suricata
output-json-dns.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  *
23  * Implements JSON DNS logging portion of the engine.
24  */
25 
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31 
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 
36 #include "util-print.h"
37 #include "util-unittest.h"
38 
39 #include "util-debug.h"
40 #include "util-mem.h"
41 #include "app-layer-parser.h"
42 #include "output.h"
43 #include "app-layer-dns-udp.h"
44 #include "app-layer.h"
45 #include "util-privs.h"
46 #include "util-buffer.h"
47 #include "util-proto-name.h"
48 #include "util-logopenfile.h"
49 #include "util-time.h"
50 
51 #include "output-json.h"
52 #include "output-json-dns.h"
53 
54 #include "rust-dns-log-gen.h"
55 
56 /* we can do query logging as well, but it's disabled for now as the
57  * TX id handling doesn't expect it */
58 #define QUERY 0
59 
60 #define LOG_QUERIES BIT_U64(0)
61 #define LOG_ANSWERS BIT_U64(1)
62 
63 #define LOG_A BIT_U64(2)
64 #define LOG_NS BIT_U64(3)
65 #define LOG_MD BIT_U64(4)
66 #define LOG_MF BIT_U64(5)
67 #define LOG_CNAME BIT_U64(6)
68 #define LOG_SOA BIT_U64(7)
69 #define LOG_MB BIT_U64(8)
70 #define LOG_MG BIT_U64(9)
71 #define LOG_MR BIT_U64(10)
72 #define LOG_NULL BIT_U64(11)
73 #define LOG_WKS BIT_U64(12)
74 #define LOG_PTR BIT_U64(13)
75 #define LOG_HINFO BIT_U64(14)
76 #define LOG_MINFO BIT_U64(15)
77 #define LOG_MX BIT_U64(16)
78 #define LOG_TXT BIT_U64(17)
79 #define LOG_RP BIT_U64(18)
80 #define LOG_AFSDB BIT_U64(19)
81 #define LOG_X25 BIT_U64(20)
82 #define LOG_ISDN BIT_U64(21)
83 #define LOG_RT BIT_U64(22)
84 #define LOG_NSAP BIT_U64(23)
85 #define LOG_NSAPPTR BIT_U64(24)
86 #define LOG_SIG BIT_U64(25)
87 #define LOG_KEY BIT_U64(26)
88 #define LOG_PX BIT_U64(27)
89 #define LOG_GPOS BIT_U64(28)
90 #define LOG_AAAA BIT_U64(29)
91 #define LOG_LOC BIT_U64(30)
92 #define LOG_NXT BIT_U64(31)
93 #define LOG_SRV BIT_U64(32)
94 #define LOG_ATMA BIT_U64(33)
95 #define LOG_NAPTR BIT_U64(34)
96 #define LOG_KX BIT_U64(35)
97 #define LOG_CERT BIT_U64(36)
98 #define LOG_A6 BIT_U64(37)
99 #define LOG_DNAME BIT_U64(38)
100 #define LOG_OPT BIT_U64(39)
101 #define LOG_APL BIT_U64(40)
102 #define LOG_DS BIT_U64(41)
103 #define LOG_SSHFP BIT_U64(42)
104 #define LOG_IPSECKEY BIT_U64(43)
105 #define LOG_RRSIG BIT_U64(44)
106 #define LOG_NSEC BIT_U64(45)
107 #define LOG_DNSKEY BIT_U64(46)
108 #define LOG_DHCID BIT_U64(47)
109 #define LOG_NSEC3 BIT_U64(48)
110 #define LOG_NSEC3PARAM BIT_U64(49)
111 #define LOG_TLSA BIT_U64(50)
112 #define LOG_HIP BIT_U64(51)
113 #define LOG_CDS BIT_U64(52)
114 #define LOG_CDNSKEY BIT_U64(53)
115 #define LOG_SPF BIT_U64(54)
116 #define LOG_TKEY BIT_U64(55)
117 #define LOG_TSIG BIT_U64(56)
118 #define LOG_MAILA BIT_U64(57)
119 #define LOG_ANY BIT_U64(58)
120 #define LOG_URI BIT_U64(59)
121 
122 #define LOG_FORMAT_GROUPED BIT_U64(60)
123 #define LOG_FORMAT_DETAILED BIT_U64(61)
124 
125 #define LOG_FORMAT_ALL (LOG_FORMAT_GROUPED|LOG_FORMAT_DETAILED)
126 #define LOG_ALL_RRTYPES (~(uint64_t)(LOG_QUERIES|LOG_ANSWERS|LOG_FORMAT_DETAILED|LOG_FORMAT_GROUPED))
127 
128 typedef enum {
188 } DnsRRTypes;
189 
190 typedef enum {
193 } DnsVersion;
194 
195 #define DNS_VERSION_DEFAULT DNS_VERSION_2
196 
197 static struct {
198  const char *config_rrtype;
199  uint64_t flags;
200 } dns_rrtype_fields[] = {
201  { "a", LOG_A },
202  { "ns", LOG_NS },
203  { "md", LOG_MD },
204  { "mf", LOG_MF },
205  { "cname", LOG_CNAME },
206  { "soa", LOG_SOA },
207  { "mb", LOG_MB },
208  { "mg", LOG_MG },
209  { "mr", LOG_MR },
210  { "null", LOG_NULL },
211  { "wks", LOG_WKS },
212  { "ptr", LOG_PTR },
213  { "hinfo", LOG_HINFO },
214  { "minfo", LOG_MINFO },
215  { "mx", LOG_MX },
216  { "txt", LOG_TXT },
217  { "rp", LOG_RP },
218  { "afsdb", LOG_AFSDB },
219  { "x25", LOG_X25 },
220  { "isdn", LOG_ISDN },
221  { "rt", LOG_RT },
222  { "nsap", LOG_NSAP },
223  { "nsapptr", LOG_NSAPPTR },
224  { "sig", LOG_SIG },
225  { "key", LOG_KEY },
226  { "px", LOG_PX },
227  { "gpos", LOG_GPOS },
228  { "aaaa", LOG_AAAA },
229  { "loc", LOG_LOC },
230  { "nxt", LOG_NXT },
231  { "srv", LOG_SRV },
232  { "atma", LOG_ATMA },
233  { "naptr", LOG_NAPTR },
234  { "kx", LOG_KX },
235  { "cert", LOG_CERT },
236  { "a6", LOG_A6 },
237  { "dname", LOG_DNAME },
238  { "opt", LOG_OPT },
239  { "apl", LOG_APL },
240  { "ds", LOG_DS },
241  { "sshfp", LOG_SSHFP },
242  { "ipseckey", LOG_IPSECKEY },
243  { "rrsig", LOG_RRSIG },
244  { "nsec", LOG_NSEC },
245  { "dnskey", LOG_DNSKEY },
246  { "dhcid", LOG_DHCID },
247  { "nsec3", LOG_NSEC3 },
248  { "nsec3param", LOG_NSEC3PARAM },
249  { "tlsa", LOG_TLSA },
250  { "hip", LOG_HIP },
251  { "cds", LOG_CDS },
252  { "cdnskey", LOG_CDNSKEY },
253  { "spf", LOG_SPF },
254  { "tkey", LOG_TKEY },
255  { "tsig", LOG_TSIG },
256  { "maila", LOG_MAILA },
257  { "any", LOG_ANY },
258  { "uri", LOG_URI }
259 };
260 
261 typedef struct LogDnsFileCtx_ {
263  uint64_t flags; /** Store mode */
265  OutputJsonCommonSettings cfg;
266 } LogDnsFileCtx;
267 
268 typedef struct LogDnsLogThread_ {
270  /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
271  uint32_t dns_cnt;
272 
275 
276 json_t *JsonDNSLogQuery(void *txptr, uint64_t tx_id)
277 {
278  json_t *queryjs = json_array();
279  if (queryjs == NULL)
280  return NULL;
281 
282  for (uint16_t i = 0; i < UINT16_MAX; i++) {
283  json_t *dns = rs_dns_log_json_query((void *)txptr, i, LOG_ALL_RRTYPES);
284  if (unlikely(dns == NULL)) {
285  break;
286  }
287  json_array_append_new(queryjs, dns);
288  }
289 
290  return queryjs;
291 }
292 
293 json_t *JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
294 {
295  return rs_dns_log_json_answer(txptr, LOG_ALL_RRTYPES);
296 }
297 
298 static int JsonDnsLoggerToServer(ThreadVars *tv, void *thread_data,
299  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
300 {
301  SCEnter();
302 
303  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
304  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
305  json_t *js;
306 
307  if (unlikely(dnslog_ctx->flags & LOG_QUERIES) == 0) {
308  return TM_ECODE_OK;
309  }
310 
311  for (uint16_t i = 0; i < 0xffff; i++) {
312  js = CreateJSONHeader(p, LOG_DIR_PACKET, "dns");
313  if (unlikely(js == NULL)) {
314  return TM_ECODE_OK;
315  }
316  JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js);
317 
318  json_t *dns = rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags);
319  if (unlikely(dns == NULL)) {
320  json_decref(js);
321  break;
322  }
323  json_object_set_new(js, "dns", dns);
324  MemBufferReset(td->buffer);
325  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
326  json_decref(js);
327  }
328 
330 }
331 
332 static int JsonDnsLoggerToClient(ThreadVars *tv, void *thread_data,
333  const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
334 {
335  SCEnter();
336 
337  LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
338  LogDnsFileCtx *dnslog_ctx = td->dnslog_ctx;
339 
340  if (unlikely(dnslog_ctx->flags & LOG_ANSWERS) == 0) {
341  return TM_ECODE_OK;
342  }
343 
344  json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "dns");
345  if (unlikely(js == NULL))
346  return TM_ECODE_OK;
347 
348  JsonAddCommonOptions(&dnslog_ctx->cfg, p, f, js);
349 
350  if (td->dnslog_ctx->version == DNS_VERSION_2) {
351  json_t *answer = rs_dns_log_json_answer(txptr,
352  td->dnslog_ctx->flags);
353  if (answer != NULL) {
354  json_object_set_new(js, "dns", answer);
355  MemBufferReset(td->buffer);
356  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
357  }
358  } else {
359  /* Log answers. */
360  for (uint16_t i = 0; i < UINT16_MAX; i++) {
361  json_t *answer = rs_dns_log_json_answer_v1(txptr, i,
362  td->dnslog_ctx->flags);
363  if (answer == NULL) {
364  break;
365  }
366  json_object_set_new(js, "dns", answer);
367  MemBufferReset(td->buffer);
368  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
369  json_object_del(js, "dns");
370  }
371  /* Log authorities. */
372  for (uint16_t i = 0; i < UINT16_MAX; i++) {
373  json_t *answer = rs_dns_log_json_authority_v1(txptr, i,
374  td->dnslog_ctx->flags);
375  if (answer == NULL) {
376  break;
377  }
378  json_object_set_new(js, "dns", answer);
379  MemBufferReset(td->buffer);
380  OutputJSONBuffer(js, td->dnslog_ctx->file_ctx, &td->buffer);
381  json_object_del(js, "dns");
382  }
383  }
384 
385  json_decref(js);
386 
388 }
389 
390 static TmEcode LogDnsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
391 {
392  LogDnsLogThread *aft = SCMalloc(sizeof(LogDnsLogThread));
393  if (unlikely(aft == NULL))
394  return TM_ECODE_FAILED;
395  memset(aft, 0, sizeof(LogDnsLogThread));
396 
397  if(initdata == NULL)
398  {
399  SCLogDebug("Error getting context for EveLogDNS. \"initdata\" argument NULL");
400  SCFree(aft);
401  return TM_ECODE_FAILED;
402  }
403 
404  aft->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
405  if (aft->buffer == NULL) {
406  SCFree(aft);
407  return TM_ECODE_FAILED;
408  }
409 
410  /* Use the Ouptut Context (file pointer and mutex) */
411  aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
412 
413  *data = (void *)aft;
414  return TM_ECODE_OK;
415 }
416 
417 static TmEcode LogDnsLogThreadDeinit(ThreadVars *t, void *data)
418 {
419  LogDnsLogThread *aft = (LogDnsLogThread *)data;
420  if (aft == NULL) {
421  return TM_ECODE_OK;
422  }
423 
424  MemBufferFree(aft->buffer);
425  /* clear memory */
426  memset(aft, 0, sizeof(LogDnsLogThread));
427 
428  SCFree(aft);
429  return TM_ECODE_OK;
430 }
431 
432 static void LogDnsLogDeInitCtx(OutputCtx *output_ctx)
433 {
434  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
435  LogFileFreeCtx(dnslog_ctx->file_ctx);
436  SCFree(dnslog_ctx);
437  SCFree(output_ctx);
438 }
439 
440 static void LogDnsLogDeInitCtxSub(OutputCtx *output_ctx)
441 {
442  SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
443  LogDnsFileCtx *dnslog_ctx = (LogDnsFileCtx *)output_ctx->data;
444  SCFree(dnslog_ctx);
445  SCFree(output_ctx);
446 }
447 
448 static void JsonDnsLogParseConfig(LogDnsFileCtx *dnslog_ctx, ConfNode *conf,
449  const char *query_key, const char *answer_key,
450  const char *answer_types_key)
451 {
452  const char *query = ConfNodeLookupChildValue(conf, query_key);
453  if (query != NULL) {
454  if (ConfValIsTrue(query)) {
455  dnslog_ctx->flags |= LOG_QUERIES;
456  } else {
457  dnslog_ctx->flags &= ~LOG_QUERIES;
458  }
459  } else {
460  if (dnslog_ctx->version == DNS_VERSION_2) {
461  dnslog_ctx->flags |= LOG_QUERIES;
462  }
463  }
464 
465  const char *response = ConfNodeLookupChildValue(conf, answer_key);
466  if (response != NULL) {
467  if (ConfValIsTrue(response)) {
468  dnslog_ctx->flags |= LOG_ANSWERS;
469  } else {
470  dnslog_ctx->flags &= ~LOG_ANSWERS;
471  }
472  } else {
473  if (dnslog_ctx->version == DNS_VERSION_2) {
474  dnslog_ctx->flags |= LOG_ANSWERS;
475  }
476  }
477 
478  ConfNode *custom;
479  if ((custom = ConfNodeLookupChild(conf, answer_types_key)) != NULL) {
480  dnslog_ctx->flags &= ~LOG_ALL_RRTYPES;
481  ConfNode *field;
482  TAILQ_FOREACH(field, &custom->head, next)
483  {
484  if (field != NULL)
485  {
486  DnsRRTypes f;
487  for (f = DNS_RRTYPE_A; f < DNS_RRTYPE_MAX; f++)
488  {
489  if (strcasecmp(dns_rrtype_fields[f].config_rrtype,
490  field->val) == 0)
491  {
492  dnslog_ctx->flags |= dns_rrtype_fields[f].flags;
493  break;
494  }
495  }
496  }
497  }
498  } else {
499  if (dnslog_ctx->version == DNS_VERSION_2) {
500  dnslog_ctx->flags |= LOG_ALL_RRTYPES;
501  }
502  }
503 }
504 
505 static DnsVersion JsonDnsParseVersion(ConfNode *conf)
506 {
507  if (conf == NULL) {
508  return DNS_VERSION_DEFAULT;
509  }
510 
512  intmax_t config_version;
513  if (ConfGetChildValueInt(conf, "version", &config_version)) {
514  switch(config_version) {
515  case 1:
516  version = DNS_VERSION_1;
517  break;
518  case 2:
519  version = DNS_VERSION_2;
520  break;
521  default:
523  "invalid eve-log dns version option: %"PRIuMAX", "
524  "forcing it to version %u",
525  config_version, DNS_VERSION_DEFAULT);
526  version = DNS_VERSION_DEFAULT;
527  break;
528  }
529  } else {
531  "eve-log dns version not found, forcing it to version %u",
533  version = DNS_VERSION_DEFAULT;
534  }
535  return version;
536 }
537 
538 static void JsonDnsLogInitFilters(LogDnsFileCtx *dnslog_ctx, ConfNode *conf)
539 {
540  dnslog_ctx->flags = ~0UL;
541 
542  if (conf) {
543  if (dnslog_ctx->version == DNS_VERSION_1) {
544  JsonDnsLogParseConfig(dnslog_ctx, conf, "query", "answer", "custom");
545  } else {
546  JsonDnsLogParseConfig(dnslog_ctx, conf, "requests", "responses", "types");
547 
548  if (dnslog_ctx->flags & LOG_ANSWERS) {
549  ConfNode *format;
550  if ((format = ConfNodeLookupChild(conf, "formats")) != NULL) {
551  dnslog_ctx->flags &= ~LOG_FORMAT_ALL;
552  ConfNode *field;
553  TAILQ_FOREACH(field, &format->head, next) {
554  if (strcasecmp(field->val, "detailed") == 0) {
555  dnslog_ctx->flags |= LOG_FORMAT_DETAILED;
556  } else if (strcasecmp(field->val, "grouped") == 0) {
557  dnslog_ctx->flags |= LOG_FORMAT_GROUPED;
558  }
559  }
560  } else {
561  dnslog_ctx->flags |= LOG_FORMAT_ALL;
562  }
563  }
564  }
565  }
566 }
567 
568 static OutputInitResult JsonDnsLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
569 {
570  OutputInitResult result = { NULL, false };
571  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
572  if (enabled != NULL && !ConfValIsTrue(enabled)) {
573  result.ok = true;
574  return result;
575  }
576 
577  DnsVersion version = JsonDnsParseVersion(conf);
578 
579  OutputJsonCtx *ojc = parent_ctx->data;
580 
581  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
582  if (unlikely(dnslog_ctx == NULL)) {
583  return result;
584  }
585  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
586 
587  dnslog_ctx->file_ctx = ojc->file_ctx;
588  dnslog_ctx->cfg = ojc->cfg;
589 
590  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
591  if (unlikely(output_ctx == NULL)) {
592  SCFree(dnslog_ctx);
593  return result;
594  }
595 
596  output_ctx->data = dnslog_ctx;
597  output_ctx->DeInit = LogDnsLogDeInitCtxSub;
598 
599  dnslog_ctx->version = version;
600  JsonDnsLogInitFilters(dnslog_ctx, conf);
601 
602  SCLogDebug("DNS log sub-module initialized");
603 
606 
607  result.ctx = output_ctx;
608  result.ok = true;
609  return result;
610 }
611 
612 #define DEFAULT_LOG_FILENAME "dns.json"
613 /** \brief Create a new dns log LogFileCtx.
614  * \param conf Pointer to ConfNode containing this loggers configuration.
615  * \return NULL if failure, LogFileCtx* to the file_ctx if succesful
616  * */
617 static OutputInitResult JsonDnsLogInitCtx(ConfNode *conf)
618 {
619  OutputInitResult result = { NULL, false };
620  const char *enabled = ConfNodeLookupChildValue(conf, "enabled");
621  if (enabled != NULL && !ConfValIsTrue(enabled)) {
622  return result;
623  }
624 
625  DnsVersion version = JsonDnsParseVersion(conf);
626 
628 
629  if(file_ctx == NULL) {
630  SCLogError(SC_ERR_DNS_LOG_GENERIC, "couldn't create new file_ctx");
631  return result;
632  }
633 
634  if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
635  LogFileFreeCtx(file_ctx);
636  return result;
637  }
638 
639  LogDnsFileCtx *dnslog_ctx = SCMalloc(sizeof(LogDnsFileCtx));
640  if (unlikely(dnslog_ctx == NULL)) {
641  LogFileFreeCtx(file_ctx);
642  return result;
643  }
644  memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
645 
646  dnslog_ctx->file_ctx = file_ctx;
647 
648  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
649  if (unlikely(output_ctx == NULL)) {
650  LogFileFreeCtx(file_ctx);
651  SCFree(dnslog_ctx);
652  return result;
653  }
654 
655  output_ctx->data = dnslog_ctx;
656  output_ctx->DeInit = LogDnsLogDeInitCtx;
657 
658  dnslog_ctx->version = version;
659  JsonDnsLogInitFilters(dnslog_ctx, conf);
660 
661  SCLogDebug("DNS log output initialized");
662 
665 
666  result.ctx = output_ctx;
667  result.ok = true;
668  return result;
669 }
670 
671 
672 #define MODULE_NAME "JsonDnsLog"
674 {
675  /* Logger for requests. */
677  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer,
678  0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
679 
680  /* Logger for replies. */
682  "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient,
683  1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL);
684 
685  /* Sub-logger for requests. */
687  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
688  JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit,
689  LogDnsLogThreadDeinit, NULL);
690 
691  /* Sub-logger for replies. */
693  MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS,
694  JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit,
695  NULL);
696 }
DnsRRTypes
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition: util-buffer.c:32
#define LOG_MF
#define LOG_PX
#define LOG_TKEY
#define LOG_DHCID
#define LOG_GPOS
#define SCLogDebug(...)
Definition: util-debug.h:335
#define LOG_NXT
#define LOG_NSAP
#define LOG_FORMAT_ALL
#define LOG_MD
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
struct HtpBodyChunk_ * next
#define LOG_SSHFP
#define LOG_SPF
#define DNS_VERSION_DEFAULT
#define LOG_CNAME
#define LOG_HINFO
#define LOG_NSEC3
#define LOG_AFSDB
#define LOG_ALL_RRTYPES
#define LOG_URI
#define LOG_TLSA
#define unlikely(expr)
Definition: util-optimize.h:35
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
Definition: util-buffer.h:42
#define LOG_SIG
#define LOG_PTR
#define LOG_FORMAT_DETAILED
#define LOG_MX
#define LOG_AAAA
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
#define LOG_CDS
#define LOG_CERT
char * val
Definition: conf.h:34
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
Definition: conf.c:815
#define LOG_KX
#define LOG_SRV
#define MODULE_NAME
#define LOG_RP
void JsonDnsLogRegister(void)
#define LOG_NSAPPTR
#define LOG_QUERIES
#define LOG_MG
#define SCCalloc(nm, a)
Definition: util-mem.h:253
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:843
#define LOG_ATMA
#define LOG_MR
#define LOG_LOC
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
struct LogDnsFileCtx_ LogDnsFileCtx
void AppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
#define LOG_NSEC3PARAM
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a tx output module with progress.
Definition: output.c:358
DnsVersion
#define SCEnter(...)
Definition: util-debug.h:337
#define LOG_ANSWERS
#define LOG_NS
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
#define LOG_TXT
LogFileCtx * file_ctx
int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
#define LOG_NULL
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Definition: output.c:369
#define SCReturnInt(x)
Definition: util-debug.h:341
#define LOG_FORMAT_GROUPED
#define LOG_MB
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
#define LOG_WKS
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:566
#define LOG_KEY
#define LOG_RRSIG
MemBuffer * buffer
Definition: conf.h:32
OutputCtx * ctx
Definition: output.h:42
#define SCMalloc(a)
Definition: util-mem.h:222
#define LOG_CDNSKEY
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
#define SCFree(a)
Definition: util-mem.h:322
struct LogDnsLogThread_ LogDnsLogThread
uint16_t tx_id
#define DEFAULT_LOG_FILENAME
#define LOG_A
void * data
Definition: tm-modules.h:81
#define LOG_MAILA
OutputJsonCommonSettings cfg
#define LOG_DNSKEY
#define LOG_RT
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:469
json_t * JsonDNSLogAnswer(void *txptr, uint64_t tx_id)
#define LOG_NSEC
#define LOG_MINFO
json_t * JsonDNSLogQuery(void *txptr, uint64_t tx_id)
const char * config_rrtype
#define LOG_DS
Per thread variable structure.
Definition: threadvars.h:57
#define LOG_APL
DnsVersion version
#define LOG_NAPTR
#define LOG_DNAME
#define LOG_HIP
Flow data structure.
Definition: flow.h:325
#define LOG_TSIG
#define LOG_OPT
uint64_t flags
#define LOG_A6
#define LOG_ANY
void MemBufferFree(MemBuffer *buffer)
Definition: util-buffer.c:82
#define LOG_IPSECKEY
LogDnsFileCtx * dnslog_ctx
#define LOG_ISDN
#define LOG_SOA
#define LOG_X25