Example #1
0
static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
{
    SCEnter();
    JsonNetFlowLogThread *jhl = (JsonNetFlowLogThread *)thread_data;

    /* reset */
    MemBufferReset(jhl->buffer);
    json_t *js = CreateJSONHeaderFromFlow(f, "netflow", 0); //TODO const
    if (unlikely(js == NULL))
        return TM_ECODE_OK;
    JsonNetFlowLogJSONToServer(jhl, js, f);
    OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
    json_object_del(js, "netflow");
    json_object_clear(js);
    json_decref(js);

    /* reset */
    MemBufferReset(jhl->buffer);
    js = CreateJSONHeaderFromFlow(f, "netflow", 1); //TODO const
    if (unlikely(js == NULL))
        return TM_ECODE_OK;
    JsonNetFlowLogJSONToClient(jhl, js, f);
    OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
    json_object_del(js, "netflow");
    json_object_clear(js);
    json_decref(js);

    SCReturnInt(TM_ECODE_OK);
}
Example #2
0
static int JsonStatsLogger(ThreadVars *tv, void *thread_data, const StatsTable *st)
{
    SCEnter();
    JsonStatsLogThread *aft = (JsonStatsLogThread *)thread_data;

    struct timeval tval;
    gettimeofday(&tval, NULL);

    json_t *js = json_object();
    if (unlikely(js == NULL))
        return 0;
    char timebuf[64];
    CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
    json_object_set_new(js, "timestamp", json_string(timebuf));
    json_object_set_new(js, "event_type", json_string("stats"));

    json_t *js_stats = StatsToJSON(st, aft->statslog_ctx->flags);
    if (js_stats == NULL) {
        json_decref(js);
        return 0;
    }

    json_object_set_new(js, "stats", js_stats);

    OutputJSONBuffer(js, aft->statslog_ctx->file_ctx, &aft->buffer);
    MemBufferReset(aft->buffer);

    json_object_clear(js_stats);
    json_object_del(js, "stats");
    json_object_clear(js);
    json_decref(js);

    SCReturnInt(0);
}
static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
{
    SCEnter();
    JsonNetFlowLogThread *jhl = (JsonNetFlowLogThread *)thread_data;
    LogJsonFileCtx *netflow_ctx = jhl->flowlog_ctx;

    /* reset */
    MemBufferReset(jhl->buffer);
    json_t *js = CreateJSONHeaderFromFlow(f, "netflow", 0);
    if (unlikely(js == NULL))
        return TM_ECODE_OK;
    JsonNetFlowLogJSONToServer(jhl, js, f);
    JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js);
    OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
    json_object_del(js, "netflow");
    json_object_clear(js);
    json_decref(js);

    /* only log a response record if we actually have seen response packets */
    if (f->tosrcpktcnt) {
        /* reset */
        MemBufferReset(jhl->buffer);
        js = CreateJSONHeaderFromFlow(f, "netflow", 1);
        if (unlikely(js == NULL))
            return TM_ECODE_OK;
        JsonNetFlowLogJSONToClient(jhl, js, f);
        JsonAddCommonOptions(&netflow_ctx->cfg, NULL, f, js);
        OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
        json_object_del(js, "netflow");
        json_object_clear(js);
        json_decref(js);
    }
    SCReturnInt(TM_ECODE_OK);
}
Example #4
0
int jt_stats_packer(void *data, char **out)
{
	struct timespec mts; /* message timestamp */
	struct jt_msg_stats *stats_msg = data;
	json_t *t = json_object();
	json_t *samples_arr = json_array();
	json_t *params = json_object();
	json_t *jmts = json_object();

	json_object_set_new(params, "iface", json_string(stats_msg->iface));

	json_object_set_new(params, "whoosh_err_mean",
	                    json_integer(stats_msg->err.mean));
	json_object_set_new(params, "whoosh_err_max",
	                    json_integer(stats_msg->err.max));
	json_object_set_new(params, "whoosh_err_sd",
	                    json_integer(stats_msg->err.sd));

	json_t *sample[stats_msg->sample_count];
	// order matters!
	for (int i = 0; i < stats_msg->sample_count; i++) {
		sample[i] = json_object();
		json_object_set_new(sample[i], "rx",
		                    json_integer(stats_msg->samples[i].rx));
		json_object_set_new(sample[i], "tx",
		                    json_integer(stats_msg->samples[i].tx));
		json_object_set_new(sample[i], "rxP",
		                    json_integer(stats_msg->samples[i].rxPkt));
		json_object_set_new(sample[i], "txP",
		                    json_integer(stats_msg->samples[i].txPkt));
		json_array_append(samples_arr, sample[i]);
	}

	json_object_set_new(
	    t, "msg", json_string(jt_messages[JT_MSG_STATS_V1].key));
	json_object_set(params, "s", samples_arr);
	json_object_set(t, "p", params);

	/* timestamp the new message */
	clock_gettime(CLOCK_MONOTONIC, &mts);
	json_object_set_new(jmts, "tv_sec", json_integer(mts.tv_sec));
	json_object_set_new(jmts, "tv_nsec", json_integer(mts.tv_nsec));
	json_object_set_new(params, "t", jmts);

	*out = json_dumps(t, 0);
	for (int i = 0; i < stats_msg->sample_count; i++) {
		json_decref(sample[i]);
	}
	json_array_clear(samples_arr);
	json_decref(samples_arr);
	json_object_clear(params);
	json_decref(params);
	json_object_clear(t);
	json_decref(t);
	return 0;
}
Example #5
0
static int Logger(ThreadVars *t, void *thread_data, const Packet *p,
		Flow *f, void *alstate, void *txptr, uint64_t tx_id) {
	SCEnter();
	char *name = NULL;

	DBJsonLogThread *jlt = (DBJsonLogThread *)thread_data;

	switch (f->alproto) {
		case ALPROTO_MYSQL:
			name = "mysql";
		case ALPROTO_TNS11G:
			name = "oracle-tns";
		case ALPROTO_TDS:
			name = "mssql-tds";
		case ALPROTO_DRDA:
			name = "db2-drda";
		default:
			SCReturnInt(-1);
	}

	json_t *js = CreateJSONHeader((Packet *)p, 1, name);
	MemBufferReset(jlt->buf);

	/* TODO */
	DBLogAlState(alstate, f->alproto, p, js, name);

	OutputJSONBuffer(js, jlt->ctx->ctx, jlt->buf);
	json_object_del(js, name);
	json_object_clear(js);
	json_decref(js);
	SCReturnInt(TM_ECODE_OK);
}
Example #6
0
static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p) {
    JsonTlsLogThread *aft = (JsonTlsLogThread *)thread_data;
    MemBuffer *buffer = (MemBuffer *)aft->buffer;
    OutputTlsCtx *tls_ctx = aft->tlslog_ctx;

    if (unlikely(p->flow == NULL)) {
        return 0;
    }

    /* check if we have TLS state or not */
    FLOWLOCK_WRLOCK(p->flow);
    uint16_t proto = FlowGetAppProtocol(p->flow);
    if (proto != ALPROTO_TLS)
        goto end;

    SSLState *ssl_state = (SSLState *)FlowGetAppState(p->flow);
    if (unlikely(ssl_state == NULL)) {
        goto end;
    }

    if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL)
        goto end;

    json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");//TODO
    if (unlikely(js == NULL))
        goto end;

    json_t *tjs = json_object();
    if (tjs == NULL) {
        free(js);
        goto end;
    }

    /* reset */
    MemBufferReset(buffer);

    /* tls.subject */
    json_object_set_new(tjs, "subject",
                        json_string(ssl_state->server_connp.cert0_subject));

    /* tls.issuerdn */
    json_object_set_new(tjs, "issuerdn",
                        json_string(ssl_state->server_connp.cert0_issuerdn));

    if (tls_ctx->flags & LOG_TLS_EXTENDED) {
        LogTlsLogExtendedJSON(tjs, ssl_state);
    }

    json_object_set_new(js, "tls", tjs);

    OutputJSONBuffer(js, tls_ctx->file_ctx, buffer);
    json_object_clear(js);
    json_decref(js);

    /* we only log the state once */
    ssl_state->flags |= SSL_AL_FLAG_STATE_LOGGED;
end:
    FLOWLOCK_UNLOCK(p->flow);
    return 0;
}
Example #7
0
static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *alstate, void *txptr, uint64_t tx_id)
{
    SCEnter();

    htp_tx_t *tx = txptr;
    JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
    MemBuffer *buffer = (MemBuffer *)jhl->buffer;

    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
    if (unlikely(js == NULL))
        return TM_ECODE_OK;

    SCLogDebug("got a HTTP request and now logging !!");

    /* reset */
    MemBufferReset(buffer);

    JsonHttpLogJSON(jhl, js, tx);

    OutputJSONBuffer(js, jhl->httplog_ctx->file_ctx, buffer);
    json_object_del(js, "http");

    json_object_clear(js);
    json_decref(js);

    SCReturnInt(TM_ECODE_OK);
}
void OUTPUT_FORMATTER::json_finalize_result(bool result)
{
   POOL_MEM string;
   json_t *msg_obj = json_object();
   json_t *error_obj;

   /*
    * We mimic json-rpc result and error messages,
    * To make it easier to implement real json-rpc later on.
    */
   json_object_set(msg_obj, "jsonrpc", json_string("2.0"));
   json_object_set(msg_obj, "id", json_null());
   if (result) {
      json_object_set(msg_obj, "result", result_array_json);
   } else {
      error_obj = json_object();
      json_object_set_new(error_obj, "code", json_integer(1));
      json_object_set_new(error_obj, "message", json_string("failed"));
      json_object_set(error_obj, "data", result_array_json);
      json_object_set_new(msg_obj, "error", error_obj);
   }

   string.bsprintf("%s\n", json_dumps(msg_obj, UA_JSON_FLAGS));
   send_func(send_ctx, string.c_str());
   json_array_clear(result_array_json);
   json_object_clear(msg_obj);
}
Example #9
0
void CreateJSONMaxFeatureVector(double * MaxFeatureVector,const int bins,char * filename)
{
    json_t* corr = json_object();
    json_t* jsonFileName = json_string("MaxFeatureVector");
    json_t* featureVector = json_array();
    json_t* vectorVals;
    int i;

    // Build feature vector json array
    for (i=0; i<bins; i++)
    {
        vectorVals = json_real(MaxFeatureVector[i]);
        if (json_array_append_new(featureVector,vectorVals))
        {
            printf("Cannot append %f to json array",MaxFeatureVector[i]);
            puts(strerror(errno));
            exit(1);
        }
    }
    // add both feature vector and file name to json object
    json_object_set_new(corr,"FileName",jsonFileName);
    json_object_set_new(corr,"FeatureVector",featureVector);

    json_dump_file(corr,filename,JSON_INDENT(2));


    // need to call jansson specific free
    json_object_clear(corr);

}
Example #10
0
static void test_clear()
{
    json_t *object, *ten;

    object = json_object();
    ten = json_integer(10);

    if(!object)
        fail("unable to create object");
    if(!ten)
        fail("unable to create integer");

    if(json_object_set(object, "a", ten) ||
       json_object_set(object, "b", ten) ||
       json_object_set(object, "c", ten) ||
       json_object_set(object, "d", ten) ||
       json_object_set(object, "e", ten))
        fail("unable to set value");

    if(json_object_size(object) != 5)
        fail("invalid size");

    json_object_clear(object);

    if(json_object_size(object) != 0)
        fail("invalid size after clear");

    json_decref(ten);
    json_decref(object);
}
int jt_sample_period_packer(void *data, char **out)
{
	int *sample_period = data;
	json_t *t = json_object();
	json_t *msg = json_object();

	json_object_set_new(
	    msg, "msg", json_string(jt_messages[JT_MSG_SAMPLE_PERIOD_V1].key));
	json_object_set_new(t, "period", json_integer(*sample_period));
	json_object_set(msg, "p", t);
	*out = json_dumps(msg, 0);
	json_object_clear(t);
	json_decref(t);
	json_object_clear(msg);
	json_decref(msg);
	return 0;
}
OUTPUT_FORMATTER::~OUTPUT_FORMATTER()
{
   delete result_message_plain;
#if HAVE_JANSSON
   json_object_clear(result_array_json);
   json_decref(result_array_json);
   delete result_stack_json;
#endif
}
Example #13
0
/** Handle the case where no JSON support is compiled in.
 *
 */
static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
{
    MemBuffer *buffer = (MemBuffer *)aft->buffer;
    int i;

    if (p->alerts.cnt == 0)
        return TM_ECODE_OK;

    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;

    for (i = 0; i < p->alerts.cnt; i++) {
        const PacketAlert *pa = &p->alerts.alerts[i];
        if (unlikely(pa->s == NULL)) {
            continue;
        }

        char *action = "allowed";
        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
            action = "blocked";
        } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
            action = "blocked";
        }

        json_t *ajs = json_object();
        if (ajs == NULL) {
            json_decref(js);
            return TM_ECODE_OK;
        }

        MemBufferReset(buffer);

        json_object_set_new(ajs, "action", json_string(action));
        json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
        json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
        json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
        json_object_set_new(ajs, "signature",
                            json_string((pa->s->msg) ? pa->s->msg : ""));
        json_object_set_new(ajs, "category",
                            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
        json_object_set_new(ajs, "severity", json_integer(pa->s->prio));

        /* alert */
        json_object_set_new(js, "alert", ajs);

        OutputJSONBuffer(js, aft->file_ctx, aft->buffer);
        json_object_del(js, "alert");
    }
    json_object_clear(js);
    json_decref(js);

    return TM_ECODE_OK;
}
Example #14
0
/**
SerializeAllToJson:
Creates a single file containing all the correlogram feature vectors and the max feature vector
    @param[in] correlograms: pointer to array of correlograms to be serialize.
    @param[in] MaxFeatureVector: array of double values containing the maximum value from every correlogram for each bin
    @param[in] bins: number of quantization bins.
    @param[in] filename: string of where to write out to.
    @param[in] numCorrelograms: the number of correlograms within correlograms

*/
void SerializeAllToJson(Correlogram ** correlograms,double* MaxFeatureVector,const int bins, char * filename,int numCorrelograms)
{
    json_t* jsonCollection = json_array();
    json_t* corr;
    json_t* jsonFileName;
    json_t* featureVector;
    json_t* vectorVals;
    int i;
    int j;

    for (j=0; j<numCorrelograms; j++)
    {
        featureVector= json_array();
        jsonFileName = json_string(correlograms[j]->fileName);
        corr= json_object();
        // Build feature vector json array
        for (i=0; i<bins; i++)
        {
            vectorVals = json_real(correlograms[j]->FeatureVector[i]);
            json_array_append_new(featureVector,vectorVals);
        }

    // add both feature vector and file name to json object
    json_object_set_new(corr,"FileName",jsonFileName);
    json_object_set_new(corr,"FeatureVector",featureVector);

        json_array_append_new(jsonCollection,corr);
        free(correlograms[j]->fileName);
        free(correlograms[j]->FeatureVector);
        free(correlograms[j]);
    }
    featureVector = json_array();
    jsonFileName = json_string("MaxFeatureVector");
    corr= json_object();
    for (i=0;i<bins;i++)
    {
        vectorVals = json_real(MaxFeatureVector[i]);
        json_array_append_new(featureVector,vectorVals);
    }
    json_object_set_new(corr,"FileName",jsonFileName);
    json_object_set_new(corr,"FeatureVector",featureVector);

    json_array_append_new(jsonCollection,corr);


    json_dump_file(jsonCollection,filename,JSON_INDENT(2));



    // need to call jansson specific free
    json_object_clear(corr);
}
Example #15
0
/* encode a tpl (kv frame) as json. */
void *enc_worker(void *thread_id) {
  char buf[MAX_BUF], *key, *val;
  json_t *o = json_object();
  int rc=-1, len, nc;
  tpl_node *tn;

  while (CF.shutdown == 0) {
    len = nn_recv(CF.ingress_socket_pull, buf, MAX_BUF, 0);
    if (len < 0) {
      fprintf(stderr,"nn_recv: %s\n", nn_strerror(errno));
      goto done;
    }
    /* decode, then re-encode as json */
    json_object_clear(o);
    tn = tpl_map("A(ss)",&key,&val); assert(tn);
    if (tpl_load(tn,TPL_MEM,buf,len) < 0) goto done;
    while(tpl_unpack(tn,1) > 0) {
      json_t *jval = json_string(val);
      json_object_set_new(o, key, jval); 
      free(key); key=NULL;
      free(val); val=NULL;
    }
    tpl_free(tn);

    /* dump the json object, then newline-terminate it. */
    if (CF.verbose>1) json_dumpf(o, stderr, JSON_INDENT(1));
    char *dump = json_dumps(o, JSON_INDENT(0));
    size_t dump_len = strlen(dump);

    /* give the buffer to nano, from here it goes to kaf thread */
    nc = nn_send(CF.egress_socket_push, dump, dump_len, 0);
    free(dump);
    if (nc < 0) {
      fprintf(stderr,"nn_send: %s\n", nn_strerror(errno));
      goto done;
    }
  }

  rc = 0;

 done:
  CF.shutdown = 1;
  json_decref(o);
  return NULL;
}
Example #16
0
//native bool:json_object_clear(Handle:hObj);
static cell_t Native_json_object_clear(IPluginContext *pContext, const cell_t *params) {
	HandleError err;
	HandleSecurity sec;
	sec.pOwner = NULL;
	sec.pIdentity = myself->GetIdentity();

	// Param 1
	json_t *object;
	Handle_t hndlObject = static_cast<Handle_t>(params[1]);
	if ((err=g_pHandleSys->ReadHandle(hndlObject, htJanssonObject, &sec, (void **)&object)) != HandleError_None)
    {
        return pContext->ThrowNativeError("Invalid <Object> handle %x (error %d)", hndlObject, err);
    }


	// Return
	bool bSuccess = (json_object_clear(object) == 0);
	return bSuccess;
}
Example #17
0
static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
                         Flow *f, void *state, void *txptr, uint64_t tx_id)
{
    JsonTlsLogThread *aft = (JsonTlsLogThread *)thread_data;
    OutputTlsCtx *tls_ctx = aft->tlslog_ctx;

    SSLState *ssl_state = (SSLState *)state;
    if (unlikely(ssl_state == NULL)) {
        return 0;
    }

    if (ssl_state->server_connp.cert0_issuerdn == NULL ||
            ssl_state->server_connp.cert0_subject == NULL)
        return 0;

    json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");
    if (unlikely(js == NULL))
        return 0;

    json_t *tjs = json_object();
    if (tjs == NULL) {
        free(js);
        return 0;
    }

    /* reset */
    MemBufferReset(aft->buffer);

    JsonTlsLogJSONBasic(tjs, ssl_state);

    if (tls_ctx->flags & LOG_TLS_EXTENDED) {
        JsonTlsLogJSONExtended(tjs, ssl_state);
    }

    json_object_set_new(js, "tls", tjs);

    OutputJSONBuffer(js, tls_ctx->file_ctx, &aft->buffer);
    json_object_clear(js);
    json_decref(js);

    return 0;
}
Example #18
0
/**
 *  \internal
 *  \brief Write meta data on a single line json record
 */
static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
{
    json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const
    json_t *hjs = NULL;
    if (unlikely(js == NULL))
        return;

    /* reset */
    MemBufferReset(aft->buffer);

    switch (p->flow->alproto) {
        case ALPROTO_HTTP:
            hjs = JsonHttpAddMetadata(p->flow, ff->txid);
            if (hjs)
                json_object_set_new(js, "http", hjs);
            break;
        case ALPROTO_SMTP:
            hjs = JsonSMTPAddMetadata(p->flow, ff->txid);
            if (hjs)
                json_object_set_new(js, "smtp", hjs);
            hjs = JsonEmailAddMetadata(p->flow, ff->txid);
            if (hjs)
                json_object_set_new(js, "email", hjs);
            break;
    }

    json_object_set_new(js, "app_proto",
            json_string(AppProtoToString(p->flow->alproto)));

    json_t *fjs = json_object();
    if (unlikely(fjs == NULL)) {
        json_decref(js);
        return;
    }

    char *s = BytesToString(ff->name, ff->name_len);
    json_object_set_new(fjs, "filename", json_string(s));
    if (s != NULL)
        SCFree(s);
    if (ff->magic)
        json_object_set_new(fjs, "magic", json_string((char *)ff->magic));
    switch (ff->state) {
        case FILE_STATE_CLOSED:
            json_object_set_new(fjs, "state", json_string("CLOSED"));
#ifdef HAVE_NSS
            if (ff->flags & FILE_MD5) {
                size_t x;
                int i;
                char s[256];
                for (i = 0, x = 0; x < sizeof(ff->md5); x++) {
                    i += snprintf(&s[i], 255-i, "%02x", ff->md5[x]);
                }
                json_object_set_new(fjs, "md5", json_string(s));
            }
#endif
            break;
        case FILE_STATE_TRUNCATED:
            json_object_set_new(fjs, "state", json_string("TRUNCATED"));
            break;
        case FILE_STATE_ERROR:
            json_object_set_new(fjs, "state", json_string("ERROR"));
            break;
        default:
            json_object_set_new(fjs, "state", json_string("UNKNOWN"));
            break;
    }
    json_object_set_new(fjs, "stored",
                        (ff->flags & FILE_STORED) ? json_true() : json_false());
    if (ff->flags & FILE_STORED) {
        json_object_set_new(fjs, "file_id", json_integer(ff->file_id));
    }
    json_object_set_new(fjs, "size", json_integer(ff->size));
    json_object_set_new(fjs, "tx_id", json_integer(ff->txid));

    /* originally just 'file', but due to bug 1127 naming it fileinfo */
    json_object_set_new(js, "fileinfo", fjs);
    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer);
    json_object_del(js, "fileinfo");

    switch (p->flow->alproto) {
        case ALPROTO_HTTP:
            json_object_del(js, "http");
            break;
        case ALPROTO_SMTP:
            json_object_del(js, "smtp");
            json_object_del(js, "email");
            break;
    }

    json_object_clear(js);
    json_decref(js);
}
Example #19
0
bool TrafficNetwork::saveToFile(const string out_prefix, bool newWeek){
	bool everythingOK = true;
	int metric = KPH; //save in KPH such that it can be used by external tool (and be human readable)
	std::vector<long> nIds;
	long crtId;
	char crtType;
	string out_fileName = (out_prefix+"_roads_stats.json");

	json_t *root = NULL;

	if(firstSaved){
		if(fileName != ""){
			json_error_t error;

			root = json_load_file(fileName.c_str(), 0, &error);

			if(!root){
				std::cout<<std::endl<<"WARNING: while opening "<<fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl;
				root= NULL;
			}

			if(!json_is_object(root)){
				std::cout<<std::endl<<"WARNING: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl;
				json_decref(root);
				root = NULL;
			}

			if(!root){
				std::cout<<"File "<<fileName<<" could not be using during saving process"<<std::endl<<"\t --> reverting to saving network based on stored data (possibility for loss of positional infos)"<<std::endl;
			}
		}

		if(!root){
			root = json_object();
			if ( root ) {
				json_object_set_new(root, "metric" ,json_integer(metric));
				json_t *_nodes = json_array();
				json_t *_roads = json_array();
				for(NodeVec::iterator it= nodes.begin() ; it!=nodes.end(); ++it){
					json_t * _node = json_object();
					crtId = (*it)->getId();
					crtType = (*it)->getType();
					json_object_set_new(_node,"id",json_integer(crtId));
					json_object_set_new(_node,"type",json_integer(crtType));
					json_array_append_new(_nodes,_node);
					nIds = (*it)->getNeighborsId();
					for(std::vector<long>::iterator jt = nIds.begin(); jt != nIds.end(); ++jt){
						Road r = *((*it)->roadTo(*jt));
						json_t * _road = json_object();
						json_object_set_new(_road,"name",json_string(r.getName().c_str()));
						json_object_set_new(_road,"startId",json_integer(crtId));
						json_object_set_new(_road,"endId",json_integer(r.getEndPoint()->getId()));
						json_object_set_new(_road,"speedLimit",json_integer(r.getSpeedLimit()*3.6)); //x3.6 to go from MPS to KPH
						json_object_set_new(_road,"length",json_real(r.getLength()/1000)); // /1000 to go from M to K
						json_object_set_new(_road,"nbBands",json_integer(r.getNbBands()));

						json_array_append_new(_roads,_road);
					}
				}
				json_object_set_new(root, "nodes" ,_nodes);
				json_object_set_new(root, "roads" ,_roads);
			}else{
				std::cout<<"ERROR: Could not create 'root' during saving process"<<std::endl;
				return false;
			}

		}
	}else{
		json_error_t error;

		root = json_load_file(out_fileName.c_str(), 0, &error);

		if(!root){
			std::cout<<std::endl<<"ERROR: while opening "<<out_fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl;
			root= NULL;
			return false;
		}

		if(!json_is_object(root)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl;
			json_decref(root);
			root = NULL;
			return false;
		}
	}

	json_t *roadsInfos;
	if(monitered){
		bool first = false;
		if(firstSaved){
			roadsInfos = json_array();
			int nbRoads = json_array_size(json_object_get(root,"roads"));
			for(int i = 0; i < nbRoads; i++){
				json_array_append_new(roadsInfos,json_object());
			}
			json_object_set(root,"roadsInfos",roadsInfos);
			json_object_set_new(root,"timePrecision",json_integer(TIME_PRECISION));
			json_object_set_new(root,"time_index",json_integer(0));
			json_object_set_new(root,"driversCount_index",json_integer(1));
			firstSaved = false;
			first = true;
		}else
			roadsInfos = json_object_get(root,"roadsInfos");
		json_t *infos;
		for(NodeVec::iterator it= nodes.begin() ; it!=nodes.end(); ++it){
			nIds = (*it)->getNeighborsId();
			for(std::vector<long>::iterator jt = nIds.begin(); jt != nIds.end(); ++jt){
				Road* r = ((*it)->roadTo(*jt));
				infos = r->getMonitor()->getInfos();
				if(first){
					json_object_update(json_array_get(roadsInfos,r->getId()),infos);
				}else{
					json_array_extend(json_object_get(json_array_get(roadsInfos,r->getId()),"data"),json_object_get(infos,"data"));
				}
				r->getMonitor()->resetInfos(newWeek);
				json_object_clear(infos);
				json_decref(infos);
			}
		}
	}

	//actually save
	if(!(json_dump_file(root,out_fileName.c_str(),JSON_COMPACT) == 0)){
	//if(!(json_dump_file(root,out_fileName.c_str(),JSON_INDENT(2)) == 0)){ //<== to have pretty JSON file
		everythingOK = false;
		std::cout<< "Could not open file : "<<out_fileName << " to write down network "<< name <<std::endl;
	}
	if(monitered){
		json_array_clear(roadsInfos);
	}
	json_object_clear(root);
	json_decref(root);
	if(newWeek){
		firstSaved = true;
	}
	return everythingOK;
}
Example #20
0
bool TrafficNetwork::loadFromFile(const string fileName){
	int nbBands;
	long currentNode,otherNode;
	string roadName;
	double roadLength;
	double roadSpeedLimit;
	int metric;

	json_t *root;
	json_error_t error;

	root = json_load_file(fileName.c_str(), 0, &error);

	if(!root){
		std::cout<<std::endl<<"ERROR: while opening "<<fileName<<" at line "<<error.line<<" - "<<error.text<<std::endl;
		return false;
	}

	if(!json_is_object(root)){
		std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected root to be an object"<<std::endl;
		json_decref(root);
		return false;
	}

	json_t *_metric, *_roads, *_nodes;
	_metric = json_object_get(root,"metric");

	if(!json_is_integer(_metric)){
		std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'metric' field not present or wrong type"<<std::endl;
		json_decref(root);
		return false;
	}
	metric = json_integer_value(_metric);

	_nodes = json_object_get(root,"nodes");
	if(!json_is_array(_nodes)){
		std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'nodes' field not present or not an array"<<std::endl;
		json_decref(root);
		return false;
	}

	size_t n = json_array_size(_nodes);
	nbNodes = n;
	nodes = NodeVec(nbNodes);
	json_t *nodeId,*_node, *nodeType;
	for(size_t i = 0; i < n; i++){
		_node = json_array_get(_nodes,i);
		if(!json_is_object(_node)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected node "<<i<<" to be an object"<<std::endl;
			json_decref(root);
			return false;
		}
		nodeId = json_object_get(_node,"id");
		if(!json_is_integer(nodeId)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'id' field of node "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		nodeType = json_object_get(_node,"type");
		if(json_is_integer(nodeType)){
			nodes[i] = new Node(json_integer_value(nodeId),json_integer_value(nodeType));
		}else{
			nodes[i] = new Node(json_integer_value(nodeId));
		}

	}

	_roads = json_object_get(root,"roads");
	if(!json_is_array(_roads)){
		std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'roads' field not present or not an array"<<std::endl;
		json_decref(root);
		return false;
	}

	n = json_array_size(_roads);
	json_t *_roadName,*_roadSpeedLimit,*_roadNbBands,*_roadLength,*_road,*startId,*endId;
	for(size_t i = 0; i < n; i++){
		_road = json_array_get(_roads,i);
		if(!json_is_object(_road)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - expected road "<<i<<" to be an object"<<std::endl;
			json_decref(root);
			return false;
		}

		_roadName = json_object_get(_road,"name");
		if(!json_is_string(_roadName)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'name' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		roadName = json_string_value(_roadName);

		_roadSpeedLimit = json_object_get(_road,"speedLimit");
		if(!json_is_integer(_roadSpeedLimit)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'speedLimit' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		roadSpeedLimit = formatSpeedLimit(json_integer_value(_roadSpeedLimit),metric);

		_roadLength = json_object_get(_road,"length");
		if(!json_is_real(_roadLength)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'length' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		roadLength = formatLength(json_real_value(_roadLength),metric);

		_roadNbBands = json_object_get(_road,"nbBands");
		if(!json_is_integer(_roadNbBands)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'nbBands' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		nbBands = json_integer_value(_roadNbBands);

		startId = json_object_get(_road,"startId");
		if(!json_is_integer(startId)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'startId' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		currentNode = json_integer_value(startId);

		endId = json_object_get(_road,"endId");
		if(!json_is_integer(endId)){
			std::cout<<std::endl<<"ERROR: input file "<<fileName<<" has not the correct structure - 'endId' field of road "<<i<<" not present or wrong type"<<std::endl;
			json_decref(root);
			return false;
		}
		otherNode = json_integer_value(endId);
		addRoad(currentNode, otherNode, roadName, roadLength, roadSpeedLimit,nbBands);
	}
	//clean up
	json_array_clear(_nodes);
	json_object_clear(_road);
	json_array_clear(_roads);
	json_object_clear(root);
	json_decref(root);
	return true;
}
Example #21
0
/**
 * \brief   Log the dropped packets in netfilter format when engine is running
 *          in inline mode
 *
 * \param tv    Pointer the current thread variables
 * \param p     Pointer the packet which is being logged
 *
 * \return return TM_EODE_OK on success
 */
static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
{
    JsonDropOutputCtx *drop_ctx = aft->drop_ctx;

    json_t *js = CreateJSONHeader(p, LOG_DIR_PACKET, "drop");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;

    JsonAddCommonOptions(&drop_ctx->cfg, p, p->flow, js);

    json_t *djs = json_object();
    if (unlikely(djs == NULL)) {
        json_decref(js);
        return TM_ECODE_OK;
    }

    /* reset */
    MemBufferReset(aft->buffer);

    uint16_t proto = 0;
    if (PKT_IS_IPV4(p)) {
        json_object_set_new(djs, "len", json_integer(IPV4_GET_IPLEN(p)));
        json_object_set_new(djs, "tos", json_integer(IPV4_GET_IPTOS(p)));
        json_object_set_new(djs, "ttl", json_integer(IPV4_GET_IPTTL(p)));
        json_object_set_new(djs, "ipid", json_integer(IPV4_GET_IPID(p)));
        proto = IPV4_GET_IPPROTO(p);
    } else if (PKT_IS_IPV6(p)) {
        json_object_set_new(djs, "len", json_integer(IPV6_GET_PLEN(p)));
        json_object_set_new(djs, "tc", json_integer(IPV6_GET_CLASS(p)));
        json_object_set_new(djs, "hoplimit", json_integer(IPV6_GET_HLIM(p)));
        json_object_set_new(djs, "flowlbl", json_integer(IPV6_GET_FLOW(p)));
        proto = IPV6_GET_L4PROTO(p);
    }
    switch (proto) {
        case IPPROTO_TCP:
            if (PKT_IS_TCP(p)) {
                json_object_set_new(djs, "tcpseq", json_integer(TCP_GET_SEQ(p)));
                json_object_set_new(djs, "tcpack", json_integer(TCP_GET_ACK(p)));
                json_object_set_new(djs, "tcpwin", json_integer(TCP_GET_WINDOW(p)));
                json_object_set_new(djs, "syn", TCP_ISSET_FLAG_SYN(p) ? json_true() : json_false());
                json_object_set_new(djs, "ack", TCP_ISSET_FLAG_ACK(p) ? json_true() : json_false());
                json_object_set_new(djs, "psh", TCP_ISSET_FLAG_PUSH(p) ? json_true() : json_false());
                json_object_set_new(djs, "rst", TCP_ISSET_FLAG_RST(p) ? json_true() : json_false());
                json_object_set_new(djs, "urg", TCP_ISSET_FLAG_URG(p) ? json_true() : json_false());
                json_object_set_new(djs, "fin", TCP_ISSET_FLAG_FIN(p) ? json_true() : json_false());
                json_object_set_new(djs, "tcpres", json_integer(TCP_GET_RAW_X2(p->tcph)));
                json_object_set_new(djs, "tcpurgp", json_integer(TCP_GET_URG_POINTER(p)));
            }
            break;
        case IPPROTO_UDP:
            if (PKT_IS_UDP(p)) {
                json_object_set_new(djs, "udplen", json_integer(UDP_GET_LEN(p)));
            }
            break;
        case IPPROTO_ICMP:
            if (PKT_IS_ICMPV4(p)) {
                json_object_set_new(djs, "icmp_id", json_integer(ICMPV4_GET_ID(p)));
                json_object_set_new(djs, "icmp_seq", json_integer(ICMPV4_GET_SEQ(p)));
            } else if(PKT_IS_ICMPV6(p)) {
                json_object_set_new(djs, "icmp_id", json_integer(ICMPV6_GET_ID(p)));
                json_object_set_new(djs, "icmp_seq", json_integer(ICMPV6_GET_SEQ(p)));
            }
            break;
    }
    json_object_set_new(js, "drop", djs);

    if (aft->drop_ctx->flags & LOG_DROP_ALERTS) {
        int logged = 0;
        int i;
        for (i = 0; i < p->alerts.cnt; i++) {
            const PacketAlert *pa = &p->alerts.alerts[i];
            if (unlikely(pa->s == NULL)) {
                continue;
            }
            if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
               ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
            {
                AlertJsonHeader(NULL, p, pa, js, 0);
                logged = 1;
            }
        }
        if (logged == 0) {
            if (p->alerts.drop.action != 0) {
                const PacketAlert *pa = &p->alerts.drop;
                AlertJsonHeader(NULL, p, pa, js, 0);
            }
        }
    }

    OutputJSONBuffer(js, aft->drop_ctx->file_ctx, &aft->buffer);
    json_object_del(js, "drop");
    json_object_clear(js);
    json_decref(js);

    return TM_ECODE_OK;
}
Example #22
0
/*
** We're validating the credential on the store call.  The user parameter is overloaded
** here with the user credential to validate.  IN this case it's the whole payload
** which looks like an HTTP request (mostly).
**
** Success: returns SASL_OK and sets the username and payload strings in the 
** sparams->propctx context.
**
** The things we know about are:
**   OAUTH_VALIDATE_USERNAME       The name of the user from the token.
**   OAUTH_VALIDATE_PAYLOAD        Implementation specific data payload of the OAuth token. 
**
** Failure returs an appropriate error code and sets the error message if there's
** explanation needed.
*/
static int oauth_validate_auxprop_store(void *glob_context,
				  sasl_server_params_t *sparams,
				  struct propctx *prctx,
				  const char *user,
				  unsigned ulen)
{
  //    oauth_validatectx_t *ctx = glob_context;
    const struct propval *pr;
    int authhdrlen;
    unsigned decodedlen;
    int ret = SASL_OK;
    char *authhdr, *eolstr, *authbuf, *decoded;
    char *authhrdstr = "\r\nAuthorization: ";
    char *token_label = " token=\"";
    const char *username;
    const char *scope;
    int expires;
    json_t *jobj;
    json_error_t jerror;
    char *proplist[] = {OAUTH_VALIDATE_USERNAME,  
			      OAUTH_VALIDATE_PAYLOAD, 
			      NULL };


    /* just checking if we are enabled */
    if (!sparams || !user) return SASL_BADPARAM;

    pr = sparams->utils->prop_get(prctx);
    if (!pr) return SASL_BADPARAM;

    /* clear and previously set values (which shoudl be NULL anyway) */
    ret = sparams->utils->prop_request(prctx, proplist);
    if (!pr) return ret;
    ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_USERNAME, NULL, 0);
    if (!pr) return ret;
    ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_PAYLOAD, NULL, 0);
    if (!pr) return ret;

    /*
    ** In a real implementation we care about the GET line, the Host header
    ** and the Authorization header.  In our stub example we only care about
    ** the Authorization header line.
    **
    ** IN fact we only care about the token= part of the Auth header.
    */

    /* Get the contents of the Authoriaztion header. */
    if (!(authhdr = strstr(user, authhrdstr))) {
      return SASL_BADPROT; /* we must have the Authorization header. */
    }
    authhdr += strlen(authhrdstr); /* ignore the header label */
    /* properly formatted we must have a CRLF */
    if (!(eolstr = strstr(authhdr, "\r\n"))) {
      return SASL_BADPROT;
    }
    /* Now find the token=" withing the auth header */
    if (!(authhdr = strstr(authhdr, token_label))) {
      return SASL_BADPROT; /* we must have a token */
    }
    authhdr += strlen(token_label); /* ignore the token label */    
    for (eolstr = authhdr; *eolstr != '"'; eolstr++);

    authhdrlen = eolstr - authhdr ;

    /* slight optimization, 1 malloc for 2 spaces. */
    authbuf = sparams->utils->malloc(2*(authhdrlen+1));
    if (!authbuf) return SASL_NOMEM;
    decoded = authbuf + authhdrlen + 1;

    /* 
    ** In our stub we're expecting a base64 encoded JSON string. If we get
    ** one that works then we'll extract the fields we want and do rudimentary
    ** validation
    ** "userid" => $arguser
    ** "scope" => $argscope
    ** "expires" => time()+60
    */
    strncpy(authbuf, authhdr, authhdrlen);
    authbuf[authhdrlen] = 0;

    if (sparams->utils->decode64(authbuf, authhdrlen, decoded, authhdrlen, &decodedlen))
      ret = SASL_BADPROT; /* base64 decode failed */

    if (!(jobj = json_loads(decoded, &jerror))) {
      ret = SASL_FAIL;
      goto cleanup;
    }
    
    username = json_string_value(json_object_get(jobj, "userid"));
    scope = json_string_value(json_object_get(jobj, "scope"));
    expires = json_integer_value(json_object_get(jobj, "expires"));

    /* we've extracted, now validate */
    if (!username || !strcmp(username, "")) {
      ret = SASL_BADAUTH;
      goto cleanup;
    }
    if (expires < time(NULL)) {
      ret = SASL_EXPIRED;
      goto cleanup;
    }
    /* 
    ** stub accepts unscoped or demo at the moment.  
    ** 
    ** XXXXXXX test in the global context for the configured scopes.
    */
    if (strcmp(scope, "") && strcmp(scope, "demo")) {
      ret = SASL_NOAUTHZ;
      goto cleanup;
    }

    /* 
    ** We're valid, pass back the values. We could also pass back 
    ** payload here, but the stub does not. 
    */
    ret = sparams->utils->prop_set(prctx, OAUTH_VALIDATE_USERNAME, username, 0);

 cleanup:
    if (authbuf) sparams->utils->free(authbuf);
    if (jobj) json_object_clear(jobj);
    return ret;
}
Example #23
0
static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
{
    MemBuffer *payload = aft->payload_buffer;
    AlertJsonOutputCtx *json_output_ctx = aft->json_output_ctx;
    json_t *hjs = NULL;

    int i;

    if (p->alerts.cnt == 0 && !(p->flags & PKT_HAS_TAG))
        return TM_ECODE_OK;

    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;

    for (i = 0; i < p->alerts.cnt; i++) {
        const PacketAlert *pa = &p->alerts.alerts[i];
        if (unlikely(pa->s == NULL)) {
            continue;
        }

        MemBufferReset(aft->json_buffer);

        /* alert */
        AlertJsonHeader(p, pa, js);

        if (json_output_ctx->flags & LOG_JSON_HTTP) {
            if (p->flow != NULL) {
                uint16_t proto = FlowGetAppProtocol(p->flow);

                /* http alert */
                if (proto == ALPROTO_HTTP) {
                    hjs = JsonHttpAddMetadata(p->flow, pa->tx_id);
                    if (hjs)
                        json_object_set_new(js, "http", hjs);
                }
            }
        }

        if (json_output_ctx->flags & LOG_JSON_TLS) {
            if (p->flow != NULL) {
                uint16_t proto = FlowGetAppProtocol(p->flow);

                /* http alert */
                if (proto == ALPROTO_TLS)
                    AlertJsonTls(p->flow, js);
            }
        }

        if (json_output_ctx->flags & LOG_JSON_SSH) {
            if (p->flow != NULL) {
                uint16_t proto = FlowGetAppProtocol(p->flow);

                /* http alert */
                if (proto == ALPROTO_SSH)
                    AlertJsonSsh(p->flow, js);
            }
        }

        if (json_output_ctx->flags & LOG_JSON_SMTP) {
            if (p->flow != NULL) {
                uint16_t proto = FlowGetAppProtocol(p->flow);

                /* http alert */
                if (proto == ALPROTO_SMTP) {
                    hjs = JsonSMTPAddMetadata(p->flow, pa->tx_id);
                    if (hjs)
                        json_object_set_new(js, "smtp", hjs);

                    hjs = JsonEmailAddMetadata(p->flow, pa->tx_id);
                    if (hjs)
                        json_object_set_new(js, "email", hjs);
                }
            }
        }

        /* payload */
        if (json_output_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) {
            int stream = (p->proto == IPPROTO_TCP) ?
                         (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ?
                         1 : 0) : 0;

            /* Is this a stream?  If so, pack part of it into the payload field */
            if (stream) {
                uint8_t flag;

                MemBufferReset(payload);

                if (p->flowflags & FLOW_PKT_TOSERVER) {
                    flag = FLOW_PKT_TOCLIENT;
                } else {
                    flag = FLOW_PKT_TOSERVER;
                }

                StreamSegmentForEach((const Packet *)p, flag,
                                    AlertJsonDumpStreamSegmentCallback,
                                    (void *)payload);

                if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
                    unsigned long len = json_output_ctx->payload_buffer_size * 2;
                    uint8_t encoded[len];
                    Base64Encode(payload->buffer, payload->offset, encoded, &len);
                    json_object_set_new(js, "payload", json_string((char *)encoded));
                }

                if (json_output_ctx->flags & LOG_JSON_PAYLOAD) {
                    uint8_t printable_buf[payload->offset + 1];
                    uint32_t offset = 0;
                    PrintStringsToBuffer(printable_buf, &offset,
                                     sizeof(printable_buf),
                                     payload->buffer, payload->offset);
                    json_object_set_new(js, "payload_printable",
                                        json_string((char *)printable_buf));
                }
            } else {
                /* This is a single packet and not a stream */
                if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
                    unsigned long len = p->payload_len * 2 + 1;
                    uint8_t encoded[len];
                    Base64Encode(p->payload, p->payload_len, encoded, &len);
                    json_object_set_new(js, "payload", json_string((char *)encoded));
                }

                if (json_output_ctx->flags & LOG_JSON_PAYLOAD) {
                    uint8_t printable_buf[p->payload_len + 1];
                    uint32_t offset = 0;
                    PrintStringsToBuffer(printable_buf, &offset,
                                     p->payload_len + 1,
                                     p->payload, p->payload_len);
                    json_object_set_new(js, "payload_printable", json_string((char *)printable_buf));
                }
            }

            json_object_set_new(js, "stream", json_integer(stream));
        }

        /* base64-encoded full packet */
        if (json_output_ctx->flags & LOG_JSON_PACKET) {
            AlertJsonPacket(p, js);
        }

        HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg;

        /* xff header */
        if ((xff_cfg != NULL) && !(xff_cfg->flags & XFF_DISABLED) && p->flow != NULL) {
            int have_xff_ip = 0;
            char buffer[XFF_MAXLEN];

            if (FlowGetAppProtocol(p->flow) == ALPROTO_HTTP) {
                if (pa->flags & PACKET_ALERT_FLAG_TX) {
                    have_xff_ip = HttpXFFGetIPFromTx(p, pa->tx_id, xff_cfg, buffer, XFF_MAXLEN);
                } else {
                    have_xff_ip = HttpXFFGetIP(p, xff_cfg, buffer, XFF_MAXLEN);
                }
            }

            if (have_xff_ip) {
                if (xff_cfg->flags & XFF_EXTRADATA) {
                    json_object_set_new(js, "xff", json_string(buffer));
                }
                else if (xff_cfg->flags & XFF_OVERWRITE) {
                    if (p->flowflags & FLOW_PKT_TOCLIENT) {
                        json_object_set(js, "dest_ip", json_string(buffer));
                    } else {
                        json_object_set(js, "src_ip", json_string(buffer));
                    }
                }
            }
        }

        OutputJSONBuffer(js, aft->file_ctx, &aft->json_buffer);
        json_object_del(js, "alert");
    }
    json_object_clear(js);
    json_decref(js);

    if ((p->flags & PKT_HAS_TAG) && (json_output_ctx->flags &
            LOG_JSON_TAGGED_PACKETS)) {
        MemBufferReset(aft->json_buffer);
        json_t *packetjs = CreateJSONHeader((Packet *)p, 0, "packet");
        if (unlikely(packetjs != NULL)) {
            AlertJsonPacket(p, packetjs);
            OutputJSONBuffer(packetjs, aft->file_ctx, &aft->json_buffer);
            json_decref(packetjs);
        }
    }

    return TM_ECODE_OK;
}
Example #24
0
/** Handle the case where no JSON support is compiled in.
 *
 */
static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
{
    MemBuffer *payload = aft->payload_buffer;

    int i;

    if (p->alerts.cnt == 0)
        return TM_ECODE_OK;

    MemBufferReset(aft->json_buffer);

    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
    if (unlikely(js == NULL))
        return TM_ECODE_OK;

    for (i = 0; i < p->alerts.cnt; i++) {
        const PacketAlert *pa = &p->alerts.alerts[i];
        if (unlikely(pa->s == NULL)) {
            continue;
        }

        char *action = "allowed";
        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
            action = "blocked";
        } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
            action = "blocked";
        }

        json_t *ajs = json_object();
        if (ajs == NULL) {
            json_decref(js);
            return TM_ECODE_OK;
        }

        json_object_set_new(ajs, "action", json_string(action));
        json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
        json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
        json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
        json_object_set_new(ajs, "signature",
                            json_string((pa->s->msg) ? pa->s->msg : ""));
        json_object_set_new(ajs, "category",
                            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
        json_object_set_new(ajs, "severity", json_integer(pa->s->prio));

        /* alert */
        json_object_set_new(js, "alert", ajs);

        /* payload */
        if (aft->file_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) {
            int stream = (p->proto == IPPROTO_TCP) ?
                         (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ?
                         1 : 0) : 0;

            /* Is this a stream?  If so, pack part of it into the payload field */
            if (stream) {
                uint8_t flag;

                MemBufferReset(payload);

                if (p->flowflags & FLOW_PKT_TOSERVER) {
                    flag = FLOW_PKT_TOCLIENT;
                } else {
                    flag = FLOW_PKT_TOSERVER;
                }

                StreamSegmentForEach((const Packet *)p, flag,
                                    AlertJsonPrintStreamSegmentCallback,
                                    (void *)payload);

                if (aft->file_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
                    unsigned long len = JSON_STREAM_BUFFER_SIZE * 2;
                    unsigned char encoded[len];
                    Base64Encode((unsigned char *)payload, payload->offset, encoded, &len);
                    json_object_set_new(js, "payload", json_string((char *)encoded));
                }

                if (aft->file_ctx->flags & LOG_JSON_PAYLOAD) {
                    json_object_set_new(js, "payload_printable",
                                        json_string((char *)payload->buffer));
                }
            } else {
                /* This is a single packet and not a stream */
                unsigned char packet_buf[p->payload_len + 1];
                uint32_t offset = 0;

                PrintStringsToBuffer(packet_buf, &offset,
                                     p->payload_len + 1,
                                     p->payload, p->payload_len);

                if (aft->file_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
                    unsigned long len = sizeof(packet_buf) * 2;
                    unsigned char encoded[len];
                    Base64Encode(packet_buf, offset, encoded, &len);
                    json_object_set_new(js, "payload", json_string((char *)encoded));
                }

                if (aft->file_ctx->flags & LOG_JSON_PAYLOAD) {
                    json_object_set_new(js, "payload_printable", json_string((char *)packet_buf));
                }
            }

            json_object_set_new(js, "stream", json_integer(stream));
        }

        /* base64-encoded full packet */
        if (aft->file_ctx->flags & LOG_JSON_PACKET) {
            unsigned long len = GET_PKT_LEN(p) * 2;
            unsigned char encoded_packet[len];
            Base64Encode((unsigned char*) GET_PKT_DATA(p), GET_PKT_LEN(p), encoded_packet, &len);
            json_object_set_new(js, "packet", json_string((char *)encoded_packet));
        }

        OutputJSONBuffer(js, aft->file_ctx, aft->json_buffer);
        json_object_del(js, "alert");
    }
    json_object_clear(js);
    json_decref(js);

    return TM_ECODE_OK;
}
Example #25
0
/**
 *  \internal
 *  \brief Write meta data on a single line json record
 */
static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) {
    MemBuffer *buffer = (MemBuffer *)aft->buffer;
    json_t *js = CreateJSONHeader((Packet *)p, 0, "file"); //TODO const
    if (unlikely(js == NULL))
        return;

    /* reset */
    MemBufferReset(buffer);

    json_t *hjs = json_object();
    if (unlikely(hjs == NULL)) {
        json_decref(js);
        return;
    }

    json_object_set_new(hjs, "url", LogFileMetaGetUri(p, ff));
    json_object_set_new(hjs, "hostname", LogFileMetaGetHost(p, ff));
    json_object_set_new(hjs, "http_refer", LogFileMetaGetReferer(p, ff));
    json_object_set_new(hjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff));
    json_object_set_new(js, "http", hjs);

    json_t *fjs = json_object();
    if (unlikely(fjs == NULL)) {
        json_decref(hjs);
        json_decref(js);
        return;
    }

    char *s = BytesToString(ff->name, ff->name_len);
    json_object_set_new(fjs, "filename", json_string(s));
    if (s != NULL)
        SCFree(s);
    if (ff->magic)
        json_object_set_new(fjs, "magic", json_string((char *)ff->magic));
    else
        json_object_set_new(fjs, "magic", json_string("unknown"));
    switch (ff->state) {
        case FILE_STATE_CLOSED:
            json_object_set_new(fjs, "state", json_string("CLOSED"));
#ifdef HAVE_NSS
            if (ff->flags & FILE_MD5) {
                size_t x;
                int i;
                char *s = SCMalloc(256);
                if (likely(s != NULL)) {
                    for (i = 0, x = 0; x < sizeof(ff->md5); x++) {
                        i += snprintf(&s[i], 255-i, "%02x", ff->md5[x]);
                    }
                    json_object_set_new(fjs, "md5", json_string(s));
                    SCFree(s);
                }
            }
#endif
            break;
        case FILE_STATE_TRUNCATED:
            json_object_set_new(fjs, "state", json_string("TRUNCATED"));
            break;
        case FILE_STATE_ERROR:
            json_object_set_new(fjs, "state", json_string("ERROR"));
            break;
        default:
            json_object_set_new(fjs, "state", json_string("UNKNOWN"));
            break;
    }
    json_object_set_new(fjs, "stored",
                        (ff->flags & FILE_STORED) ? json_true() : json_false());
    json_object_set_new(fjs, "size", json_integer(ff->size));

    json_object_set_new(js, "file", fjs);
    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer);
    json_object_del(js, "file");
    json_object_del(js, "http");

    json_object_clear(js);
    json_decref(js);
}
Example #26
0
static void test_update()
{
    json_t *object, *other, *nine, *ten;

    object = json_object();
    other = json_object();

    nine = json_integer(9);
    ten = json_integer(10);

    if(!object || !other)
        fail("unable to create object");
    if(!nine || !ten)
        fail("unable to create integer");


    /* update an empty object with an empty object */

    if(json_object_update(object, other))
        fail("unable to update an emtpy object with an empty object");

    if(json_object_size(object) != 0)
        fail("invalid size after update");

    if(json_object_size(other) != 0)
        fail("invalid size for updater after update");


    /* update an empty object with a nonempty object */

    if(json_object_set(other, "a", ten) ||
       json_object_set(other, "b", ten) ||
       json_object_set(other, "c", ten) ||
       json_object_set(other, "d", ten) ||
       json_object_set(other, "e", ten))
        fail("unable to set value");

    if(json_object_update(object, other))
        fail("unable to update an empty object");

    if(json_object_size(object) != 5)
        fail("invalid size after update");

    if(json_object_get(object, "a") != ten ||
       json_object_get(object, "b") != ten ||
       json_object_get(object, "c") != ten ||
       json_object_get(object, "d") != ten ||
       json_object_get(object, "e") != ten)
        fail("update works incorrectly");


    /* perform the same update again */

    if(json_object_update(object, other))
        fail("unable to update a non-empty object");

    if(json_object_size(object) != 5)
        fail("invalid size after update");

    if(json_object_get(object, "a") != ten ||
       json_object_get(object, "b") != ten ||
       json_object_get(object, "c") != ten ||
       json_object_get(object, "d") != ten ||
       json_object_get(object, "e") != ten)
        fail("update works incorrectly");


    /* update a nonempty object with a nonempty object with both old
       and new keys */

    if(json_object_clear(other))
        fail("clear failed");

    if(json_object_set(other, "a", nine) ||
       json_object_set(other, "b", nine) ||
       json_object_set(other, "f", nine) ||
       json_object_set(other, "g", nine) ||
       json_object_set(other, "h", nine))
        fail("unable to set value");

    if(json_object_update(object, other))
        fail("unable to update a nonempty object");

    if(json_object_size(object) != 8)
        fail("invalid size after update");

    if(json_object_get(object, "a") != nine ||
       json_object_get(object, "b") != nine ||
       json_object_get(object, "f") != nine ||
       json_object_get(object, "g") != nine ||
       json_object_get(object, "h") != nine)
        fail("update works incorrectly");

    json_decref(nine);
    json_decref(ten);
    json_decref(other);
    json_decref(object);
}
Example #27
0
static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
{
    int i;
    char timebuf[64];
    json_t *js;

    if (p->alerts.cnt == 0)
        return TM_ECODE_OK;

    CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));

    for (i = 0; i < p->alerts.cnt; i++) {
        MemBufferReset(aft->json_buffer);

        const PacketAlert *pa = &p->alerts.alerts[i];
        if (unlikely(pa->s == NULL)) {
            continue;
        }

        char *action = "allowed";
        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
            action = "blocked";
        } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
            action = "blocked";
        }

        char buf[(32 * 3) + 1];
        PrintRawLineHexBuf(buf, sizeof(buf), GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);

        js = json_object();
        if (js == NULL)
            return TM_ECODE_OK;

        json_t *ajs = json_object();
        if (ajs == NULL) {
            json_decref(js);
            return TM_ECODE_OK;
        }

        /* time & tx */
        json_object_set_new(js, "timestamp", json_string(timebuf));

        /* tuple */
        //json_object_set_new(js, "srcip", json_string(srcip));
        //json_object_set_new(js, "sp", json_integer(p->sp));
        //json_object_set_new(js, "dstip", json_string(dstip));
        //json_object_set_new(js, "dp", json_integer(p->dp));
        //json_object_set_new(js, "proto", json_integer(proto));

        json_object_set_new(ajs, "action", json_string(action));
        json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
        json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
        json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
        json_object_set_new(ajs, "signature",
                            json_string((pa->s->msg) ? pa->s->msg : ""));
        json_object_set_new(ajs, "category",
                            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
        json_object_set_new(ajs, "severity", json_integer(pa->s->prio));

        if (p->tenant_id > 0)
            json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));

        /* alert */
        json_object_set_new(js, "alert", ajs);
        OutputJSONBuffer(js, aft->file_ctx, &aft->json_buffer);
        json_object_clear(js);
        json_decref(js);
    }

    return TM_ECODE_OK;
}
Example #28
0
static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
    JsonSshLogThread *aft = (JsonSshLogThread *)thread_data;
    MemBuffer *buffer = (MemBuffer *)aft->buffer;
    OutputSshCtx *ssh_ctx = aft->sshlog_ctx;

    if (unlikely(p->flow == NULL)) {
        return 0;
    }

    /* check if we have SSH state or not */
    FLOWLOCK_WRLOCK(p->flow);
    uint16_t proto = FlowGetAppProtocol(p->flow);
    if (proto != ALPROTO_SSH)
        goto end;

    SshState *ssh_state = (SshState *)FlowGetAppState(p->flow);
    if (unlikely(ssh_state == NULL)) {
        goto end;
    }

    if (ssh_state->cli_hdr.software_version == NULL || ssh_state->srv_hdr.software_version == NULL)
        goto end;

    json_t *js = CreateJSONHeader((Packet *)p, 1, "ssh");//TODO
    if (unlikely(js == NULL))
        goto end;

    json_t *tjs = json_object();
    if (tjs == NULL) {
        free(js);
        goto end;
    }

    /* reset */
    MemBufferReset(buffer);

    json_t *cjs = json_object();
    if (cjs != NULL) {
        json_object_set_new(cjs, "proto_version",
                json_string((char *)ssh_state->cli_hdr.proto_version));

        json_object_set_new(cjs, "software_version",
                json_string((char *)ssh_state->cli_hdr.software_version));
    }
    json_object_set_new(tjs, "client", cjs);

    json_t *sjs = json_object();
    if (sjs != NULL) {
        json_object_set_new(sjs, "proto_version",
                json_string((char *)ssh_state->srv_hdr.proto_version));

        json_object_set_new(sjs, "software_version",
                json_string((char *)ssh_state->srv_hdr.software_version));
    }
    json_object_set_new(tjs, "server", sjs);

    json_object_set_new(js, "ssh", tjs);

    OutputJSONBuffer(js, ssh_ctx->file_ctx, buffer);
    json_object_clear(js);
    json_decref(js);

    /* we only log the state once */
    ssh_state->cli_hdr.flags |= SSH_FLAG_STATE_LOGGED;
end:
    FLOWLOCK_UNLOCK(p->flow);
    return 0;
}
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
{
    json_t *js = CreateJSONHeader(p, 0, "inspectedrules");
    if (js == NULL)
        return;
    json_t *ir = json_object();
    if (ir == NULL)
        return;

    json_object_set_new(ir, "rule_group_id", json_integer(det_ctx->sgh->id));
    json_object_set_new(ir, "rule_cnt", json_integer(det_ctx->match_array_cnt));

    json_t *js_array = json_array();
    uint32_t x;
    for (x = 0; x < det_ctx->match_array_cnt; x++)
    {
        const Signature *s = det_ctx->match_array[x];
        if (s == NULL)
            continue;

        json_t *js_sig = json_object();
        if (unlikely(js == NULL))
            continue;
        json_object_set_new(js_sig, "sig_id", json_integer(s->id));

        json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false());

        if (s->mpm_sm != NULL) {
            char orig[256] = "";
            char chop[256] = "";

            DumpFp(s->mpm_sm, orig, sizeof(orig), chop, sizeof(chop));

            json_object_set_new(js_sig, "mpm_buffer", json_string(DetectListToHumanString(SigMatchListSMBelongsTo(s, s->mpm_sm))));
            json_object_set_new(js_sig, "mpm_pattern", json_string(orig));

            if (strlen(chop) > 0) {
                json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop));
            }
        }
        json_array_append_new(js_array, js_sig);
    }

    json_object_set_new(ir, "rules", js_array);
    json_object_set_new(js, "inspectedrules", ir);

    const char *filename = "packet_inspected_rules.json";
    const char *log_dir = ConfigGetLogDirectory();
    char log_path[PATH_MAX] = "";
    snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, filename);

    MemBuffer *mbuf = NULL;
    mbuf = MemBufferCreateNew(4096);
    BUG_ON(mbuf == NULL);

    OutputJSONMemBufferWrapper wrapper = {
        .buffer = &mbuf,
        .expand_by = 4096,
    };

    int r = json_dump_callback(js, OutputJSONMemBufferCallback, &wrapper,
                               JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
                               JSON_ESCAPE_SLASH);
    if (r != 0) {
        SCLogWarning(SC_ERR_SOCKET, "unable to serialize JSON object");
    } else {
        MemBufferWriteString(mbuf, "\n");
        SCMutexLock(&g_rule_dump_write_m);
        FILE *fp = fopen(log_path, "a");
        if (fp != NULL) {
            MemBufferPrintToFPAsString(mbuf, fp);
            fclose(fp);
            SCMutexUnlock(&g_rule_dump_write_m);
        }
    }

    MemBufferFree(mbuf);
    json_object_clear(js);
    json_decref(js);
}
Example #30
0
int ast_json_object_clear(struct ast_json *object)
{
	return json_object_clear((json_t *)object);
}