suricata
output-tx.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * AppLayer TX Logger Output registration functions
24  */
25 
26 #include "suricata-common.h"
27 #include "tm-modules.h"
28 #include "output.h"
29 #include "output-tx.h"
30 #include "app-layer.h"
31 #include "app-layer-parser.h"
32 #include "util-profiling.h"
33 #include "util-validate.h"
34 
35 typedef struct OutputLoggerThreadStore_ {
36  void *thread_data;
37  struct OutputLoggerThreadStore_ *next;
38 } OutputLoggerThreadStore;
39 
40 /** per thread data for this module, contains a list of per thread
41  * data for the packet loggers. */
42 typedef struct OutputLoggerThreadData_ {
43  OutputLoggerThreadStore *store[ALPROTO_MAX];
44 } OutputLoggerThreadData;
45 
46 /* logger instance, a module + a output ctx,
47  * it's perfectly valid that have multiple instances of the same
48  * log module (e.g. http.log) with different output ctx'. */
49 typedef struct OutputTxLogger_ {
50  AppProto alproto;
51  TxLogger LogFunc;
52  TxLoggerCondition LogCondition;
53  OutputCtx *output_ctx;
54  struct OutputTxLogger_ *next;
55  const char *name;
56  LoggerId logger_id;
57  uint32_t id;
58  int tc_log_progress;
59  int ts_log_progress;
60  TmEcode (*ThreadInit)(ThreadVars *, const void *, void **);
61  TmEcode (*ThreadDeinit)(ThreadVars *, void *);
62  void (*ThreadExitPrintStats)(ThreadVars *, void *);
63 } OutputTxLogger;
64 
65 static OutputTxLogger *list[ALPROTO_MAX] = { NULL };
66 
67 int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
68  TxLogger LogFunc,
69  OutputCtx *output_ctx, int tc_log_progress,
70  int ts_log_progress, TxLoggerCondition LogCondition,
71  ThreadInitFunc ThreadInit,
72  ThreadDeinitFunc ThreadDeinit,
73  void (*ThreadExitPrintStats)(ThreadVars *, void *))
74 {
75  if (alproto != ALPROTO_UNKNOWN && !(AppLayerParserIsEnabled(alproto))) {
76  SCLogNotice("%s logger not enabled: protocol %s is disabled",
77  name, AppProtoToString(alproto));
78  return -1;
79  }
80  OutputTxLogger *op = SCMalloc(sizeof(*op));
81  if (op == NULL)
82  return -1;
83  memset(op, 0x00, sizeof(*op));
84 
85  op->alproto = alproto;
86  op->LogFunc = LogFunc;
87  op->LogCondition = LogCondition;
88  op->output_ctx = output_ctx;
89  op->name = name;
90  op->logger_id = id;
91  op->ThreadInit = ThreadInit;
92  op->ThreadDeinit = ThreadDeinit;
93  op->ThreadExitPrintStats = ThreadExitPrintStats;
94 
95  if (alproto == ALPROTO_UNKNOWN) {
96  op->tc_log_progress = 0;
97  } else if (tc_log_progress < 0) {
98  op->tc_log_progress =
99  AppLayerParserGetStateProgressCompletionStatus(alproto,
100  STREAM_TOCLIENT);
101  } else {
102  op->tc_log_progress = tc_log_progress;
103  }
104 
105  if (alproto == ALPROTO_UNKNOWN) {
106  op->ts_log_progress = 0;
107  } else if (ts_log_progress < 0) {
108  op->ts_log_progress =
109  AppLayerParserGetStateProgressCompletionStatus(alproto,
110  STREAM_TOSERVER);
111  } else {
112  op->ts_log_progress = ts_log_progress;
113  }
114 
115  if (list[alproto] == NULL) {
116  op->id = 1;
117  list[alproto] = op;
118  } else {
119  OutputTxLogger *t = list[alproto];
120  while (t->next)
121  t = t->next;
122  if (t->id * 2 > UINT32_MAX) {
123  FatalError(SC_ERR_FATAL, "Too many loggers registered.");
124  }
125  op->id = t->id * 2;
126  t->next = op;
127  }
128 
129  SCLogDebug("OutputRegisterTxLogger happy");
130  return 0;
131 }
132 
133 static void OutputTxLogList0(ThreadVars *tv,
134  OutputLoggerThreadData *op_thread_data,
135  Packet *p, Flow *f, void *tx, const uint64_t tx_id)
136 {
137  const OutputTxLogger *logger = list[ALPROTO_UNKNOWN];
138  const OutputLoggerThreadStore *store = op_thread_data->store[ALPROTO_UNKNOWN];
139 
140  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
141  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
142  DEBUG_VALIDATE_BUG_ON(logger == NULL && store == NULL);
143 
144  while (logger && store) {
145  DEBUG_VALIDATE_BUG_ON(logger->LogFunc == NULL);
146 
147  SCLogDebug("logger %p", logger);
148 
149  /* always invoke "wild card" tx loggers */
150  SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id, logger->logger_id);
151  PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
152  logger->LogFunc(tv, store->thread_data, p, f, f->alstate, tx, tx_id);
153  PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
154 
155  logger = logger->next;
156  store = store->next;
157 
158  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
159  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
160  }
161 }
162 
163 static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
164 {
165  DEBUG_VALIDATE_BUG_ON(thread_data == NULL);
166  if (p->flow == NULL)
167  return TM_ECODE_OK;
168 
169  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
170 
171  Flow * const f = p->flow;
172  const uint8_t ipproto = f->proto;
173  const AppProto alproto = f->alproto;
174 
175  if (list[alproto] == NULL && list[ALPROTO_UNKNOWN] == NULL) {
176  /* No child loggers registered. */
177  return TM_ECODE_OK;
178  }
179 
180  if (AppLayerParserProtocolHasLogger(p->proto, alproto) == 0)
181  goto end;
182  const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(p->proto, alproto);
183  if (logger_expectation == 0)
184  goto end;
185 
186  void *alstate = f->alstate;
187  if (alstate == NULL) {
188  SCLogDebug("no alstate");
189  goto end;
190  }
191 
192  const bool last_pseudo = (p->flowflags & FLOW_PKT_LAST_PSEUDO) != 0;
193  const bool ts_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TS) != 0;
194  const bool tc_eof = AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF_TC) != 0;
195  const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
196  const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
197  const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
198  uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser);
199  uint64_t max_id = tx_id;
200  int logged = 0;
201  int gap = 0;
202 
203  AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
204  AppLayerGetTxIterState state;
205  memset(&state, 0, sizeof(state));
206 
207  while (1) {
208  AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, tx_id, total_txs, &state);
209  if (ires.tx_ptr == NULL)
210  break;
211  void * const tx = ires.tx_ptr;
212  tx_id = ires.tx_id;
213 
214  AppLayerTxData *txd = AppLayerParserGetTxData(ipproto, alproto, tx);
215  if (txd == NULL) {
216  /* make sure this tx, which can't be properly logged is skipped */
217  logged = 1;
218  max_id = tx_id;
219  goto next_tx;
220  }
221 
222  if (list[ALPROTO_UNKNOWN] != 0) {
223  OutputTxLogList0(tv, op_thread_data, p, f, tx, tx_id);
224  if (list[alproto] == NULL)
225  goto next_tx;
226  }
227 
228  SCLogDebug("tx %p/%"PRIu64" txd %p: log_flags %x", tx, tx_id, txd, txd->config.log_flags);
229  if (txd->config.log_flags & BIT_U8(CONFIG_TYPE_TX)) {
230  SCLogDebug("SKIP tx %p/%"PRIu64, tx, tx_id);
231  goto next_tx;
232  }
233 
234  LoggerId tx_logged = txd->logged.flags;
235  const LoggerId tx_logged_old = tx_logged;
236  SCLogDebug("logger: expect %08x, have %08x", logger_expectation, tx_logged);
237  if (tx_logged == logger_expectation) {
238  /* tx already fully logged */
239  goto next_tx;
240  }
241 
242  const int tx_progress_ts =
243  AppLayerParserGetStateProgress(p->proto, alproto, tx, ts_disrupt_flags);
244  const int tx_progress_tc =
245  AppLayerParserGetStateProgress(p->proto, alproto, tx, tc_disrupt_flags);
246  SCLogDebug("tx_progress_ts %d tx_progress_tc %d",
247  tx_progress_ts, tx_progress_tc);
248 
249  const OutputTxLogger *logger = list[alproto];
250  const OutputLoggerThreadStore *store = op_thread_data->store[alproto];
251 
252  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
253  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
254  DEBUG_VALIDATE_BUG_ON(logger == NULL && store == NULL);
255 
256  while (logger && store) {
257  DEBUG_VALIDATE_BUG_ON(logger->LogFunc == NULL);
258  DEBUG_VALIDATE_BUG_ON(logger->alproto != alproto);
259 
260  SCLogDebug("logger %p, Alproto %d LogCondition %p, ts_log_progress %d "
261  "tc_log_progress %d", logger, logger->alproto, logger->LogCondition,
262  logger->ts_log_progress, logger->tc_log_progress);
263  if ((tx_logged_old & BIT_U32(logger->logger_id)) == 0) {
264  SCLogDebug("alproto match %d, logging tx_id %"PRIu64, logger->alproto, tx_id);
265 
266  SCLogDebug("pcap_cnt %"PRIu64", tx_id %"PRIu64" logger %d. "
267  "EOFs TS %s TC %s LAST PSEUDO %s",
268  p->pcap_cnt, tx_id, logger->logger_id,
269  ts_eof ? "true" : "false", tc_eof ? "true" : "false",
270  last_pseudo ? "true" : "false");
271 
272  if ((ts_eof && tc_eof) || last_pseudo) {
273  SCLogDebug("EOF, so log now");
274  } else {
275  if (logger->LogCondition) {
276  int r = logger->LogCondition(tv, p, alstate, tx, tx_id);
277  if (r == FALSE) {
278  SCLogDebug("conditions not met, not logging");
279  goto next_logger;
280  }
281  } else {
282  if (tx_progress_tc < logger->tc_log_progress) {
283  SCLogDebug("progress not far enough, not logging");
284  goto next_logger;
285  }
286 
287  if (tx_progress_ts < logger->ts_log_progress) {
288  SCLogDebug("progress not far enough, not logging");
289  goto next_logger;
290  }
291  }
292  }
293 
294  SCLogDebug("Logging tx_id %"PRIu64" to logger %d", tx_id, logger->logger_id);
295  PACKET_PROFILING_LOGGER_START(p, logger->logger_id);
296  logger->LogFunc(tv, store->thread_data, p, f, alstate, tx, tx_id);
297  PACKET_PROFILING_LOGGER_END(p, logger->logger_id);
298 
299  tx_logged |= BIT_U32(logger->logger_id);
300  }
301 
302 next_logger:
303  logger = logger->next;
304  store = store->next;
305 
306  DEBUG_VALIDATE_BUG_ON(logger == NULL && store != NULL);
307  DEBUG_VALIDATE_BUG_ON(logger != NULL && store == NULL);
308  }
309 
310  if (tx_logged != tx_logged_old) {
311  SCLogDebug("logger: storing %08x (was %08x)",
312  tx_logged, tx_logged_old);
313  DEBUG_VALIDATE_BUG_ON(txd == NULL);
314  txd->logged.flags |= tx_logged;
315  }
316 
317  /* If all loggers logged set a flag and update the last tx_id
318  * that was logged.
319  *
320  * If not all loggers were logged we flag that there was a gap
321  * so any subsequent transactions in this loop don't increase
322  * the maximum ID that was logged. */
323  if (!gap && tx_logged == logger_expectation) {
324  logged = 1;
325  max_id = tx_id;
326  } else {
327  gap = 1;
328  }
329 next_tx:
330  if (!ires.has_next)
331  break;
332  tx_id++;
333  }
334 
335  /* Update the the last ID that has been logged with all
336  * transactions before it. */
337  if (logged) {
338  SCLogDebug("updating log tx_id %"PRIu64, max_id);
339  AppLayerParserSetTransactionLogId(f->alparser, max_id + 1);
340  }
341 
342 end:
343  return TM_ECODE_OK;
344 }
345 
346 /** \brief thread init for the tx logger
347  * This will run the thread init functions for the individual registered
348  * loggers */
349 static TmEcode OutputTxLogThreadInit(ThreadVars *tv, const void *initdata, void **data)
350 {
351  OutputLoggerThreadData *td = SCMalloc(sizeof(*td));
352  if (td == NULL)
353  return TM_ECODE_FAILED;
354  memset(td, 0x00, sizeof(*td));
355 
356  *data = (void *)td;
357  SCLogDebug("OutputTxLogThreadInit happy (*data %p)", *data);
358 
359  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
360  OutputTxLogger *logger = list[alproto];
361  while (logger) {
362  if (logger->ThreadInit) {
363  void *retptr = NULL;
364  if (logger->ThreadInit(tv, (void *)logger->output_ctx, &retptr) == TM_ECODE_OK) {
365  OutputLoggerThreadStore *ts = SCMalloc(sizeof(*ts));
366  /* todo */ BUG_ON(ts == NULL);
367  memset(ts, 0x00, sizeof(*ts));
368 
369  /* store thread handle */
370  ts->thread_data = retptr;
371 
372  if (td->store[alproto] == NULL) {
373  td->store[alproto] = ts;
374  } else {
375  OutputLoggerThreadStore *tmp = td->store[alproto];
376  while (tmp->next != NULL)
377  tmp = tmp->next;
378  tmp->next = ts;
379  }
380 
381  SCLogDebug("%s is now set up", logger->name);
382  }
383  }
384 
385  logger = logger->next;
386  }
387  }
388  return TM_ECODE_OK;
389 }
390 
391 static TmEcode OutputTxLogThreadDeinit(ThreadVars *tv, void *thread_data)
392 {
393  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
394 
395  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
396  OutputLoggerThreadStore *store = op_thread_data->store[alproto];
397  OutputTxLogger *logger = list[alproto];
398 
399  while (logger && store) {
400  if (logger->ThreadDeinit) {
401  logger->ThreadDeinit(tv, store->thread_data);
402  }
403 
404  OutputLoggerThreadStore *next_store = store->next;
405  SCFree(store);
406  store = next_store;
407  logger = logger->next;
408  }
409  }
410 
411  SCFree(op_thread_data);
412  return TM_ECODE_OK;
413 }
414 
415 static void OutputTxLogExitPrintStats(ThreadVars *tv, void *thread_data)
416 {
417  OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
418 
419  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
420  OutputLoggerThreadStore *store = op_thread_data->store[alproto];
421  OutputTxLogger *logger = list[alproto];
422 
423  while (logger && store) {
424  if (logger->ThreadExitPrintStats) {
425  logger->ThreadExitPrintStats(tv, store->thread_data);
426  }
427 
428  logger = logger->next;
429  store = store->next;
430  }
431  }
432 }
433 
434 static uint32_t OutputTxLoggerGetActiveCount(void)
435 {
436  uint32_t cnt = 0;
437  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
438  for (OutputTxLogger *p = list[alproto]; p != NULL; p = p->next) {
439  cnt++;
440  }
441  }
442  return cnt;
443 }
444 
445 
446 void OutputTxLoggerRegister (void)
447 {
448  OutputRegisterRootLogger(OutputTxLogThreadInit, OutputTxLogThreadDeinit,
449  OutputTxLogExitPrintStats, OutputTxLog, OutputTxLoggerGetActiveCount);
450 }
451 
452 void OutputTxShutdown(void)
453 {
454  for (AppProto alproto = 0; alproto < ALPROTO_MAX; alproto++) {
455  OutputTxLogger *logger = list[alproto];
456  while (logger) {
457  OutputTxLogger *next_logger = logger->next;
458  SCFree(logger);
459  logger = next_logger;
460  }
461  list[alproto] = NULL;
462  }
463 }
OutputTxLogger_::alproto
AppProto alproto
Definition: output-tx.c:50
Packet_::proto
uint8_t proto
Definition: decode.h:436
output-tx.h
ts
uint64_t ts
Definition: source-erf-file.c:54
OutputLoggerThreadStore_
Definition: output-file.c:39
OutputLoggerThreadStore_::next
struct OutputLoggerThreadStore_ * next
Definition: output-file.c:41
AppLayerParserIsEnabled
int AppLayerParserIsEnabled(AppProto alproto)
simple way to globally test if a alproto is registered and fully enabled in the configuration.
Definition: app-layer-parser.c:1412
OutputLoggerThreadData
struct OutputLoggerThreadData_ OutputLoggerThreadData
OutputTxLoggerRegister
void OutputTxLoggerRegister(void)
Definition: output-tx.c:446
AppLayerParserProtocolHasLogger
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1430
AppLayerParserSetTransactionLogId
void AppLayerParserSetTransactionLogId(AppLayerParserState *pstate, uint64_t tx_id)
Definition: app-layer-parser.c:689
CONFIG_TYPE_TX
@ CONFIG_TYPE_TX
Definition: util-config.h:37
FLOW_PKT_LAST_PSEUDO
#define FLOW_PKT_LAST_PSEUDO
Definition: flow.h:234
OutputTxLogger_::tc_log_progress
int tc_log_progress
Definition: output-tx.c:58
OutputTxShutdown
void OutputTxShutdown(void)
Definition: output-tx.c:452
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
Packet_::pcap_cnt
uint64_t pcap_cnt
Definition: decode.h:572
AppLayerGetTxIterator
AppLayerGetTxIteratorFunc AppLayerGetTxIterator(const uint8_t ipproto, const AppProto alproto)
Definition: app-layer-parser.c:674
Flow_::proto
uint8_t proto
Definition: flow.h:375
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:77
AppLayerParserGetStateProgress
int AppLayerParserGetStateProgress(uint8_t ipproto, AppProto alproto, void *alstate, uint8_t flags)
get the progress value for a tx/protocol
Definition: app-layer-parser.c:1069
Flow_
Flow data structure.
Definition: flow.h:353
LoggerId
LoggerId
Definition: suricata-common.h:436
AppLayerParserGetTransactionLogId
uint64_t AppLayerParserGetTransactionLogId(AppLayerParserState *pstate)
Definition: app-layer-parser.c:682
AppProtoToString
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
Definition: app-layer-protos.c:30
logged
int logged
Definition: app-layer-htp.h:1
AppLayerParserGetStateProgressCompletionStatus
int AppLayerParserGetStateProgressCompletionStatus(AppProto alproto, uint8_t direction)
Definition: app-layer-parser.c:1097
tm-modules.h
TxLogger
int(* TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f, void *state, void *tx, uint64_t tx_id)
Definition: output-tx.h:32
OutputTxLogger_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: output-tx.c:60
OutputTxLogger_::logger_id
LoggerId logger_id
Definition: output-tx.c:56
Packet_::flowflags
uint8_t flowflags
Definition: decode.h:445
APP_LAYER_PARSER_EOF_TS
#define APP_LAYER_PARSER_EOF_TS
Definition: app-layer-parser.h:41
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
ALPROTO_MAX
@ ALPROTO_MAX
Definition: app-layer-protos.h:72
OutputTxLogger_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: output-tx.c:61
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
OutputLoggerThreadStore_::thread_data
void * thread_data
Definition: output-file.c:40
OutputCtx_
Definition: tm-modules.h:78
Flow_::alparser
AppLayerParserState * alparser
Definition: flow.h:485
OutputRegisterTxLogger
int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto, TxLogger LogFunc, OutputCtx *output_ctx, int tc_log_progress, int ts_log_progress, TxLoggerCondition LogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, void(*ThreadExitPrintStats)(ThreadVars *, void *))
Definition: output-tx.c:67
AppLayerParserStateIssetFlag
int AppLayerParserStateIssetFlag(AppLayerParserState *pstate, uint8_t flag)
Definition: app-layer-parser.c:1654
OutputLoggerThreadData_
Definition: output-file.c:46
BIT_U32
#define BIT_U32(n)
Definition: suricata-common.h:381
STREAM_TOSERVER
#define STREAM_TOSERVER
Definition: stream.h:31
OutputTxLogger_::next
struct OutputTxLogger_ * next
Definition: output-tx.c:54
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
ThreadInitFunc
TmEcode(* ThreadInitFunc)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:39
app-layer-parser.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:277
util-profiling.h
FALSE
#define FALSE
Definition: suricata-common.h:34
OutputTxLogger_::ts_log_progress
int ts_log_progress
Definition: output-tx.c:59
AppLayerGetTxIterState
Definition: app-layer-parser.h:144
Packet_
Definition: decode.h:414
OutputLoggerThreadData_::store
OutputLoggerThreadStore * store
Definition: output-file.c:47
APP_LAYER_PARSER_EOF_TC
#define APP_LAYER_PARSER_EOF_TC
Definition: app-layer-parser.h:42
TmEcode
TmEcode
Definition: tm-threads-common.h:79
OutputTxLogger_::output_ctx
OutputCtx * output_ctx
Definition: output-tx.c:53
OutputTxLogger_::LogCondition
TxLoggerCondition LogCondition
Definition: output-tx.c:52
OutputTxLogger_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: output-tx.c:62
PACKET_PROFILING_LOGGER_END
#define PACKET_PROFILING_LOGGER_END(p, id)
Definition: util-profiling.h:260
Packet_::flow
struct Flow_ * flow
Definition: decode.h:451
BIT_U8
#define BIT_U8(n)
Definition: suricata-common.h:379
suricata-common.h
OutputTxLogger
struct OutputTxLogger_ OutputTxLogger
STREAM_TOCLIENT
#define STREAM_TOCLIENT
Definition: stream.h:32
AppLayerParserGetTxData
AppLayerTxData * AppLayerParserGetTxData(uint8_t ipproto, AppProto alproto, void *tx)
Definition: app-layer-parser.c:1177
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
util-validate.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
Packet_::next
struct Packet_ * next
Definition: decode.h:581
TxLoggerCondition
int(* TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id)
Definition: output-tx.h:37
OutputTxLogger_::LogFunc
TxLogger LogFunc
Definition: output-tx.c:51
SCFree
#define SCFree(p)
Definition: util-mem.h:61
Flow_::alstate
void * alstate
Definition: flow.h:486
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
ALPROTO_UNKNOWN
@ ALPROTO_UNKNOWN
Definition: app-layer-protos.h:29
OutputTxLogger_
Definition: output-tx.c:49
PACKET_PROFILING_LOGGER_START
#define PACKET_PROFILING_LOGGER_START(p, id)
Definition: util-profiling.h:253
OutputRegisterRootLogger
void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats, OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc)
Definition: output.c:962
OutputLoggerThreadStore
struct OutputLoggerThreadStore_ OutputLoggerThreadStore
OutputTxLogger_::name
const char * name
Definition: output-tx.c:55
AppLayerParserProtocolGetLoggerBits
LoggerId AppLayerParserProtocolGetLoggerBits(uint8_t ipproto, AppProto alproto)
Definition: app-layer-parser.c:1438
AppLayerGetTxIteratorFunc
AppLayerGetTxIterTuple(* AppLayerGetTxIteratorFunc)(const uint8_t ipproto, const AppProto alproto, void *alstate, uint64_t min_tx_id, uint64_t max_tx_id, AppLayerGetTxIterState *state)
tx iterator prototype
Definition: app-layer-parser.h:153
FlowGetDisruptionFlags
uint8_t FlowGetDisruptionFlags(const Flow *f, uint8_t flags)
get 'disruption' flags: GAP/DEPTH/PASS
Definition: flow.c:1121
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
Flow_::alproto
AppProto alproto
application level protocol
Definition: flow.h:460
OutputTxLogger_::id
uint32_t id
Definition: output-tx.c:57
AppLayerParserGetTxCnt
uint64_t AppLayerParserGetTxCnt(const Flow *f, void *alstate)
Definition: app-layer-parser.c:1083
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
output.h
ThreadDeinitFunc
TmEcode(* ThreadDeinitFunc)(ThreadVars *, void *)
Definition: tm-modules.h:40
app-layer.h