static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
Flow *f, void *state, void *tx, uint64_t tx_id)
{
LogTlsLogThread *aft = (LogTlsLogThread *)thread_data;
LogTlsFileCtx *hlog = aft->tlslog_ctx;
char timebuf[64];
int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
SSLState *ssl_state = (SSLState *)state;
if (unlikely(ssl_state == NULL)) {
return 0;
}
if (ssl_state->server_connp.cert0_issuerdn == NULL ||
ssl_state->server_connp.cert0_subject == NULL) {
return 0;
}
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
#define PRINT_BUF_LEN 46
char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
Port sp, dp;
if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN, &sp, dstip,
PRINT_BUF_LEN, &dp, ipproto)) {
return 0;
}
MemBufferReset(aft->buffer);
MemBufferWriteString(aft->buffer,
"%s %s:%d -> %s:%d TLS: Subject='%s' Issuerdn='%s'",
timebuf, srcip, sp, dstip, dp,
ssl_state->server_connp.cert0_subject,
ssl_state->server_connp.cert0_issuerdn);
if (hlog->flags & LOG_TLS_EXTENDED) {
LogTlsLogExtended(aft, ssl_state);
} else {
MemBufferWriteString(aft->buffer, "\n");
}
aft->tls_cnt++;
SCMutexLock(&hlog->file_ctx->fp_mutex);
hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
SCMutexUnlock(&hlog->file_ctx->fp_mutex);
return 0;
}
static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
LogTlsLogThread *aft = (LogTlsLogThread *)thread_data;
LogTlsFileCtx *hlog = aft->tlslog_ctx;
char timebuf[64];
int ipproto = (PKT_IS_IPV4(p)) ? AF_INET : AF_INET6;
if (unlikely(p->flow == NULL)) {
return 0;
}
/* check if we have TLS state or not */
FLOWLOCK_WRLOCK(p->flow);
uint16_t proto = FlowGetAppProtocol(p->flow);
if (proto != ALPROTO_TLS)
goto end;
SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
if (unlikely(ssl_state == NULL)) {
goto end;
}
if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL)
goto end;
/* Don't log again the state. If we are here it was because we had
* to store the cert. */
if (ssl_state->flags & SSL_AL_FLAG_STATE_LOGGED)
goto end;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
#define PRINT_BUF_LEN 46
char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
Port sp, dp;
if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN,
&sp, dstip, PRINT_BUF_LEN, &dp, ipproto)) {
goto end;
}
MemBufferReset(aft->buffer);
MemBufferWriteString(aft->buffer,
"%s %s:%d -> %s:%d TLS: Subject='%s' Issuerdn='%s'",
timebuf, srcip, sp, dstip, dp,
ssl_state->server_connp.cert0_subject,
ssl_state->server_connp.cert0_issuerdn);
if (hlog->flags & LOG_TLS_EXTENDED) {
LogTlsLogExtended(aft, ssl_state);
} else {
MemBufferWriteString(aft->buffer, "\n");
}
aft->tls_cnt++;
SCMutexLock(&hlog->file_ctx->fp_mutex);
hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
SCMutexUnlock(&hlog->file_ctx->fp_mutex);
/* we only log the state once */
ssl_state->flags |= SSL_AL_FLAG_STATE_LOGGED;
end:
FLOWLOCK_UNLOCK(p->flow);
return 0;
}
