suricata
output-tx.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * AppLayer TX Logger Output registration functions
24  */
25 
26 #include "suricata-common.h"
27 #include "tm-modules.h"
28 #include "output.h"
29 #include "output-tx.h"
30 #include "app-layer.h"
31 #include "app-layer-parser.h"
32 #include "util-profiling.h"
33 #include "util-validate.h"
34 
35 typedef struct OutputLoggerThreadStore_ {
36  void *thread_data;
37  struct OutputLoggerThreadStore_ *next;
38 } OutputLoggerThreadStore;
39 
40 /** per thread data for this module, contains a list of per thread
41  * data for the packet loggers. */
42 typedef struct OutputLoggerThreadData_ {
43  OutputLoggerThreadStore *store[ALPROTO_MAX];
44 } OutputLoggerThreadData;
45 
46 /* logger instance, a module + a output ctx,
47  * it's perfectly valid that have multiple instances of the same
48  * log module (e.g. http.log) with different output ctx'. */
49 typedef struct OutputTxLogger_ {
50  AppProto alproto;
51  TxLogger LogFunc;
52  TxLoggerCondition LogCondition;
53  OutputCtx *output_ctx;
54  struct OutputTxLogger_ *next;
55  const char *name;
56  LoggerId logger_id;
57  uint32_t id;
58  int tc_log_progress;
59  int ts_log_progress;
60  TmEcode (*ThreadInit)(ThreadVars *, const void *, void **);
61  TmEcode (*ThreadDeinit)(ThreadVars *, void *);
62  void (*ThreadExitPrintStats)(ThreadVars *, void *);
63 } OutputTxLogger;
64 
65 static OutputTxLogger *list[ALPROTO_MAX] = { NULL };
66 
67 int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
68  TxLogger LogFunc,
69  OutputCtx *output_ctx, int tc_log_progress,
70  int ts_log_progress, TxLoggerCondition LogCondition,
71  ThreadInitFunc ThreadInit,
72  ThreadDeinitFunc ThreadDeinit,
73  void (*ThreadExitPrintStats)(ThreadVars *, void *))
74 {
75  if (alproto != ALPROTO_UNKNOWN && !(AppLayerParserIsEnabled(alproto))) {
76  SCLogNotice("%s logger not enabled: protocol %s is disabled",
77  name, AppProtoToString(alproto));
78  return -1;
79  }
80  OutputTxLogger *op = SCMalloc(sizeof(*op));
81  if (op == NULL)
82  return -1;
83  memset(op, 0x00, sizeof(*op));
84 
85  op->alproto = alproto;
86  op->LogFunc = LogFunc;
87  op->LogCondition = LogCondition;
88  op->output_ctx = output_ctx;
89  op->name = name;
90  op->logger_id = id;
91  op->ThreadInit = ThreadInit;
92  op->ThreadDeinit = ThreadDeinit;
93  op->ThreadExitPrintStats = ThreadExitPrintStats;
94 
95  if (alproto == ALPROTO_UNKNOWN) {
96  op->tc_log_progress = 0;
97  } else if (tc_log_progress < 0) {
98  op->tc_log_progress =
99  AppLayerParserGetStateProgressCompletionStatus(alproto,
100  STREAM_TOCLIENT);
101  } else {
102  op->tc_log_progress = tc_log_progress;
103  }
104 
105  if (alproto == ALPROTO_UNKNOWN) {
106  op->ts_log_progress = 0;
107  } else if (ts_log_progress < 0) {
108  op->ts_log_progress =
109  AppLayerParserGetStateProgressCompletionStatus(alproto,
110  STREAM_TOSERVER);
111  } else {
112  op->ts_log_progress = ts_log_progress;
113  }
114 
115  if (list[alproto] == NULL) {
116  op->id = 1;
117  list[alproto] = op;
118  } else {
119  OutputTxLogger *t = list[alproto];
120  while (t->next)
121  t = t->next;
122  if (t->id * 2 > UINT32_MAX) {
123  FatalError(SC_ERR_FATAL, "Too many loggers registered.");
124  }
125  op->id = t->id * 2;
126  t->next = op;
127  }
128 
129  SCLogDebug("OutputRegisterTxLogger happy");
130  return 0;
131 }
132 
133 static void OutputTxLogList0(ThreadVars *tv,
134  OutputLoggerThreadData *op_thread_data,
135  Packet *p, Flow *f, void *tx, const uint64_t tx_id)
136 {
137  const OutputTxLogger *logger = list[ALPROTO_UNKNOWN];
138  const OutputLoggerThreadStore *store = op_thread_data->store[ALPROTO_UNKNOWN];
139 
140  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
141  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
142  DEBUG_VALIDATE_BUG_ON(logger == NULL && store == NULL);
143 
144  while (logger && store) {
145  DEBUG_VALIDATE_BUG_ON(logger->LogFunc == NULL);
146 
147  SCLogDebug("logger %p", logger);
148 
149  /* always invoke "wild card" tx loggers */
150  SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id, logger->logger_id);
151  PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
152  logger->LogFunc(tv, store->thread_data, p, f, f->alstate, tx, tx_id);
153  PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
154 
155  logger = logger->next;
156  store = store->next;
157 
158  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
159  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
160  }
161 }
162 
163 static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
164 {
165  DEBUG_VALIDATE_BUG_ON(thread_data == NULL);
166  if (p->flow == NULL)
167  return TM_ECODE_OK;
168 
169  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
170 
171  Flow * const f = p->flow;
172  const uint8_t ipproto = f->proto;
173  const AppProto alproto = f->alproto;
174 
175  if (list[alproto] == NULL && list[ALPROTO_UNKNOWN] == NULL) {
176  /* No child loggers registered. */
177  return TM_ECODE_OK;
178  }
179 
180  if (AppLayerParserProtocolHasLogger(p->proto, alproto) == 0)
181  goto end;
182  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(p->proto, alproto);
183  if (logger_expectation == 0)
184  goto end;
185 
186  void *alstate = f->alstate;
187  if (alstate == NULL) {
188  SCLogDebug("no alstate");
189  goto end;
190  }
191 
192  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
193  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
194  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
195  uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser);
196  uint64_t max_id = tx_id;
197  int logged = 0;
198  int gap = 0;
199 
200  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
201  AppLayerGetTxIterState state;
202  memset(&state, 0, sizeof(state));
203 
204  while (1) {
205  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, tx_id, total_txs, &state);
206  if (ires.tx_ptr == NULL)
207  break;
208  void * const tx = ires.tx_ptr;
209  tx_id = ires.tx_id;
210 
211  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
212  if (txd == NULL) {
213  /* make sure this tx, which can't be properly logged is skipped */
214  logged = 1;
215  max_id = tx_id;
216  goto next_tx;
217  }
218 
219  if (list[ALPROTO_UNKNOWN] != 0) {
220  OutputTxLogList0(tv, op_thread_data, p, f, tx, tx_id);
221  if (list[alproto] == NULL)
222  goto next_tx;
223  }
224 
225  SCLogDebug("tx %p/%"PRIu64" txd %p: log_flags %x", tx, tx_id, txd, txd->config.log_flags);
226  if (txd->config.log_flags & BIT_U8(CONFIG_TYPE_TX)) {
227  SCLogDebug("SKIP tx %p/%"PRIu64, tx, tx_id);
228  goto next_tx;
229  }
230 
231  LoggerId tx_logged = txd->logged.flags;
232  const LoggerId tx_logged_old = tx_logged;
233  SCLogDebug("logger: expect %08x, have %08x", logger_expectation, tx_logged);
234  if (tx_logged == logger_expectation) {
235  /* tx already fully logged */
236  goto next_tx;
237  }
238 
239  int tx_progress_ts = AppLayerParserGetStateProgress(p->proto, alproto,
240  tx, ts_disrupt_flags);
241  int tx_progress_tc = AppLayerParserGetStateProgress(p->proto, alproto,
242  tx, tc_disrupt_flags);
243  SCLogDebug("tx_progress_ts %d tx_progress_tc %d",
244  tx_progress_ts, tx_progress_tc);
245 
246  const OutputTxLogger *logger = list[alproto];
247  const OutputLoggerThreadStore *store = op_thread_data->store[alproto];
248 
249  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
250  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
251  DEBUG_VALIDATE_BUG_ON(logger == NULL && store == NULL);
252 
253  while (logger && store) {
254  DEBUG_VALIDATE_BUG_ON(logger->LogFunc == NULL);
255  DEBUG_VALIDATE_BUG_ON(logger->alproto != alproto);
256 
257  SCLogDebug("logger %p, Alproto %d LogCondition %p, ts_log_progress %d "
258  "tc_log_progress %d", logger, logger->alproto, logger->LogCondition,
259  logger->ts_log_progress, logger->tc_log_progress);
260  if ((tx_logged_old & (1<<logger->logger_id)) == 0) {
261  SCLogDebug("alproto match %d, logging tx_id %"PRIu64, logger->alproto, tx_id);
262 
263  const bool last_pseudo = (p->flowflags & FLOW_PKT_LAST_PSEUDO) != 0;
264  const bool ts_eof = AppLayerParserStateIssetFlag(f->alparser,
265  APP_LAYER_PARSER_EOF_TS) != 0;
266  const bool tc_eof = AppLayerParserStateIssetFlag(f->alparser,
267  APP_LAYER_PARSER_EOF_TC) != 0;
268  SCLogDebug("pcap_cnt %"PRIu64", tx_id %"PRIu64" logger %d. "
269  "EOFs TS %s TC %s LAST PSEUDO %s",
270  p->pcap_cnt, tx_id, logger->logger_id,
271  ts_eof ? "true" : "false", tc_eof ? "true" : "false",
272  last_pseudo ? "true" : "false");
273 
274  if ((ts_eof && tc_eof) || last_pseudo) {
275  SCLogDebug("EOF, so log now");
276  } else {
277  if (logger->LogCondition) {
278  int r = logger->LogCondition(tv, p, alstate, tx, tx_id);
279  if (r == FALSE) {
280  SCLogDebug("conditions not met, not logging");
281  goto next_logger;
282  }
283  } else {
284  if (tx_progress_tc < logger->tc_log_progress) {
285  SCLogDebug("progress not far enough, not logging");
286  goto next_logger;
287  }
288 
289  if (tx_progress_ts < logger->ts_log_progress) {
290  SCLogDebug("progress not far enough, not logging");
291  goto next_logger;
292  }
293  }
294  }
295 
296  SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id, logger->logger_id);
297  PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
298  logger->LogFunc(tv, store->thread_data, p, f, alstate, tx, tx_id);
299  PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
300 
301  tx_logged |= (1<<logger->logger_id);
302  }
303 
304 next_logger:
305  logger = logger->next;
306  store = store->next;
307 
308  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
309  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
310  }
311 
312  if (tx_logged != tx_logged_old) {
313  SCLogDebug("logger: storing %08x (was %08x)",
314  tx_logged, tx_logged_old);
315  DEBUG_VALIDATE_BUG_ON(txd == NULL);
316  txd->logged.flags |= tx_logged;
317  }
318 
319  /* If all loggers logged set a flag and update the last tx_id
320  * that was logged.
321  *
322  * If not all loggers were logged we flag that there was a gap
323  * so any subsequent transactions in this loop don't increase
324  * the maximum ID that was logged. */
325  if (!gap && tx_logged == logger_expectation) {
326  logged = 1;
327  max_id = tx_id;
328  } else {
329  gap = 1;
330  }
331 next_tx:
332  if (!ires.has_next)
333  break;
334  tx_id++;
335  }
336 
337  /* Update the the last ID that has been logged with all
338  * transactions before it. */
339  if (logged) {
340  SCLogDebug("updating log tx_id %"PRIu64, max_id);
341  AppLayerParserSetTransactionLogId(f->alparser, max_id + 1);
342  }
343 
344 end:
345  return TM_ECODE_OK;
346 }
347 
348 /** \brief thread init for the tx logger
349  * This will run the thread init functions for the individual registered
350  * loggers */
351 static TmEcode OutputTxLogThreadInit(ThreadVars *tv, const void *initdata, void **data)
352 {
353  OutputLoggerThreadData *td = SCMalloc(sizeof(*td));
354  if (td == NULL)
355  return TM_ECODE_FAILED;
356  memset(td, 0x00, sizeof(*td));
357 
358  *data = (void *)td;
359  SCLogDebug("OutputTxLogThreadInit happy (*data %p)", *data);
360 
361  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
362  OutputTxLogger *logger = list[alproto];
363  while (logger) {
364  if (logger->ThreadInit) {
365  void *retptr = NULL;
366  if (logger->ThreadInit(tv, (void *)logger->output_ctx, &retptr) == TM_ECODE_OK) {
367  OutputLoggerThreadStore *ts = SCMalloc(sizeof(*ts));
368  /* todo */ BUG_ON(ts == NULL);
369  memset(ts, 0x00, sizeof(*ts));
370 
371  /* store thread handle */
372  ts->thread_data = retptr;
373 
374  if (td->store[alproto] == NULL) {
375  td->store[alproto] = ts;
376  } else {
377  OutputLoggerThreadStore *tmp = td->store[alproto];
378  while (tmp->next != NULL)
379  tmp = tmp->next;
380  tmp->next = ts;
381  }
382 
383  SCLogDebug("%s is now set up", logger->name);
384  }
385  }
386 
387  logger = logger->next;
388  }
389  }
390  return TM_ECODE_OK;
391 }
392 
393 static TmEcode OutputTxLogThreadDeinit(ThreadVars *tv, void *thread_data)
394 {
395  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
396 
397  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
398  OutputLoggerThreadStore *store = op_thread_data->store[alproto];
399  OutputTxLogger *logger = list[alproto];
400 
401  while (logger && store) {
402  if (logger->ThreadDeinit) {
403  logger->ThreadDeinit(tv, store->thread_data);
404  }
405 
406  OutputLoggerThreadStore *next_store = store->next;
407  SCFree(store);
408  store = next_store;
409  logger = logger->next;
410  }
411  }
412 
413  SCFree(op_thread_data);
414  return TM_ECODE_OK;
415 }
416 
417 static void OutputTxLogExitPrintStats(ThreadVars *tv, void *thread_data)
418 {
419  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
420 
421  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
422  OutputLoggerThreadStore *store = op_thread_data->store[alproto];
423  OutputTxLogger *logger = list[alproto];
424 
425  while (logger && store) {
426  if (logger->ThreadExitPrintStats) {
427  logger->ThreadExitPrintStats(tv, store->thread_data);
428  }
429 
430  logger = logger->next;
431  store = store->next;
432  }
433  }
434 }
435 
436 static uint32_t OutputTxLoggerGetActiveCount(void)
437 {
438  uint32_t cnt = 0;
439  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
440  for (OutputTxLogger *p = list[alproto]; p != NULL; p = p->next) {
441  cnt++;
442  }
443  }
444  return cnt;
445 }
446 
447 
448 void OutputTxLoggerRegister (void)
449 {
450  OutputRegisterRootLogger(OutputTxLogThreadInit, OutputTxLogThreadDeinit,
451  OutputTxLogExitPrintStats, OutputTxLog, OutputTxLoggerGetActiveCount);
452 }
453 
454 void OutputTxShutdown(void)
455 {
456  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
457  OutputTxLogger *logger = list[alproto];
458  while (logger) {
459  OutputTxLogger *next_logger = logger->next;
460  SCFree(logger);
461  logger = next_logger;
462  }
463  list[alproto] = NULL;
464  }
465 }
OutputTxLogger_::alproto
AppProto alproto
Definition: output-tx.c:50
Packet_::proto
uint8_t proto
Definition: decode.h:436
output-tx.h
ts
uint64_t ts
Definition: source-erf-file.c:54
OutputLoggerThreadStore_
Definition: output-file.c:37
OutputLoggerThreadStore_::next
struct OutputLoggerThreadStore_ * next
Definition: output-file.c:39
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1404
OutputLoggerThreadData
struct OutputLoggerThreadData_ OutputLoggerThreadData
OutputTxLoggerRegister
void OutputTxLoggerRegister(void)
Definition: output-tx.c:448
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1418
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:686
CONFIG_TYPE_TX
@ CONFIG_TYPE_TX
Definition: util-config.h:37
FLOW_PKT_LAST_PSEUDO
#define FLOW_PKT_LAST_PSEUDO
Definition: flow.h:228
OutputTxLogger_::tc_log_progress
int tc_log_progress
Definition: output-tx.c:58
OutputTxShutdown
void OutputTxShutdown(void)
Definition: output-tx.c:454
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:570
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:671
Flow_::proto
uint8_t proto
Definition: flow.h:365
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:73
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1033
Flow_
Flow data structure.
Definition: flow.h:347
LoggerId
LoggerId
Definition: suricata-common.h:439
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:679
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
logged
int logged
Definition: app-layer-htp.h:1
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1066
tm-modules.h
TxLogger
int(* TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f, void *state, void *tx, uint64_t tx_id)
Definition: output-tx.h:32
OutputTxLogger_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: output-tx.c:60
OutputTxLogger_::logger_id
LoggerId logger_id
Definition: output-tx.c:56
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:445
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:41
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:68
OutputTxLogger_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: output-tx.c:61
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
OutputLoggerThreadStore_::thread_data
void * thread_data
Definition: output-file.c:38
OutputCtx_
Definition: tm-modules.h:78
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:475
OutputRegisterTxLogger
int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto, TxLogger LogFunc, OutputCtx *output_ctx, int tc_log_progress, int ts_log_progress, TxLoggerCondition LogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, void(*ThreadExitPrintStats)(ThreadVars *, void *))
Definition: output-tx.c:67
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1648
OutputLoggerThreadData_
Definition: output-file.c:44
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
OutputTxLogger_::next
struct OutputTxLogger_ * next
Definition: output-tx.c:54
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
ThreadInitFunc
TmEcode(* ThreadInitFunc)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:39
app-layer-parser.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:282
util-profiling.h
FALSE
#define FALSE
Definition: suricata-common.h:34
OutputTxLogger_::ts_log_progress
int ts_log_progress
Definition: output-tx.c:59
AppLayerGetTxIterState
Definition: app-layer-parser.h:118
Packet_
Definition: decode.h:414
OutputLoggerThreadData_::store
OutputLoggerThreadStore * store
Definition: output-file.c:45
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:42
TmEcode
TmEcode
Definition: tm-threads-common.h:79
OutputTxLogger_::output_ctx
OutputCtx * output_ctx
Definition: output-tx.c:53
OutputTxLogger_::LogCondition
TxLoggerCondition LogCondition
Definition: output-tx.c:52
OutputTxLogger_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: output-tx.c:62
PACKET_PROFILING_LOGGER_END
#define PACKET_PROFILING_LOGGER_END(p, id)
Definition: util-profiling.h:260
Packet_::flow
struct Flow_ * flow
Definition: decode.h:451
BIT_U8
#define BIT_U8(n)
Definition: suricata-common.h:384
suricata-common.h
OutputTxLogger
struct OutputTxLogger_ OutputTxLogger
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1167
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
Packet_::next
struct Packet_ * next
Definition: decode.h:579
TxLoggerCondition
int(* TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id)
Definition: output-tx.h:37
OutputTxLogger_::LogFunc
TxLogger LogFunc
Definition: output-tx.c:51
SCFree
#define SCFree(p)
Definition: util-mem.h:61
Flow_::alstate
void * alstate
Definition: flow.h:476
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
OutputTxLogger_
Definition: output-tx.c:49
PACKET_PROFILING_LOGGER_START
#define PACKET_PROFILING_LOGGER_START(p, id)
Definition: util-profiling.h:253
OutputRegisterRootLogger
void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats, OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc)
Definition: output.c:962
OutputLoggerThreadStore
struct OutputLoggerThreadStore_ OutputLoggerThreadStore
OutputTxLogger_::name
const char * name
Definition: output-tx.c:55
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1426
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:127
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1114
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:450
OutputTxLogger_::id
uint32_t id
Definition: output-tx.c:57
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1048
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
output.h
ThreadDeinitFunc
TmEcode(* ThreadDeinitFunc)(ThreadVars *, void *)
Definition: tm-modules.h:40
app-layer.h