static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f) { SCEnter(); JsonNetFlowLogThread *jhl = (JsonNetFlowLogThread *)thread_data; /* reset */ MemBufferReset(jhl->buffer); json_t *js = CreateJSONHeaderFromFlow(f, "netflow", 0); //TODO const if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToServer(jhl, js, f); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); json_decref(js); /* reset */ MemBufferReset(jhl->buffer); js = CreateJSONHeaderFromFlow(f, "netflow", 1); //TODO const if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToClient(jhl, js, f); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); json_decref(js); SCReturnInt(TM_ECODE_OK); }
static int JsonStatsLogger(ThreadVars *tv, void *thread_data, const StatsTable *st) { SCEnter(); JsonStatsLogThread *aft = (JsonStatsLogThread *)thread_data; struct timeval tval; gettimeofday(&tval, NULL); json_t *js = json_object(); if (unlikely(js == NULL)) return 0; char timebuf[64]; CreateIsoTimeString(&tval, timebuf, sizeof(timebuf)); json_object_set_new(js, "timestamp", json_string(timebuf)); json_object_set_new(js, "event_type", json_string("stats")); json_t *js_stats = StatsToJSON(st, aft->statslog_ctx->flags); if (js_stats == NULL) { json_decref(js); return 0; } json_object_set_new(js, "stats", js_stats); OutputJSONBuffer(js, aft->statslog_ctx->file_ctx, &aft->buffer); MemBufferReset(aft->buffer); json_object_clear(js_stats); json_object_del(js, "stats"); json_object_clear(js); json_decref(js); SCReturnInt(0); }
static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f) { SCEnter(); JsonNetFlowLogThread *jhl = (JsonNetFlowLogThread *)thread_data; LogJsonFileCtx *netflow_ctx = jhl->flowlog_ctx; /* reset */ MemBufferReset(jhl->buffer); json_t *js = CreateJSONHeaderFromFlow(f, "netflow", 0); if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToServer(jhl, js, f); JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); json_decref(js); /* only log a response record if we actually have seen response packets */ if (f->tosrcpktcnt) { /* reset */ MemBufferReset(jhl->buffer); js = CreateJSONHeaderFromFlow(f, "netflow", 1); if (unlikely(js == NULL)) return TM_ECODE_OK; JsonNetFlowLogJSONToClient(jhl, js, f); JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js); OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer); json_object_del(js, "netflow"); json_object_clear(js); json_decref(js); } SCReturnInt(TM_ECODE_OK); }
int jt_stats_packer(void *data, char **out) { struct timespec mts; /* message timestamp */ struct jt_msg_stats *stats_msg = data; json_t *t = json_object(); json_t *samples_arr = json_array(); json_t *params = json_object(); json_t *jmts = json_object(); json_object_set_new(params, "iface", json_string(stats_msg->iface)); json_object_set_new(params, "whoosh_err_mean", json_integer(stats_msg->err.mean)); json_object_set_new(params, "whoosh_err_max", json_integer(stats_msg->err.max)); json_object_set_new(params, "whoosh_err_sd", json_integer(stats_msg->err.sd)); json_t *sample[stats_msg->sample_count]; // order matters! for (int i = 0; i < stats_msg->sample_count; i++) { sample[i] = json_object(); json_object_set_new(sample[i], "rx", json_integer(stats_msg->samples[i].rx)); json_object_set_new(sample[i], "tx", json_integer(stats_msg->samples[i].tx)); json_object_set_new(sample[i], "rxP", json_integer(stats_msg->samples[i].rxPkt)); json_object_set_new(sample[i], "txP", json_integer(stats_msg->samples[i].txPkt)); json_array_append(samples_arr, sample[i]); } json_object_set_new( t, "msg", json_string(jt_messages[JT_MSG_STATS_V1].key)); json_object_set(params, "s", samples_arr); json_object_set(t, "p", params); /* timestamp the new message */ clock_gettime(CLOCK_MONOTONIC, &mts); json_object_set_new(jmts, "tv_sec", json_integer(mts.tv_sec)); json_object_set_new(jmts, "tv_nsec", json_integer(mts.tv_nsec)); json_object_set_new(params, "t", jmts); *out = json_dumps(t, 0); for (int i = 0; i < stats_msg->sample_count; i++) { json_decref(sample[i]); } json_array_clear(samples_arr); json_decref(samples_arr); json_object_clear(params); json_decref(params); json_object_clear(t); json_decref(t); return 0; }
static int Logger(ThreadVars *t, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id) { SCEnter(); char *name = NULL; DBJsonLogThread *jlt = (DBJsonLogThread *)thread_data; switch (f->alproto) { case ALPROTO_MYSQL: name = "mysql"; case ALPROTO_TNS11G: name = "oracle-tns"; case ALPROTO_TDS: name = "mssql-tds"; case ALPROTO_DRDA: name = "db2-drda"; default: SCReturnInt(-1); } json_t *js = CreateJSONHeader((Packet *)p, 1, name); MemBufferReset(jlt->buf); /* TODO */ DBLogAlState(alstate, f->alproto, p, js, name); OutputJSONBuffer(js, jlt->ctx->ctx, jlt->buf); json_object_del(js, name); json_object_clear(js); json_decref(js); SCReturnInt(TM_ECODE_OK); }
static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p) { JsonTlsLogThread *aft = (JsonTlsLogThread *)thread_data; MemBuffer *buffer = (MemBuffer *)aft->buffer; OutputTlsCtx *tls_ctx = aft->tlslog_ctx; if (unlikely(p->flow == NULL)) { return 0; } /* check if we have TLS state or not */ FLOWLOCK_WRLOCK(p->flow); uint16_t proto = FlowGetAppProtocol(p->flow); if (proto != ALPROTO_TLS) goto end; SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow); if (unlikely(ssl_state == NULL)) { goto end; } if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL) goto end; json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");//TODO if (unlikely(js == NULL)) goto end; json_t *tjs = json_object(); if (tjs == NULL) { free(js); goto end; } /* reset */ MemBufferReset(buffer); /* tls.subject */ json_object_set_new(tjs, "subject", json_string(ssl_state->server_connp.cert0_subject)); /* tls.issuerdn */ json_object_set_new(tjs, "issuerdn", json_string(ssl_state->server_connp.cert0_issuerdn)); if (tls_ctx->flags & LOG_TLS_EXTENDED) { LogTlsLogExtendedJSON(tjs, ssl_state); } json_object_set_new(js, "tls", tjs); OutputJSONBuffer(js, tls_ctx->file_ctx, buffer); json_object_clear(js); json_decref(js); /* we only log the state once */ ssl_state->flags |= SSL_AL_FLAG_STATE_LOGGED; end: FLOWLOCK_UNLOCK(p->flow); return 0; }
static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id) { SCEnter(); htp_tx_t *tx = txptr; JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data; MemBuffer *buffer = (MemBuffer *)jhl->buffer; json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const if (unlikely(js == NULL)) return TM_ECODE_OK; SCLogDebug("got a HTTP request and now logging !!"); /* reset */ MemBufferReset(buffer); JsonHttpLogJSON(jhl, js, tx); OutputJSONBuffer(js, jhl->httplog_ctx->file_ctx, buffer); json_object_del(js, "http"); json_object_clear(js); json_decref(js); SCReturnInt(TM_ECODE_OK); }
void OUTPUT_FORMATTER::json_finalize_result(bool result) { POOL_MEM string; json_t *msg_obj = json_object(); json_t *error_obj; /* * We mimic json-rpc result and error messages, * To make it easier to implement real json-rpc later on. */ json_object_set(msg_obj, "jsonrpc", json_string("2.0")); json_object_set(msg_obj, "id", json_null()); if (result) { json_object_set(msg_obj, "result", result_array_json); } else { error_obj = json_object(); json_object_set_new(error_obj, "code", json_integer(1)); json_object_set_new(error_obj, "message", json_string("failed")); json_object_set(error_obj, "data", result_array_json); json_object_set_new(msg_obj, "error", error_obj); } string.bsprintf("%s\n", json_dumps(msg_obj, UA_JSON_FLAGS)); send_func(send_ctx, string.c_str()); json_array_clear(result_array_json); json_object_clear(msg_obj); }
void CreateJSONMaxFeatureVector(double * MaxFeatureVector,const int bins,char * filename) { json_t* corr = json_object(); json_t* jsonFileName = json_string("MaxFeatureVector"); json_t* featureVector = json_array(); json_t* vectorVals; int i; // Build feature vector json array for (i=0; i<bins; i++) { vectorVals = json_real(MaxFeatureVector[i]); if (json_array_append_new(featureVector,vectorVals)) { printf("Cannot append %f to json array",MaxFeatureVector[i]); puts(strerror(errno)); exit(1); } } // add both feature vector and file name to json object json_object_set_new(corr,"FileName",jsonFileName); json_object_set_new(corr,"FeatureVector",featureVector); json_dump_file(corr,filename,JSON_INDENT(2)); // need to call jansson specific free json_object_clear(corr); }
static void test_clear() { json_t *object, *ten; object = json_object(); ten = json_integer(10); if(!object) fail("unable to create object"); if(!ten) fail("unable to create integer"); if(json_object_set(object, "a", ten) || json_object_set(object, "b", ten) || json_object_set(object, "c", ten) || json_object_set(object, "d", ten) || json_object_set(object, "e", ten)) fail("unable to set value"); if(json_object_size(object) != 5) fail("invalid size"); json_object_clear(object); if(json_object_size(object) != 0) fail("invalid size after clear"); json_decref(ten); json_decref(object); }
int jt_sample_period_packer(void *data, char **out) { int *sample_period = data; json_t *t = json_object(); json_t *msg = json_object(); json_object_set_new( msg, "msg", json_string(jt_messages[JT_MSG_SAMPLE_PERIOD_V1].key)); json_object_set_new(t, "period", json_integer(*sample_period)); json_object_set(msg, "p", t); *out = json_dumps(msg, 0); json_object_clear(t); json_decref(t); json_object_clear(msg); json_decref(msg); return 0; }
OUTPUT_FORMATTER::~OUTPUT_FORMATTER() { delete result_message_plain; #if HAVE_JANSSON json_object_clear(result_array_json); json_decref(result_array_json); delete result_stack_json; #endif }
/** Handle the case where no JSON support is compiled in. * */ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { MemBuffer *buffer = (MemBuffer *)aft->buffer; int i; if (p->alerts.cnt == 0) return TM_ECODE_OK; json_t *js = CreateJSONHeader((Packet *)p, 0, "alert"); if (unlikely(js == NULL)) return TM_ECODE_OK; for (i = 0; i < p->alerts.cnt; i++) { const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; } char *action = "allowed"; if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) { action = "blocked"; } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) { action = "blocked"; } json_t *ajs = json_object(); if (ajs == NULL) { json_decref(js); return TM_ECODE_OK; } MemBufferReset(buffer); json_object_set_new(ajs, "action", json_string(action)); json_object_set_new(ajs, "gid", json_integer(pa->s->gid)); json_object_set_new(ajs, "signature_id", json_integer(pa->s->id)); json_object_set_new(ajs, "rev", json_integer(pa->s->rev)); json_object_set_new(ajs, "signature", json_string((pa->s->msg) ? pa->s->msg : "")); json_object_set_new(ajs, "category", json_string((pa->s->class_msg) ? pa->s->class_msg : "")); json_object_set_new(ajs, "severity", json_integer(pa->s->prio)); /* alert */ json_object_set_new(js, "alert", ajs); OutputJSONBuffer(js, aft->file_ctx, aft->buffer); json_object_del(js, "alert"); } json_object_clear(js); json_decref(js); return TM_ECODE_OK; }
/** SerializeAllToJson: Creates a single file containing all the correlogram feature vectors and the max feature vector @param[in] correlograms: pointer to array of correlograms to be serialize. @param[in] MaxFeatureVector: array of double values containing the maximum value from every correlogram for each bin @param[in] bins: number of quantization bins. @param[in] filename: string of where to write out to. @param[in] numCorrelograms: the number of correlograms within correlograms */ void SerializeAllToJson(Correlogram ** correlograms,double* MaxFeatureVector,const int bins, char * filename,int numCorrelograms) { json_t* jsonCollection = json_array(); json_t* corr; json_t* jsonFileName; json_t* featureVector; json_t* vectorVals; int i; int j; for (j=0; j<numCorrelograms; j++) { featureVector= json_array(); jsonFileName = json_string(correlograms[j]->fileName); corr= json_object(); // Build feature vector json array for (i=0; i<bins; i++) { vectorVals = json_real(correlograms[j]->FeatureVector[i]); json_array_append_new(featureVector,vectorVals); } // add both feature vector and file name to json object json_object_set_new(corr,"FileName",jsonFileName); json_object_set_new(corr,"FeatureVector",featureVector); json_array_append_new(jsonCollection,corr); free(correlograms[j]->fileName); free(correlograms[j]->FeatureVector); free(correlograms[j]); } featureVector = json_array(); jsonFileName = json_string("MaxFeatureVector"); corr= json_object(); for (i=0;i<bins;i++) { vectorVals = json_real(MaxFeatureVector[i]); json_array_append_new(featureVector,vectorVals); } json_object_set_new(corr,"FileName",jsonFileName); json_object_set_new(corr,"FeatureVector",featureVector); json_array_append_new(jsonCollection,corr); json_dump_file(jsonCollection,filename,JSON_INDENT(2)); // need to call jansson specific free json_object_clear(corr); }
/* encode a tpl (kv frame) as json. */ void *enc_worker(void *thread_id) { char buf[MAX_BUF], *key, *val; json_t *o = json_object(); int rc=-1, len, nc; tpl_node *tn; while (CF.shutdown == 0) { len = nn_recv(CF.ingress_socket_pull, buf, MAX_BUF, 0); if (len < 0) { fprintf(stderr,"nn_recv: %s\n", nn_strerror(errno)); goto done; } /* decode, then re-encode as json */ json_object_clear(o); tn = tpl_map("A(ss)",&key,&val); assert(tn); if (tpl_load(tn,TPL_MEM,buf,len) < 0) goto done; while(tpl_unpack(tn,1) > 0) { json_t *jval = json_string(val); json_object_set_new(o, key, jval); free(key); key=NULL; free(val); val=NULL; } tpl_free(tn); /* dump the json object, then newline-terminate it. */ if (CF.verbose>1) json_dumpf(o, stderr, JSON_INDENT(1)); char *dump = json_dumps(o, JSON_INDENT(0)); size_t dump_len = strlen(dump); /* give the buffer to nano, from here it goes to kaf thread */ nc = nn_send(CF.egress_socket_push, dump, dump_len, 0); free(dump); if (nc < 0) { fprintf(stderr,"nn_send: %s\n", nn_strerror(errno)); goto done; } } rc = 0; done: CF.shutdown = 1; json_decref(o); return NULL; }
//native bool:json_object_clear(Handle:hObj); static cell_t Native_json_object_clear(IPluginContext *pContext, const cell_t *params) { HandleError err; HandleSecurity sec; sec.pOwner = NULL; sec.pIdentity = myself->GetIdentity(); // Param 1 json_t *object; Handle_t hndlObject = static_cast<Handle_t>(params[1]); if ((err=g_pHandleSys->ReadHandle(hndlObject, htJanssonObject, &sec, (void **)&object)) != HandleError_None) { return pContext->ThrowNativeError("Invalid <Object> handle %x (error %d)", hndlObject, err); } // Return bool bSuccess = (json_object_clear(object) == 0); return bSuccess; }
static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *txptr, uint64_t tx_id) { JsonTlsLogThread *aft = (JsonTlsLogThread *)thread_data; OutputTlsCtx *tls_ctx = aft->tlslog_ctx; SSLState *ssl_state = (SSLState *)state; if (unlikely(ssl_state == NULL)) { return 0; } if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL) return 0; json_t *js = CreateJSONHeader((Packet *)p, 0, "tls"); if (unlikely(js == NULL)) return 0; json_t *tjs = json_object(); if (tjs == NULL) { free(js); return 0; } /* reset */ MemBufferReset(aft->buffer); JsonTlsLogJSONBasic(tjs, ssl_state); if (tls_ctx->flags & LOG_TLS_EXTENDED) { JsonTlsLogJSONExtended(tjs, ssl_state); } json_object_set_new(js, "tls", tjs); OutputJSONBuffer(js, tls_ctx->file_ctx, &aft->buffer); json_object_clear(js); json_decref(js); return 0; }
/** * \internal * \brief Write meta data on a single line json record */ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) { json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const json_t *hjs = NULL; if (unlikely(js == NULL)) return; /* reset */ MemBufferReset(aft->buffer); switch (p->flow->alproto) { case ALPROTO_HTTP: hjs = JsonHttpAddMetadata(p->flow, ff->txid); if (hjs) json_object_set_new(js, "http", hjs); break; case ALPROTO_SMTP: hjs = JsonSMTPAddMetadata(p->flow, ff->txid); if (hjs) json_object_set_new(js, "smtp", hjs); hjs = JsonEmailAddMetadata(p->flow, ff->txid); if (hjs) json_object_set_new(js, "email", hjs); break; } json_object_set_new(js, "app_proto", json_string(AppProtoToString(p->flow->alproto))); json_t *fjs = json_object(); if (unlikely(fjs == NULL)) { json_decref(js); return; } char *s = BytesToString(ff->name, ff->name_len); json_object_set_new(fjs, "filename", json_string(s)); if (s != NULL) SCFree(s); if (ff->magic) json_object_set_new(fjs, "magic", json_string((char *)ff->magic)); switch (ff->state) { case FILE_STATE_CLOSED: json_object_set_new(fjs, "state", json_string("CLOSED")); #ifdef HAVE_NSS if (ff->flags & FILE_MD5) { size_t x; int i; char s[256]; for (i = 0, x = 0; x < sizeof(ff->md5); x++) { i += snprintf(&s[i], 255-i, "%02x", ff->md5[x]); } json_object_set_new(fjs, "md5", json_string(s)); } #endif break; case FILE_STATE_TRUNCATED: json_object_set_new(fjs, "state", json_string("TRUNCATED")); break; case FILE_STATE_ERROR: json_object_set_new(fjs, "state", json_string("ERROR")); break; default: json_object_set_new(fjs, "state", json_string("UNKNOWN")); break; } json_object_set_new(fjs, "stored", (ff->flags & FILE_STORED) ? json_true() : json_false()); if (ff->flags & FILE_STORED) { json_object_set_new(fjs, "file_id", json_integer(ff->file_id)); } json_object_set_new(fjs, "size", json_integer(ff->size)); json_object_set_new(fjs, "tx_id", json_integer(ff->txid)); /* originally just 'file', but due to bug 1127 naming it fileinfo */ json_object_set_new(js, "fileinfo", fjs); OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer); json_object_del(js, "fileinfo"); switch (p->flow->alproto) { case ALPROTO_HTTP: json_object_del(js, "http"); break; case ALPROTO_SMTP: json_object_del(js, "smtp"); json_object_del(js, "email"); break; } json_object_clear(js); json_decref(js); }
bool TrafficNetwork::saveToFile(const string out_prefix, bool newWeek){ bool everythingOK = true; int metric = KPH; //save in KPH such that it can be used by external tool (and be human readable) std::vector<long> nIds; long crtId; char crtType; string out_fileName = (out_prefix+"_roads_stats.json"); json_t *root = NULL; if(firstSaved){ if(fileName != ""){ json_error_t error; root = json_load_file(fileName.c_str(), 0, &error); if(!root){ std::cout<<std::endl<<"WARNING: while opening "<<fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl; root= NULL; } if(!json_is_object(root)){ std::cout<<std::endl<<"WARNING: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl; json_decref(root); root = NULL; } if(!root){ std::cout<<"File "<<fileName<<" could not be using during saving process"<<std::endl<<"\t --> reverting to saving network based on stored data (possibility for loss of positional infos)"<<std::endl; } } if(!root){ root = json_object(); if ( root ) { json_object_set_new(root, "metric" ,json_integer(metric)); json_t *_nodes = json_array(); json_t *_roads = json_array(); for(NodeVec::iterator it= nodes.begin() ; it!=nodes.end(); ++it){ json_t * _node = json_object(); crtId = (*it)->getId(); crtType = (*it)->getType(); json_object_set_new(_node,"id",json_integer(crtId)); json_object_set_new(_node,"type",json_integer(crtType)); json_array_append_new(_nodes,_node); nIds = (*it)->getNeighborsId(); for(std::vector<long>::iterator jt = nIds.begin(); jt != nIds.end(); ++jt){ Road r = *((*it)->roadTo(*jt)); json_t * _road = json_object(); json_object_set_new(_road,"name",json_string(r.getName().c_str())); json_object_set_new(_road,"startId",json_integer(crtId)); json_object_set_new(_road,"endId",json_integer(r.getEndPoint()->getId())); json_object_set_new(_road,"speedLimit",json_integer(r.getSpeedLimit()*3.6)); //x3.6 to go from MPS to KPH json_object_set_new(_road,"length",json_real(r.getLength()/1000)); // /1000 to go from M to K json_object_set_new(_road,"nbBands",json_integer(r.getNbBands())); json_array_append_new(_roads,_road); } } json_object_set_new(root, "nodes" ,_nodes); json_object_set_new(root, "roads" ,_roads); }else{ std::cout<<"ERROR: Could not create 'root' during saving process"<<std::endl; return false; } } }else{ json_error_t error; root = json_load_file(out_fileName.c_str(), 0, &error); if(!root){ std::cout<<std::endl<<"ERROR: while opening "<<out_fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl; root= NULL; return false; } if(!json_is_object(root)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl; json_decref(root); root = NULL; return false; } } json_t *roadsInfos; if(monitered){ bool first = false; if(firstSaved){ roadsInfos = json_array(); int nbRoads = json_array_size(json_object_get(root,"roads")); for(int i = 0; i < nbRoads; i++){ json_array_append_new(roadsInfos,json_object()); } json_object_set(root,"roadsInfos",roadsInfos); json_object_set_new(root,"timePrecision",json_integer(TIME_PRECISION)); json_object_set_new(root,"time_index",json_integer(0)); json_object_set_new(root,"driversCount_index",json_integer(1)); firstSaved = false; first = true; }else roadsInfos = json_object_get(root,"roadsInfos"); json_t *infos; for(NodeVec::iterator it= nodes.begin() ; it!=nodes.end(); ++it){ nIds = (*it)->getNeighborsId(); for(std::vector<long>::iterator jt = nIds.begin(); jt != nIds.end(); ++jt){ Road* r = ((*it)->roadTo(*jt)); infos = r->getMonitor()->getInfos(); if(first){ json_object_update(json_array_get(roadsInfos,r->getId()),infos); }else{ json_array_extend(json_object_get(json_array_get(roadsInfos,r->getId()),"data"),json_object_get(infos,"data")); } r->getMonitor()->resetInfos(newWeek); json_object_clear(infos); json_decref(infos); } } } //actually save if(!(json_dump_file(root,out_fileName.c_str(),JSON_COMPACT) == 0)){ //if(!(json_dump_file(root,out_fileName.c_str(),JSON_INDENT(2)) == 0)){ //<== to have pretty JSON file everythingOK = false; std::cout<< "Could not open file : "<<out_fileName << " to write down network "<< name <<std::endl; } if(monitered){ json_array_clear(roadsInfos); } json_object_clear(root); json_decref(root); if(newWeek){ firstSaved = true; } return everythingOK; }
bool TrafficNetwork::loadFromFile(const string fileName){ int nbBands; long currentNode,otherNode; string roadName; double roadLength; double roadSpeedLimit; int metric; json_t *root; json_error_t error; root = json_load_file(fileName.c_str(), 0, &error); if(!root){ std::cout<<std::endl<<"ERROR: while opening "<<fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl; return false; } if(!json_is_object(root)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl; json_decref(root); return false; } json_t *_metric, *_roads, *_nodes; _metric = json_object_get(root,"metric"); if(!json_is_integer(_metric)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'metric' field not present or wrong type"<<std::endl; json_decref(root); return false; } metric = json_integer_value(_metric); _nodes = json_object_get(root,"nodes"); if(!json_is_array(_nodes)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'nodes' field not present or not an array"<<std::endl; json_decref(root); return false; } size_t n = json_array_size(_nodes); nbNodes = n; nodes = NodeVec(nbNodes); json_t *nodeId,*_node, *nodeType; for(size_t i = 0; i < n; i++){ _node = json_array_get(_nodes,i); if(!json_is_object(_node)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected node "<<i<<" to be an object"<<std::endl; json_decref(root); return false; } nodeId = json_object_get(_node,"id"); if(!json_is_integer(nodeId)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'id' field of node "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } nodeType = json_object_get(_node,"type"); if(json_is_integer(nodeType)){ nodes[i] = new Node(json_integer_value(nodeId),json_integer_value(nodeType)); }else{ nodes[i] = new Node(json_integer_value(nodeId)); } } _roads = json_object_get(root,"roads"); if(!json_is_array(_roads)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'roads' field not present or not an array"<<std::endl; json_decref(root); return false; } n = json_array_size(_roads); json_t *_roadName,*_roadSpeedLimit,*_roadNbBands,*_roadLength,*_road,*startId,*endId; for(size_t i = 0; i < n; i++){ _road = json_array_get(_roads,i); if(!json_is_object(_road)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected road "<<i<<" to be an object"<<std::endl; json_decref(root); return false; } _roadName = json_object_get(_road,"name"); if(!json_is_string(_roadName)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'name' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } roadName = json_string_value(_roadName); _roadSpeedLimit = json_object_get(_road,"speedLimit"); if(!json_is_integer(_roadSpeedLimit)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'speedLimit' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } roadSpeedLimit = formatSpeedLimit(json_integer_value(_roadSpeedLimit),metric); _roadLength = json_object_get(_road,"length"); if(!json_is_real(_roadLength)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'length' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } roadLength = formatLength(json_real_value(_roadLength),metric); _roadNbBands = json_object_get(_road,"nbBands"); if(!json_is_integer(_roadNbBands)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'nbBands' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } nbBands = json_integer_value(_roadNbBands); startId = json_object_get(_road,"startId"); if(!json_is_integer(startId)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'startId' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } currentNode = json_integer_value(startId); endId = json_object_get(_road,"endId"); if(!json_is_integer(endId)){ std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'endId' field of road "<<i<<" not present or wrong type"<<std::endl; json_decref(root); return false; } otherNode = json_integer_value(endId); addRoad(currentNode, otherNode, roadName, roadLength, roadSpeedLimit,nbBands); } //clean up json_array_clear(_nodes); json_object_clear(_road); json_array_clear(_roads); json_object_clear(root); json_decref(root); return true; }
/** * \brief Log the dropped packets in netfilter format when engine is running * in inline mode * * \param tv Pointer the current thread variables * \param p Pointer the packet which is being logged * * \return return TM_EODE_OK on success */ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) { JsonDropOutputCtx *drop_ctx = aft->drop_ctx; json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "drop"); if (unlikely(js == NULL)) return TM_ECODE_OK; JsonAddCommonOptions(&drop_ctx->cfg, p, p->flow, js); json_t *djs = json_object(); if (unlikely(djs == NULL)) { json_decref(js); return TM_ECODE_OK; } /* reset */ MemBufferReset(aft->buffer); uint16_t proto = 0; if (PKT_IS_IPV4(p)) { json_object_set_new(djs, "len", json_integer(IPV4_GET_IPLEN(p))); json_object_set_new(djs, "tos", json_integer(IPV4_GET_IPTOS(p))); json_object_set_new(djs, "ttl", json_integer(IPV4_GET_IPTTL(p))); json_object_set_new(djs, "ipid", json_integer(IPV4_GET_IPID(p))); proto = IPV4_GET_IPPROTO(p); } else if (PKT_IS_IPV6(p)) { json_object_set_new(djs, "len", json_integer(IPV6_GET_PLEN(p))); json_object_set_new(djs, "tc", json_integer(IPV6_GET_CLASS(p))); json_object_set_new(djs, "hoplimit", json_integer(IPV6_GET_HLIM(p))); json_object_set_new(djs, "flowlbl", json_integer(IPV6_GET_FLOW(p))); proto = IPV6_GET_L4PROTO(p); } switch (proto) { case IPPROTO_TCP: if (PKT_IS_TCP(p)) { json_object_set_new(djs, "tcpseq", json_integer(TCP_GET_SEQ(p))); json_object_set_new(djs, "tcpack", json_integer(TCP_GET_ACK(p))); json_object_set_new(djs, "tcpwin", json_integer(TCP_GET_WINDOW(p))); json_object_set_new(djs, "syn", TCP_ISSET_FLAG_SYN(p) ? json_true() : json_false()); json_object_set_new(djs, "ack", TCP_ISSET_FLAG_ACK(p) ? json_true() : json_false()); json_object_set_new(djs, "psh", TCP_ISSET_FLAG_PUSH(p) ? json_true() : json_false()); json_object_set_new(djs, "rst", TCP_ISSET_FLAG_RST(p) ? json_true() : json_false()); json_object_set_new(djs, "urg", TCP_ISSET_FLAG_URG(p) ? json_true() : json_false()); json_object_set_new(djs, "fin", TCP_ISSET_FLAG_FIN(p) ? json_true() : json_false()); json_object_set_new(djs, "tcpres", json_integer(TCP_GET_RAW_X2(p->tcph))); json_object_set_new(djs, "tcpurgp", json_integer(TCP_GET_URG_POINTER(p))); } break; case IPPROTO_UDP: if (PKT_IS_UDP(p)) { json_object_set_new(djs, "udplen", json_integer(UDP_GET_LEN(p))); } break; case IPPROTO_ICMP: if (PKT_IS_ICMPV4(p)) { json_object_set_new(djs, "icmp_id", json_integer(ICMPV4_GET_ID(p))); json_object_set_new(djs, "icmp_seq", json_integer(ICMPV4_GET_SEQ(p))); } else if(PKT_IS_ICMPV6(p)) { json_object_set_new(djs, "icmp_id", json_integer(ICMPV6_GET_ID(p))); json_object_set_new(djs, "icmp_seq", json_integer(ICMPV6_GET_SEQ(p))); } break; } json_object_set_new(js, "drop", djs); if (aft->drop_ctx->flags & LOG_DROP_ALERTS) { int logged = 0; int i; for (i = 0; i < p->alerts.cnt; i++) { const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; } if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) || ((pa->action & ACTION_DROP) && EngineModeIsIPS())) { AlertJsonHeader(NULL, p, pa, js, 0); logged = 1; } } if (logged == 0) { if (p->alerts.drop.action != 0) { const PacketAlert *pa = &p->alerts.drop; AlertJsonHeader(NULL, p, pa, js, 0); } } } OutputJSONBuffer(js, aft->drop_ctx->file_ctx, &aft->buffer); json_object_del(js, "drop"); json_object_clear(js); json_decref(js); return TM_ECODE_OK; }
/* ** We're validating the credential on the store call. The user parameter is overloaded ** here with the user credential to validate. IN this case it's the whole payload ** which looks like an HTTP request (mostly). ** ** Success: returns SASL_OK and sets the username and payload strings in the ** sparams->propctx context. ** ** The things we know about are: ** OAUTH_VALIDATE_USERNAME The name of the user from the token. ** OAUTH_VALIDATE_PAYLOAD Implementation specific data payload of the OAuth token. ** ** Failure returs an appropriate error code and sets the error message if there's ** explanation needed. */ static int oauth_validate_auxprop_store(void *glob_context, sasl_server_params_t *sparams, struct propctx *prctx, const char *user, unsigned ulen) { // oauth_validatectx_t *ctx = glob_context; const struct propval *pr; int authhdrlen; unsigned decodedlen; int ret = SASL_OK; char *authhdr, *eolstr, *authbuf, *decoded; char *authhrdstr = "\r\nAuthorization: "; char *token_label = " token=\""; const char *username; const char *scope; int expires; json_t *jobj; json_error_t jerror; char *proplist[] = {OAUTH_VALIDATE_USERNAME, OAUTH_VALIDATE_PAYLOAD, NULL }; /* just checking if we are enabled */ if (!sparams || !user) return SASL_BADPARAM; pr = sparams->utils->prop_get(prctx); if (!pr) return SASL_BADPARAM; /* clear and previously set values (which shoudl be NULL anyway) */ ret = sparams->utils->prop_request(prctx, proplist); if (!pr) return ret; ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_USERNAME, NULL, 0); if (!pr) return ret; ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_PAYLOAD, NULL, 0); if (!pr) return ret; /* ** In a real implementation we care about the GET line, the Host header ** and the Authorization header. In our stub example we only care about ** the Authorization header line. ** ** IN fact we only care about the token= part of the Auth header. */ /* Get the contents of the Authoriaztion header. */ if (!(authhdr = strstr(user, authhrdstr))) { return SASL_BADPROT; /* we must have the Authorization header. */ } authhdr += strlen(authhrdstr); /* ignore the header label */ /* properly formatted we must have a CRLF */ if (!(eolstr = strstr(authhdr, "\r\n"))) { return SASL_BADPROT; } /* Now find the token=" withing the auth header */ if (!(authhdr = strstr(authhdr, token_label))) { return SASL_BADPROT; /* we must have a token */ } authhdr += strlen(token_label); /* ignore the token label */ for (eolstr = authhdr; *eolstr != '"'; eolstr++); authhdrlen = eolstr - authhdr ; /* slight optimization, 1 malloc for 2 spaces. */ authbuf = sparams->utils->malloc(2*(authhdrlen+1)); if (!authbuf) return SASL_NOMEM; decoded = authbuf + authhdrlen + 1; /* ** In our stub we're expecting a base64 encoded JSON string. If we get ** one that works then we'll extract the fields we want and do rudimentary ** validation ** "userid" => $arguser ** "scope" => $argscope ** "expires" => time()+60 */ strncpy(authbuf, authhdr, authhdrlen); authbuf[authhdrlen] = 0; if (sparams->utils->decode64(authbuf, authhdrlen, decoded, authhdrlen, &decodedlen)) ret = SASL_BADPROT; /* base64 decode failed */ if (!(jobj = json_loads(decoded, &jerror))) { ret = SASL_FAIL; goto cleanup; } username = json_string_value(json_object_get(jobj, "userid")); scope = json_string_value(json_object_get(jobj, "scope")); expires = json_integer_value(json_object_get(jobj, "expires")); /* we've extracted, now validate */ if (!username || !strcmp(username, "")) { ret = SASL_BADAUTH; goto cleanup; } if (expires < time(NULL)) { ret = SASL_EXPIRED; goto cleanup; } /* ** stub accepts unscoped or demo at the moment. ** ** XXXXXXX test in the global context for the configured scopes. */ if (strcmp(scope, "") && strcmp(scope, "demo")) { ret = SASL_NOAUTHZ; goto cleanup; } /* ** We're valid, pass back the values. We could also pass back ** payload here, but the stub does not. */ ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_USERNAME, username, 0); cleanup: if (authbuf) sparams->utils->free(authbuf); if (jobj) json_object_clear(jobj); return ret; }
static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { MemBuffer *payload = aft->payload_buffer; AlertJsonOutputCtx *json_output_ctx = aft->json_output_ctx; json_t *hjs = NULL; int i; if (p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG)) return TM_ECODE_OK; json_t *js = CreateJSONHeader((Packet *)p, 0, "alert"); if (unlikely(js == NULL)) return TM_ECODE_OK; for (i = 0; i < p->alerts.cnt; i++) { const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; } MemBufferReset(aft->json_buffer); /* alert */ AlertJsonHeader(p, pa, js); if (json_output_ctx->flags & LOG_JSON_HTTP) { if (p->flow != NULL) { uint16_t proto = FlowGetAppProtocol(p->flow); /* http alert */ if (proto == ALPROTO_HTTP) { hjs = JsonHttpAddMetadata(p->flow, pa->tx_id); if (hjs) json_object_set_new(js, "http", hjs); } } } if (json_output_ctx->flags & LOG_JSON_TLS) { if (p->flow != NULL) { uint16_t proto = FlowGetAppProtocol(p->flow); /* http alert */ if (proto == ALPROTO_TLS) AlertJsonTls(p->flow, js); } } if (json_output_ctx->flags & LOG_JSON_SSH) { if (p->flow != NULL) { uint16_t proto = FlowGetAppProtocol(p->flow); /* http alert */ if (proto == ALPROTO_SSH) AlertJsonSsh(p->flow, js); } } if (json_output_ctx->flags & LOG_JSON_SMTP) { if (p->flow != NULL) { uint16_t proto = FlowGetAppProtocol(p->flow); /* http alert */ if (proto == ALPROTO_SMTP) { hjs = JsonSMTPAddMetadata(p->flow, pa->tx_id); if (hjs) json_object_set_new(js, "smtp", hjs); hjs = JsonEmailAddMetadata(p->flow, pa->tx_id); if (hjs) json_object_set_new(js, "email", hjs); } } } /* payload */ if (json_output_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) { int stream = (p->proto == IPPROTO_TCP) ? (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0) : 0; /* Is this a stream? If so, pack part of it into the payload field */ if (stream) { uint8_t flag; MemBufferReset(payload); if (p->flowflags & FLOW_PKT_TOSERVER) { flag = FLOW_PKT_TOCLIENT; } else { flag = FLOW_PKT_TOSERVER; } StreamSegmentForEach((const Packet *)p, flag, AlertJsonDumpStreamSegmentCallback, (void *)payload); if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) { unsigned long len = json_output_ctx->payload_buffer_size * 2; uint8_t encoded[len]; Base64Encode(payload->buffer, payload->offset, encoded, &len); json_object_set_new(js, "payload", json_string((char *)encoded)); } if (json_output_ctx->flags & LOG_JSON_PAYLOAD) { uint8_t printable_buf[payload->offset + 1]; uint32_t offset = 0; PrintStringsToBuffer(printable_buf, &offset, sizeof(printable_buf), payload->buffer, payload->offset); json_object_set_new(js, "payload_printable", json_string((char *)printable_buf)); } } else { /* This is a single packet and not a stream */ if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) { unsigned long len = p->payload_len * 2 + 1; uint8_t encoded[len]; Base64Encode(p->payload, p->payload_len, encoded, &len); json_object_set_new(js, "payload", json_string((char *)encoded)); } if (json_output_ctx->flags & LOG_JSON_PAYLOAD) { uint8_t printable_buf[p->payload_len + 1]; uint32_t offset = 0; PrintStringsToBuffer(printable_buf, &offset, p->payload_len + 1, p->payload, p->payload_len); json_object_set_new(js, "payload_printable", json_string((char *)printable_buf)); } } json_object_set_new(js, "stream", json_integer(stream)); } /* base64-encoded full packet */ if (json_output_ctx->flags & LOG_JSON_PACKET) { AlertJsonPacket(p, js); } HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg; /* xff header */ if ((xff_cfg != NULL) && !(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) { int have_xff_ip = 0; char buffer[XFF_MAXLEN]; if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) { if (pa->flags & PACKET_ALERT_FLAG_TX) { have_xff_ip = HttpXFFGetIPFromTx(p, pa->tx_id, xff_cfg, buffer, XFF_MAXLEN); } else { have_xff_ip = HttpXFFGetIP(p, xff_cfg, buffer, XFF_MAXLEN); } } if (have_xff_ip) { if (xff_cfg->flags & XFF_EXTRADATA) { json_object_set_new(js, "xff", json_string(buffer)); } else if (xff_cfg->flags & XFF_OVERWRITE) { if (p->flowflags & FLOW_PKT_TOCLIENT) { json_object_set(js, "dest_ip", json_string(buffer)); } else { json_object_set(js, "src_ip", json_string(buffer)); } } } } OutputJSONBuffer(js, aft->file_ctx, &aft->json_buffer); json_object_del(js, "alert"); } json_object_clear(js); json_decref(js); if ((p->flags & PKT_HAS_TAG) && (json_output_ctx->flags & LOG_JSON_TAGGED_PACKETS)) { MemBufferReset(aft->json_buffer); json_t *packetjs = CreateJSONHeader((Packet *)p, 0, "packet"); if (unlikely(packetjs != NULL)) { AlertJsonPacket(p, packetjs); OutputJSONBuffer(packetjs, aft->file_ctx, &aft->json_buffer); json_decref(packetjs); } } return TM_ECODE_OK; }
/** Handle the case where no JSON support is compiled in. * */ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { MemBuffer *payload = aft->payload_buffer; int i; if (p->alerts.cnt == 0) return TM_ECODE_OK; MemBufferReset(aft->json_buffer); json_t *js = CreateJSONHeader((Packet *)p, 0, "alert"); if (unlikely(js == NULL)) return TM_ECODE_OK; for (i = 0; i < p->alerts.cnt; i++) { const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; } char *action = "allowed"; if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) { action = "blocked"; } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) { action = "blocked"; } json_t *ajs = json_object(); if (ajs == NULL) { json_decref(js); return TM_ECODE_OK; } json_object_set_new(ajs, "action", json_string(action)); json_object_set_new(ajs, "gid", json_integer(pa->s->gid)); json_object_set_new(ajs, "signature_id", json_integer(pa->s->id)); json_object_set_new(ajs, "rev", json_integer(pa->s->rev)); json_object_set_new(ajs, "signature", json_string((pa->s->msg) ? pa->s->msg : "")); json_object_set_new(ajs, "category", json_string((pa->s->class_msg) ? pa->s->class_msg : "")); json_object_set_new(ajs, "severity", json_integer(pa->s->prio)); /* alert */ json_object_set_new(js, "alert", ajs); /* payload */ if (aft->file_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) { int stream = (p->proto == IPPROTO_TCP) ? (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ? 1 : 0) : 0; /* Is this a stream? If so, pack part of it into the payload field */ if (stream) { uint8_t flag; MemBufferReset(payload); if (p->flowflags & FLOW_PKT_TOSERVER) { flag = FLOW_PKT_TOCLIENT; } else { flag = FLOW_PKT_TOSERVER; } StreamSegmentForEach((const Packet *)p, flag, AlertJsonPrintStreamSegmentCallback, (void *)payload); if (aft->file_ctx->flags & LOG_JSON_PAYLOAD_BASE64) { unsigned long len = JSON_STREAM_BUFFER_SIZE * 2; unsigned char encoded[len]; Base64Encode((unsigned char *)payload, payload->offset, encoded, &len); json_object_set_new(js, "payload", json_string((char *)encoded)); } if (aft->file_ctx->flags & LOG_JSON_PAYLOAD) { json_object_set_new(js, "payload_printable", json_string((char *)payload->buffer)); } } else { /* This is a single packet and not a stream */ unsigned char packet_buf[p->payload_len + 1]; uint32_t offset = 0; PrintStringsToBuffer(packet_buf, &offset, p->payload_len + 1, p->payload, p->payload_len); if (aft->file_ctx->flags & LOG_JSON_PAYLOAD_BASE64) { unsigned long len = sizeof(packet_buf) * 2; unsigned char encoded[len]; Base64Encode(packet_buf, offset, encoded, &len); json_object_set_new(js, "payload", json_string((char *)encoded)); } if (aft->file_ctx->flags & LOG_JSON_PAYLOAD) { json_object_set_new(js, "payload_printable", json_string((char *)packet_buf)); } } json_object_set_new(js, "stream", json_integer(stream)); } /* base64-encoded full packet */ if (aft->file_ctx->flags & LOG_JSON_PACKET) { unsigned long len = GET_PKT_LEN(p) * 2; unsigned char encoded_packet[len]; Base64Encode((unsigned char*) GET_PKT_DATA(p), GET_PKT_LEN(p), encoded_packet, &len); json_object_set_new(js, "packet", json_string((char *)encoded_packet)); } OutputJSONBuffer(js, aft->file_ctx, aft->json_buffer); json_object_del(js, "alert"); } json_object_clear(js); json_decref(js); return TM_ECODE_OK; }
/** * \internal * \brief Write meta data on a single line json record */ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) { MemBuffer *buffer = (MemBuffer *)aft->buffer; json_t *js = CreateJSONHeader((Packet *)p, 0, "file"); //TODO const if (unlikely(js == NULL)) return; /* reset */ MemBufferReset(buffer); json_t *hjs = json_object(); if (unlikely(hjs == NULL)) { json_decref(js); return; } json_object_set_new(hjs, "url", LogFileMetaGetUri(p, ff)); json_object_set_new(hjs, "hostname", LogFileMetaGetHost(p, ff)); json_object_set_new(hjs, "http_refer", LogFileMetaGetReferer(p, ff)); json_object_set_new(hjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff)); json_object_set_new(js, "http", hjs); json_t *fjs = json_object(); if (unlikely(fjs == NULL)) { json_decref(hjs); json_decref(js); return; } char *s = BytesToString(ff->name, ff->name_len); json_object_set_new(fjs, "filename", json_string(s)); if (s != NULL) SCFree(s); if (ff->magic) json_object_set_new(fjs, "magic", json_string((char *)ff->magic)); else json_object_set_new(fjs, "magic", json_string("unknown")); switch (ff->state) { case FILE_STATE_CLOSED: json_object_set_new(fjs, "state", json_string("CLOSED")); #ifdef HAVE_NSS if (ff->flags & FILE_MD5) { size_t x; int i; char *s = SCMalloc(256); if (likely(s != NULL)) { for (i = 0, x = 0; x < sizeof(ff->md5); x++) { i += snprintf(&s[i], 255-i, "%02x", ff->md5[x]); } json_object_set_new(fjs, "md5", json_string(s)); SCFree(s); } } #endif break; case FILE_STATE_TRUNCATED: json_object_set_new(fjs, "state", json_string("TRUNCATED")); break; case FILE_STATE_ERROR: json_object_set_new(fjs, "state", json_string("ERROR")); break; default: json_object_set_new(fjs, "state", json_string("UNKNOWN")); break; } json_object_set_new(fjs, "stored", (ff->flags & FILE_STORED) ? json_true() : json_false()); json_object_set_new(fjs, "size", json_integer(ff->size)); json_object_set_new(js, "file", fjs); OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer); json_object_del(js, "file"); json_object_del(js, "http"); json_object_clear(js); json_decref(js); }
static void test_update() { json_t *object, *other, *nine, *ten; object = json_object(); other = json_object(); nine = json_integer(9); ten = json_integer(10); if(!object || !other) fail("unable to create object"); if(!nine || !ten) fail("unable to create integer"); /* update an empty object with an empty object */ if(json_object_update(object, other)) fail("unable to update an emtpy object with an empty object"); if(json_object_size(object) != 0) fail("invalid size after update"); if(json_object_size(other) != 0) fail("invalid size for updater after update"); /* update an empty object with a nonempty object */ if(json_object_set(other, "a", ten) || json_object_set(other, "b", ten) || json_object_set(other, "c", ten) || json_object_set(other, "d", ten) || json_object_set(other, "e", ten)) fail("unable to set value"); if(json_object_update(object, other)) fail("unable to update an empty object"); if(json_object_size(object) != 5) fail("invalid size after update"); if(json_object_get(object, "a") != ten || json_object_get(object, "b") != ten || json_object_get(object, "c") != ten || json_object_get(object, "d") != ten || json_object_get(object, "e") != ten) fail("update works incorrectly"); /* perform the same update again */ if(json_object_update(object, other)) fail("unable to update a non-empty object"); if(json_object_size(object) != 5) fail("invalid size after update"); if(json_object_get(object, "a") != ten || json_object_get(object, "b") != ten || json_object_get(object, "c") != ten || json_object_get(object, "d") != ten || json_object_get(object, "e") != ten) fail("update works incorrectly"); /* update a nonempty object with a nonempty object with both old and new keys */ if(json_object_clear(other)) fail("clear failed"); if(json_object_set(other, "a", nine) || json_object_set(other, "b", nine) || json_object_set(other, "f", nine) || json_object_set(other, "g", nine) || json_object_set(other, "h", nine)) fail("unable to set value"); if(json_object_update(object, other)) fail("unable to update a nonempty object"); if(json_object_size(object) != 8) fail("invalid size after update"); if(json_object_get(object, "a") != nine || json_object_get(object, "b") != nine || json_object_get(object, "f") != nine || json_object_get(object, "g") != nine || json_object_get(object, "h") != nine) fail("update works incorrectly"); json_decref(nine); json_decref(ten); json_decref(other); json_decref(object); }
static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { int i; char timebuf[64]; json_t *js; if (p->alerts.cnt == 0) return TM_ECODE_OK; CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf)); for (i = 0; i < p->alerts.cnt; i++) { MemBufferReset(aft->json_buffer); const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; } char *action = "allowed"; if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) { action = "blocked"; } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) { action = "blocked"; } char buf[(32 * 3) + 1]; PrintRawLineHexBuf(buf, sizeof(buf), GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32); js = json_object(); if (js == NULL) return TM_ECODE_OK; json_t *ajs = json_object(); if (ajs == NULL) { json_decref(js); return TM_ECODE_OK; } /* time & tx */ json_object_set_new(js, "timestamp", json_string(timebuf)); /* tuple */ //json_object_set_new(js, "srcip", json_string(srcip)); //json_object_set_new(js, "sp", json_integer(p->sp)); //json_object_set_new(js, "dstip", json_string(dstip)); //json_object_set_new(js, "dp", json_integer(p->dp)); //json_object_set_new(js, "proto", json_integer(proto)); json_object_set_new(ajs, "action", json_string(action)); json_object_set_new(ajs, "gid", json_integer(pa->s->gid)); json_object_set_new(ajs, "signature_id", json_integer(pa->s->id)); json_object_set_new(ajs, "rev", json_integer(pa->s->rev)); json_object_set_new(ajs, "signature", json_string((pa->s->msg) ? pa->s->msg : "")); json_object_set_new(ajs, "category", json_string((pa->s->class_msg) ? pa->s->class_msg : "")); json_object_set_new(ajs, "severity", json_integer(pa->s->prio)); if (p->tenant_id > 0) json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id)); /* alert */ json_object_set_new(js, "alert", ajs); OutputJSONBuffer(js, aft->file_ctx, &aft->json_buffer); json_object_clear(js); json_decref(js); } return TM_ECODE_OK; }
static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p) { JsonSshLogThread *aft = (JsonSshLogThread *)thread_data; MemBuffer *buffer = (MemBuffer *)aft->buffer; OutputSshCtx *ssh_ctx = aft->sshlog_ctx; if (unlikely(p->flow == NULL)) { return 0; } /* check if we have SSH state or not */ FLOWLOCK_WRLOCK(p->flow); uint16_t proto = FlowGetAppProtocol(p->flow); if (proto != ALPROTO_SSH) goto end; SshState *ssh_state = (SshState *)FlowGetAppState(p->flow); if (unlikely(ssh_state == NULL)) { goto end; } if (ssh_state->cli_hdr.software_version == NULL || ssh_state->srv_hdr.software_version == NULL) goto end; json_t *js = CreateJSONHeader((Packet *)p, 1, "ssh");//TODO if (unlikely(js == NULL)) goto end; json_t *tjs = json_object(); if (tjs == NULL) { free(js); goto end; } /* reset */ MemBufferReset(buffer); json_t *cjs = json_object(); if (cjs != NULL) { json_object_set_new(cjs, "proto_version", json_string((char *)ssh_state->cli_hdr.proto_version)); json_object_set_new(cjs, "software_version", json_string((char *)ssh_state->cli_hdr.software_version)); } json_object_set_new(tjs, "client", cjs); json_t *sjs = json_object(); if (sjs != NULL) { json_object_set_new(sjs, "proto_version", json_string((char *)ssh_state->srv_hdr.proto_version)); json_object_set_new(sjs, "software_version", json_string((char *)ssh_state->srv_hdr.software_version)); } json_object_set_new(tjs, "server", sjs); json_object_set_new(js, "ssh", tjs); OutputJSONBuffer(js, ssh_ctx->file_ctx, buffer); json_object_clear(js); json_decref(js); /* we only log the state once */ ssh_state->cli_hdr.flags |= SSH_FLAG_STATE_LOGGED; end: FLOWLOCK_UNLOCK(p->flow); return 0; }
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p) { json_t *js = CreateJSONHeader(p, 0, "inspectedrules"); if (js == NULL) return; json_t *ir = json_object(); if (ir == NULL) return; json_object_set_new(ir, "rule_group_id", json_integer(det_ctx->sgh->id)); json_object_set_new(ir, "rule_cnt", json_integer(det_ctx->match_array_cnt)); json_t *js_array = json_array(); uint32_t x; for (x = 0; x < det_ctx->match_array_cnt; x++) { const Signature *s = det_ctx->match_array[x]; if (s == NULL) continue; json_t *js_sig = json_object(); if (unlikely(js == NULL)) continue; json_object_set_new(js_sig, "sig_id", json_integer(s->id)); json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false()); if (s->mpm_sm != NULL) { char orig[256] = ""; char chop[256] = ""; DumpFp(s->mpm_sm, orig, sizeof(orig), chop, sizeof(chop)); json_object_set_new(js_sig, "mpm_buffer", json_string(DetectListToHumanString(SigMatchListSMBelongsTo(s, s->mpm_sm)))); json_object_set_new(js_sig, "mpm_pattern", json_string(orig)); if (strlen(chop) > 0) { json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop)); } } json_array_append_new(js_array, js_sig); } json_object_set_new(ir, "rules", js_array); json_object_set_new(js, "inspectedrules", ir); const char *filename = "packet_inspected_rules.json"; const char *log_dir = ConfigGetLogDirectory(); char log_path[PATH_MAX] = ""; snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, filename); MemBuffer *mbuf = NULL; mbuf = MemBufferCreateNew(4096); BUG_ON(mbuf == NULL); OutputJSONMemBufferWrapper wrapper = { .buffer = &mbuf, .expand_by = 4096, }; int r = json_dump_callback(js, OutputJSONMemBufferCallback, &wrapper, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII| JSON_ESCAPE_SLASH); if (r != 0) { SCLogWarning(SC_ERR_SOCKET, "unable to serialize JSON object"); } else { MemBufferWriteString(mbuf, "\n"); SCMutexLock(&g_rule_dump_write_m); FILE *fp = fopen(log_path, "a"); if (fp != NULL) { MemBufferPrintToFPAsString(mbuf, fp); fclose(fp); SCMutexUnlock(&g_rule_dump_write_m); } } MemBufferFree(mbuf); json_object_clear(js); json_decref(js); }
int ast_json_object_clear(struct ast_json *object) { return json_object_clear((json_t *)object); }