#include "suricata-common.h"
#include "app-layer-parser.h"
#include "app-layer-ssl.h"
#include "app-layer.h"
#include "conf.h"
#include "output-json-tls.h"
#include "output-json.h"
#include "output.h"
#include "threadvars.h"
#include "util-debug.h"
#include "util-ja3.h"
#include "util-ja4.h"
#include "util-time.h"

Include dependency graph for output-json-tls.c:

Data Structures
struct	TlsFields

struct	OutputTlsCtx_

struct	JsonTlsLogThread_

Macros
#define	LOG_TLS_FIELD_VERSION BIT_U64(0)

#define	LOG_TLS_FIELD_SUBJECT BIT_U64(1)

#define	LOG_TLS_FIELD_ISSUER BIT_U64(2)

#define	LOG_TLS_FIELD_SERIAL BIT_U64(3)

#define	LOG_TLS_FIELD_FINGERPRINT BIT_U64(4)

#define	LOG_TLS_FIELD_NOTBEFORE BIT_U64(5)

#define	LOG_TLS_FIELD_NOTAFTER BIT_U64(6)

#define	LOG_TLS_FIELD_SNI BIT_U64(7)

#define	LOG_TLS_FIELD_CERTIFICATE BIT_U64(8)

#define	LOG_TLS_FIELD_CHAIN BIT_U64(9)

#define	LOG_TLS_FIELD_SESSION_RESUMED BIT_U64(10)

#define	LOG_TLS_FIELD_JA3 BIT_U64(11)

#define	LOG_TLS_FIELD_JA3S BIT_U64(12)

#define	LOG_TLS_FIELD_CLIENT BIT_U64(13)

#define	LOG_TLS_FIELD_CLIENT_CERT BIT_U64(14)

#define	LOG_TLS_FIELD_CLIENT_CHAIN BIT_U64(15)

#define	LOG_TLS_FIELD_JA4 BIT_U64(16)

#define	LOG_TLS_FIELD_SUBJECTALTNAME BIT_U64(17)

#define	LOG_TLS_FIELD_CLIENT_ALPNS BIT_U64(18)

#define	LOG_TLS_FIELD_SERVER_ALPNS BIT_U64(19)

#define	BASIC_FIELDS

#define	EXTENDED_FIELDS

Typedefs
typedef struct OutputTlsCtx_	OutputTlsCtx

typedef struct JsonTlsLogThread_	JsonTlsLogThread

Functions
bool	JsonTlsLogJSONExtended (void vtx, SCJsonBuilder tjs)

void	JsonTlsLogRegister (void)

Variables
TlsFields	tls_fields []

Detailed Description

Author: Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Implements TLS JSON logging portion of the engine.

Definition in file output-json-tls.c.

Macro Definition Documentation

◆ BASIC_FIELDS

#define BASIC_FIELDS

Value:

    (LOG_TLS_FIELD_SUBJECT |                    \
     LOG_TLS_FIELD_ISSUER |                     \
     LOG_TLS_FIELD_SUBJECTALTNAME)

Definition at line 95 of file output-json-tls.c.

◆ EXTENDED_FIELDS

#define EXTENDED_FIELDS

Value:

    (BASIC_FIELDS |                             \
     LOG_TLS_FIELD_VERSION |                    \
     LOG_TLS_FIELD_SERIAL |                     \
     LOG_TLS_FIELD_FINGERPRINT |                \
     LOG_TLS_FIELD_NOTBEFORE |                  \
     LOG_TLS_FIELD_NOTAFTER |                   \
     LOG_TLS_FIELD_JA3 |                        \
     LOG_TLS_FIELD_JA3S |                       \
     LOG_TLS_FIELD_JA4 |                        \
     LOG_TLS_FIELD_CLIENT |                     \
     LOG_TLS_FIELD_CLIENT_ALPNS |               \
     LOG_TLS_FIELD_SERVER_ALPNS |               \
     LOG_TLS_FIELD_SNI)

Definition at line 102 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CERTIFICATE

#define LOG_TLS_FIELD_CERTIFICATE BIT_U64(8)

Definition at line 50 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CHAIN

#define LOG_TLS_FIELD_CHAIN BIT_U64(9)

Definition at line 51 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CLIENT

#define LOG_TLS_FIELD_CLIENT BIT_U64(13)

client fields (issuer, subject, etc)

Definition at line 55 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CLIENT_ALPNS

#define LOG_TLS_FIELD_CLIENT_ALPNS BIT_U64(18)

Definition at line 60 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CLIENT_CERT

#define LOG_TLS_FIELD_CLIENT_CERT BIT_U64(14)

Definition at line 56 of file output-json-tls.c.

◆ LOG_TLS_FIELD_CLIENT_CHAIN

#define LOG_TLS_FIELD_CLIENT_CHAIN BIT_U64(15)

Definition at line 57 of file output-json-tls.c.

◆ LOG_TLS_FIELD_FINGERPRINT

#define LOG_TLS_FIELD_FINGERPRINT BIT_U64(4)

Definition at line 46 of file output-json-tls.c.

◆ LOG_TLS_FIELD_ISSUER

#define LOG_TLS_FIELD_ISSUER BIT_U64(2)

Definition at line 44 of file output-json-tls.c.

◆ LOG_TLS_FIELD_JA3

#define LOG_TLS_FIELD_JA3 BIT_U64(11)

Definition at line 53 of file output-json-tls.c.

◆ LOG_TLS_FIELD_JA3S

#define LOG_TLS_FIELD_JA3S BIT_U64(12)

Definition at line 54 of file output-json-tls.c.

◆ LOG_TLS_FIELD_JA4

#define LOG_TLS_FIELD_JA4 BIT_U64(16)

Definition at line 58 of file output-json-tls.c.

◆ LOG_TLS_FIELD_NOTAFTER

#define LOG_TLS_FIELD_NOTAFTER BIT_U64(6)

Definition at line 48 of file output-json-tls.c.

◆ LOG_TLS_FIELD_NOTBEFORE

#define LOG_TLS_FIELD_NOTBEFORE BIT_U64(5)

Definition at line 47 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SERIAL

#define LOG_TLS_FIELD_SERIAL BIT_U64(3)

Definition at line 45 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SERVER_ALPNS

#define LOG_TLS_FIELD_SERVER_ALPNS BIT_U64(19)

Definition at line 61 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SESSION_RESUMED

#define LOG_TLS_FIELD_SESSION_RESUMED BIT_U64(10)

Definition at line 52 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SNI

#define LOG_TLS_FIELD_SNI BIT_U64(7)

Definition at line 49 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SUBJECT

#define LOG_TLS_FIELD_SUBJECT BIT_U64(1)

Definition at line 43 of file output-json-tls.c.

◆ LOG_TLS_FIELD_SUBJECTALTNAME

#define LOG_TLS_FIELD_SUBJECTALTNAME BIT_U64(17)

Definition at line 59 of file output-json-tls.c.

◆ LOG_TLS_FIELD_VERSION

#define LOG_TLS_FIELD_VERSION BIT_U64(0)

Definition at line 42 of file output-json-tls.c.

Typedef Documentation

◆ JsonTlsLogThread

typedef struct JsonTlsLogThread_ JsonTlsLogThread

◆ OutputTlsCtx

typedef struct OutputTlsCtx_ OutputTlsCtx

Function Documentation

◆ JsonTlsLogJSONExtended()

bool JsonTlsLogJSONExtended	(	void *	vtx,
		SCJsonBuilder *	tjs
	)

Definition at line 449 of file output-json-tls.c.

◆ JsonTlsLogRegister()

void JsonTlsLogRegister ( void )

Definition at line 658 of file output-json-tls.c.

References LOGGER_JSON_TX, and OutputRegisterTxSubModuleWithProgress().

Here is the call graph for this function:

Variable Documentation

◆ tls_fields

TlsFields tls_fields[]

Initial value:

= {
    
    { "version", LOG_TLS_FIELD_VERSION },
    { "subject", LOG_TLS_FIELD_SUBJECT },
    { "issuer", LOG_TLS_FIELD_ISSUER },
    { "serial", LOG_TLS_FIELD_SERIAL },
    { "fingerprint", LOG_TLS_FIELD_FINGERPRINT },
    { "not_before", LOG_TLS_FIELD_NOTBEFORE },
    { "not_after", LOG_TLS_FIELD_NOTAFTER },
    { "sni", LOG_TLS_FIELD_SNI },
    { "certificate", LOG_TLS_FIELD_CERTIFICATE },
    { "chain", LOG_TLS_FIELD_CHAIN },
    { "session_resumed", LOG_TLS_FIELD_SESSION_RESUMED },
    { "ja3", LOG_TLS_FIELD_JA3 },
    { "ja3s", LOG_TLS_FIELD_JA3S },
    { "client", LOG_TLS_FIELD_CLIENT },
    { "client_certificate", LOG_TLS_FIELD_CLIENT_CERT },
    { "client_chain", LOG_TLS_FIELD_CLIENT_CHAIN },
    { "ja4", LOG_TLS_FIELD_JA4 },
    { "subjectaltname", LOG_TLS_FIELD_SUBJECTALTNAME },
    { "client_alpns", LOG_TLS_FIELD_CLIENT_ALPNS },
    { "server_alpns", LOG_TLS_FIELD_SERVER_ALPNS },
    { NULL, -1 },
    
}

Definition at line 67 of file output-json-tls.c.

Data Structures

Macros

Typedefs

Functions

Variables