static TmEcode JsonAlertLogThreadDeinit(ThreadVars *t, void *data)
{
JsonAlertLogThread *aft = (JsonAlertLogThread *)data;
if (aft == NULL) {
return TM_ECODE_OK;
}
MemBufferFree(aft->json_buffer);
MemBufferFree(aft->payload_buffer);
/* clear memory */
memset(aft, 0, sizeof(JsonAlertLogThread));
SCFree(aft);
return TM_ECODE_OK;
}
static TmEcode MSSqlJsonLogThreadDeinit(ThreadVars *t, void *data) {
LogMSSqlLogThread *aft = data;
if (!aft)
return TM_ECODE_OK;
MemBufferFree(aft->buffer);
memset(aft, 0, sizeof(*aft));
SCFree(aft);
return TM_ECODE_OK;
}
static TmEcode JsonIKEv2LogThreadDeinit(ThreadVars *t, void *data)
{
LogIKEv2LogThread *thread = (LogIKEv2LogThread *)data;
if (thread == NULL) {
return TM_ECODE_OK;
}
if (thread->buffer != NULL) {
MemBufferFree(thread->buffer);
}
SCFree(thread);
return TM_ECODE_OK;
}
static TmEcode ThreadDeinit(ThreadVars *t, void *data) {
DBJsonLogThread *jlt = (DBJsonLogThread *)data;
if (jlt == NULL) {
return TM_ECODE_OK;
}
MemBufferFree(jlt->buf);
/* clear memory */
memset(jlt, 0, sizeof(DBJsonLogThread));
SCFree(jlt);
return TM_ECODE_OK;
}
static TmEcode LogTlsLogThreadDeinit(ThreadVars *t, void *data)
{
LogTlsLogThread *aft = (LogTlsLogThread *) data;
if (aft == NULL) {
return TM_ECODE_OK;
}
MemBufferFree(aft->buffer);
/* clear memory */
memset(aft, 0, sizeof(LogTlsLogThread));
SCFree(aft);
return TM_ECODE_OK;
}
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
{
json_t *js = CreateJSONHeader(p, 0, "inspectedrules");
if (js == NULL)
return;
json_t *ir = json_object();
if (ir == NULL)
return;
json_object_set_new(ir, "rule_group_id", json_integer(det_ctx->sgh->id));
json_object_set_new(ir, "rule_cnt", json_integer(det_ctx->match_array_cnt));
json_t *js_array = json_array();
uint32_t x;
for (x = 0; x < det_ctx->match_array_cnt; x++)
{
const Signature *s = det_ctx->match_array[x];
if (s == NULL)
continue;
json_t *js_sig = json_object();
if (unlikely(js == NULL))
continue;
json_object_set_new(js_sig, "sig_id", json_integer(s->id));
json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false());
if (s->mpm_sm != NULL) {
char orig[256] = "";
char chop[256] = "";
DumpFp(s->mpm_sm, orig, sizeof(orig), chop, sizeof(chop));
json_object_set_new(js_sig, "mpm_buffer", json_string(DetectListToHumanString(SigMatchListSMBelongsTo(s, s->mpm_sm))));
json_object_set_new(js_sig, "mpm_pattern", json_string(orig));
if (strlen(chop) > 0) {
json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop));
}
}
json_array_append_new(js_array, js_sig);
}
json_object_set_new(ir, "rules", js_array);
json_object_set_new(js, "inspectedrules", ir);
const char *filename = "packet_inspected_rules.json";
const char *log_dir = ConfigGetLogDirectory();
char log_path[PATH_MAX] = "";
snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, filename);
MemBuffer *mbuf = NULL;
mbuf = MemBufferCreateNew(4096);
BUG_ON(mbuf == NULL);
OutputJSONMemBufferWrapper wrapper = {
.buffer = &mbuf,
.expand_by = 4096,
};
int r = json_dump_callback(js, OutputJSONMemBufferCallback, &wrapper,
JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
JSON_ESCAPE_SLASH);
if (r != 0) {
SCLogWarning(SC_ERR_SOCKET, "unable to serialize JSON object");
} else {
MemBufferWriteString(mbuf, "\n");
SCMutexLock(&g_rule_dump_write_m);
FILE *fp = fopen(log_path, "a");
if (fp != NULL) {
MemBufferPrintToFPAsString(mbuf, fp);
fclose(fp);
SCMutexUnlock(&g_rule_dump_write_m);
}
}
MemBufferFree(mbuf);
json_object_clear(js);
json_decref(js);
}