAX
@ DNS_RRTYPE_MAX
Definition: output-json-dns.c:185
DNS_RRTYPE_X25
@ DNS_RRTYPE_X25
Definition: output-json-dns.c:145
DnsRRTypes
DnsRRTypes
Definition: output-json-dns.c:126
JSON_OUTPUT_BUFFER_SIZE
#define JSON_OUTPUT_BUFFER_SIZE
Definition: output-json.h:63
threads.h
LOG_TKEY
#define LOG_TKEY
Definition: output-json-dns.c:114
OutputJsonCtx_
Definition: output-json.h:101
Flow_
Flow data structure.
Definition: flow.h:347
OutputJsonCommonSettings_
Definition: output-json.h:91
DNS_RRTYPE_TSIG
@ DNS_RRTYPE_TSIG
Definition: output-json-dns.c:181
LogFileCtx_
Definition: util-logopenfile.h:60
LOG_LOC
#define LOG_LOC
Definition: output-json-dns.c:89
LOG_TSIG
#define LOG_TSIG
Definition: output-json-dns.c:115
LOG_APL
#define LOG_APL
Definition: output-json-dns.c:99
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
LOG_DNSKEY
#define LOG_DNSKEY
Definition: output-json-dns.c:105
OutputJsonBuilderBuffer
int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer)
Definition: output-json.c:978
rust.h
DNS_RRTYPE_DHCID
@ DNS_RRTYPE_DHCID
Definition: output-json-dns.c:172
LOG_DNAME
#define LOG_DNAME
Definition: output-json-dns.c:97
LOGGER_JSON_DNS_TC
@ LOGGER_JSON_DNS_TC
Definition: suricata-common.h:449
util-privs.h
LOG_ANSWERS
#define LOG_ANSWERS
Definition: output-json-dns.c:59
EveAddCommonOptions
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, JsonBuilder *js)
Definition: output-json.c:444
LOG_NSEC3
#define LOG_NSEC3
Definition: output-json-dns.c:107
LOG_DS
#define LOG_DS
Definition: output-json-dns.c:100
LOG_MAILA
#define LOG_MAILA
Definition: output-json-dns.c:116
LOG_NS
#define LOG_NS
Definition: output-json-dns.c:62
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
LOG_CERT
#define LOG_CERT
Definition: output-json-dns.c:95
DNS_RRTYPE_SPF
@ DNS_RRTYPE_SPF
Definition: output-json-dns.c:179
DNS_RRTYPE_WKS
@ DNS_RRTYPE_WKS
Definition: output-json-dns.c:137
LogDnsFileCtx_::flags
uint64_t flags
Definition: output-json-dns.c:261
LOG_MD
#define LOG_MD
Definition: output-json-dns.c:63
DNS_VERSION_1
@ DNS_VERSION_1
Definition: output-json-dns.c:189
LOG_SOA
#define LOG_SOA
Definition: output-json-dns.c:66
LOG_NAPTR
#define LOG_NAPTR
Definition: output-json-dns.c:93
LOG_WKS
#define LOG_WKS
Definition: output-json-dns.c:71
util-unittest.h
LOG_CDS
#define LOG_CDS
Definition: output-json-dns.c:111
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:565
OutputCtx_::data
void * data
Definition: tm-modules.h:81
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
JsonDNSLogAnswer
JsonBuilder * JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
Definition: output-json-dns.c:295
OutputCtx_
Definition: tm-modules.h:78
LOG_URI
#define LOG_URI
Definition: output-json-dns.c:118
LOG_SRV
#define LOG_SRV
Definition: output-json-dns.c:91
LOG_HINFO
#define LOG_HINFO
Definition: output-json-dns.c:73
DNS_RRTYPE_URI
@ DNS_RRTYPE_URI
Definition: output-json-dns.c:184
DNS_RRTYPE_HINFO
@ DNS_RRTYPE_HINFO
Definition: output-json-dns.c:139
DNS_RRTYPE_NSEC
@ DNS_RRTYPE_NSEC
Definition: output-json-dns.c:170
LOG_ATMA
#define LOG_ATMA
Definition: output-json-dns.c:92
LOG_KEY
#define LOG_KEY
Definition: output-json-dns.c:85
LOG_ALL_RRTYPES
#define LOG_ALL_RRTYPES
Definition: output-json-dns.c:124
util-debug.h
DNS_RRTYPE_MF
@ DNS_RRTYPE_MF
Definition: output-json-dns.c:130
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:44
CreateEveHeader
JsonBuilder * CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr)
Definition: output-json.c:846
LOG_MINFO
#define LOG_MINFO
Definition: output-json-dns.c:74
LOG_SIG
#define LOG_SIG
Definition: output-json-dns.c:84
DNS_RRTYPE_RP
@ DNS_RRTYPE_RP
Definition: output-json-dns.c:143
output-json.h
LOG_KX
#define LOG_KX
Definition: output-json-dns.c:94
LOG_A
#define LOG_A
Definition: output-json-dns.c:61
LOG_MF
#define LOG_MF
Definition: output-json-dns.c:64
OutputRegisterTxSubModuleWithProgress
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Definition: output.c:378
LogDnsFileCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json-dns.c:263
DNS_RRTYPE_CDNSKEY
@ DNS_RRTYPE_CDNSKEY
Definition: output-json-dns.c:178
LogDnsLogThread_
Definition: output-json-dns.c:266
AppLayerParserRegisterLogger
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:456
DNS_RRTYPE_IPSECKEY
@ DNS_RRTYPE_IPSECKEY
Definition: output-json-dns.c:168
util-print.h
DNS_RRTYPE_KEY
@ DNS_RRTYPE_KEY
Definition: output-json-dns.c:151
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
DNS_RRTYPE_NSEC3PARAM
@ DNS_RRTYPE_NSEC3PARAM
Definition: output-json-dns.c:174
pkt-var.h
LOG_RT
#define LOG_RT
Definition: output-json-dns.c:81
LogFileEnsureExists
LogFileCtx * LogFileEnsureExists(LogFileCtx *parent_ctx, int thread_id)
LogFileEnsureExists() Ensure a log file context for the thread exists.
Definition: util-logopenfile.c:659
LOG_SSHFP
#define LOG_SSHFP
Definition: output-json-dns.c:101
util-time.h
OutputInitResult_::ok
bool ok
Definition: output.h:45
DNS_RRTYPE_A
@ DNS_RRTYPE_A
Definition: output-json-dns.c:127
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
DNS_RRTYPE_DNAME
@ DNS_RRTYPE_DNAME
Definition: output-json-dns.c:163
app-layer-parser.h
DNS_RRTYPE_RRSIG
@ DNS_RRTYPE_RRSIG
Definition: output-json-dns.c:169
DNS_RRTYPE_DS
@ DNS_RRTYPE_DS
Definition: output-json-dns.c:166
ThreadVars_::id
int id
Definition: threadvars.h:87
LOG_RRSIG
#define LOG_RRSIG
Definition: output-json-dns.c:103
LOG_MG
#define LOG_MG
Definition: output-json-dns.c:68
DNS_RRTYPE_MAILA
@ DNS_RRTYPE_MAILA
Definition: output-json-dns.c:182
DNS_RRTYPE_TXT
@ DNS_RRTYPE_TXT
Definition: output-json-dns.c:142
Packet_
Definition: decode.h:414
DNS_RRTYPE_AFSDB
@ DNS_RRTYPE_AFSDB
Definition: output-json-dns.c:144
DNS_RRTYPE_ATMA
@ DNS_RRTYPE_ATMA
Definition: output-json-dns.c:158
DNS_RRTYPE_KX
@ DNS_RRTYPE_KX
Definition: output-json-dns.c:160
DNS_RRTYPE_PTR
@ DNS_RRTYPE_PTR
Definition: output-json-dns.c:138
conf.h
DNS_RRTYPE_NSAP
@ DNS_RRTYPE_NSAP
Definition: output-json-dns.c:148
LogDnsLogThread_::file_ctx
LogFileCtx * file_ctx
Definition: output-json-dns.c:269
LOG_ANY
#define LOG_ANY
Definition: output-json-dns.c:117
TmEcode
TmEcode
Definition: tm-threads-common.h:79
LOG_MB
#define LOG_MB
Definition: output-json-dns.c:67
LogDnsFileCtx_
Definition: output-json-dns.c:259
LOG_PTR
#define LOG_PTR
Definition: output-json-dns.c:72
DNS_RRTYPE_ISDN
@ DNS_RRTYPE_ISDN
Definition: output-json-dns.c:146
util-proto-name.h
MemBuffer_
Definition: util-buffer.h:27
DNS_RRTYPE_TLSA
@ DNS_RRTYPE_TLSA
Definition: output-json-dns.c:175
DNS_RRTYPE_NSEC3
@ DNS_RRTYPE_NSEC3
Definition: output-json-dns.c:173
DNS_VERSION_2
@ DNS_VERSION_2
Definition: output-json-dns.c:190
DNS_RRTYPE_A6
@ DNS_RRTYPE_A6
Definition: output-json-dns.c:162
DNS_RRTYPE_CERT
@ DNS_RRTYPE_CERT
Definition: output-json-dns.c:161
LogDnsFileCtx_::version
DnsVersion version
Definition: output-json-dns.c:262
ConfNodeLookupChild
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:814
LOG_HIP
#define LOG_HIP
Definition: output-json-dns.c:110
util-mem.h
LOG_NSAP
#define LOG_NSAP
Definition: output-json-dns.c:82
MemBufferReset
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
Definition: util-buffer.h:42
LOG_AAAA
#define LOG_AAAA
Definition: output-json-dns.c:88
LOG_DHCID
#define LOG_DHCID
Definition: output-json-dns.c:106
OutputInitResult_
Definition: output.h:43
DNS_RRTYPE_SIG
@ DNS_RRTYPE_SIG
Definition: output-json-dns.c:150
DNS_RRTYPE_NXT
@ DNS_RRTYPE_NXT
Definition: output-json-dns.c:156
LOG_CNAME
#define LOG_CNAME
Definition: output-json-dns.c:65
suricata-common.h
OutputCtx_::DeInit
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
MemBufferFree
void MemBufferFree(MemBuffer *buffer)
Definition: util-buffer.c:82
version
uint8_t version
Definition: decode-gre.h:1
LogDnsFileCtx
struct LogDnsFileCtx_ LogDnsFileCtx
LOG_QUERIES
#define LOG_QUERIES
Definition: output-json-dns.c:58
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
LogDnsLogThread_::buffer
MemBuffer * buffer
Definition: output-json-dns.c:270
LOG_FORMAT_GROUPED
#define LOG_FORMAT_GROUPED
Definition: output-json-dns.c:120
LogDnsLogThread
struct LogDnsLogThread_ LogDnsLogThread
threadvars.h
LOG_DIR_FLOW
@ LOG_DIR_FLOW
Definition: output-json.h:40
output-json-dns.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
LOG_NSAPPTR
#define LOG_NSAPPTR
Definition: output-json-dns.c:83
DNS_VERSION_DEFAULT
#define DNS_VERSION_DEFAULT
Definition: output-json-dns.c:193
DNS_RRTYPE_DNSKEY
@ DNS_RRTYPE_DNSKEY
Definition: output-json-dns.c:171
JsonDnsLogRegister
void JsonDnsLogRegister(void)
Definition: output-json-dns.c:646
DNS_RRTYPE_MG
@ DNS_RRTYPE_MG
Definition: output-json-dns.c:134
LOG_CDNSKEY
#define LOG_CDNSKEY
Definition: output-json-dns.c:112
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DNS_RRTYPE_MR
@ DNS_RRTYPE_MR
Definition: output-json-dns.c:135
ConfNode_
Definition: conf.h:32
LOG_ISDN
#define LOG_ISDN
Definition: output-json-dns.c:80
util-logopenfile.h
LOG_OPT
#define LOG_OPT
Definition: output-json-dns.c:98
util-buffer.h
DNS_RRTYPE_SOA
@ DNS_RRTYPE_SOA
Definition: output-json-dns.c:132
DNS_RRTYPE_RT
@ DNS_RRTYPE_RT
Definition: output-json-dns.c:147
OutputJsonCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json.h:102
JsonDNSLogQuery
JsonBuilder * JsonDNSLogQuery(void *txptr, uint64_t tx_id)
Definition: output-json-dns.c:273
LOG_X25
#define LOG_X25
Definition: output-json-dns.c:79
LOG_MX
#define LOG_MX
Definition: output-json-dns.c:75
DNS_RRTYPE_APL
@ DNS_RRTYPE_APL
Definition: output-json-dns.c:165
DNS_RRTYPE_SSHFP
@ DNS_RRTYPE_SSHFP
Definition: output-json-dns.c:167
LOG_FORMAT_DETAILED
#define LOG_FORMAT_DETAILED
Definition: output-json-dns.c:121
DnsVersion
DnsVersion
Definition: output-json-dns.c:188
DNS_RRTYPE_NSAPPTR
@ DNS_RRTYPE_NSAPPTR
Definition: output-json-dns.c:149
DNS_RRTYPE_MB
@ DNS_RRTYPE_MB
Definition: output-json-dns.c:133
DNS_RRTYPE_CDS
@ DNS_RRTYPE_CDS
Definition: output-json-dns.c:177
LOG_FORMAT_ALL
#define LOG_FORMAT_ALL
Definition: output-json-dns.c:123
LOG_TXT
#define LOG_TXT
Definition: output-json-dns.c:76
LOGGER_JSON_DNS_TS
@ LOGGER_JSON_DNS_TS
Definition: suricata-common.h:448
flags
uint64_t flags
Definition: output-json-dns.c:197
LogDnsFileCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json-dns.c:260
LOG_IPSECKEY
#define LOG_IPSECKEY
Definition: output-json-dns.c:102
DNS_RRTYPE_MD
@ DNS_RRTYPE_MD
Definition: output-json-dns.c:129
DNS_RRTYPE_NAPTR
@ DNS_RRTYPE_NAPTR
Definition: output-json-dns.c:159
DNS_RRTYPE_SRV
@ DNS_RRTYPE_SRV
Definition: output-json-dns.c:157
DNS_RRTYPE_MINFO
@ DNS_RRTYPE_MINFO
Definition: output-json-dns.c:140
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
LogDnsLogThread_::dnslog_ctx
LogDnsFileCtx * dnslog_ctx
Definition: output-json-dns.c:267
LOG_A6
#define LOG_A6
Definition: output-json-dns.c:96
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
MemBufferCreateNew
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition: util-buffer.c:32
debug.h
output.h
DNS_RRTYPE_CNAME
@ DNS_RRTYPE_CNAME
Definition: output-json-dns.c:131
LOG_PX
#define LOG_PX
Definition: output-json-dns.c:86
LOG_SPF
#define LOG_SPF
Definition: output-json-dns.c:113
app-layer.h
config_rrtype
const char * config_rrtype
Definition: output-json-dns.c:196
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:842
LOG_AFSDB
#define LOG_AFSDB
Definition: output-json-dns.c:78