static void LogHttpLogExtended(LogHttpLogThread *aft, htp_tx_t *tx)
{
MemBufferWriteString(aft->buffer, " [**] ");
/* referer */
htp_header_t *h_referer = NULL;
if (tx->request_headers != NULL) {
h_referer = table_getc(tx->request_headers, "referer");
}
if (h_referer != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(h_referer->value),
bstr_len(h_referer->value));
} else {
MemBufferWriteString(aft->buffer, "<no referer>");
}
MemBufferWriteString(aft->buffer, " [**] ");
/* method */
if (tx->request_method != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method));
}
MemBufferWriteString(aft->buffer, " [**] ");
/* protocol */
if (tx->request_protocol != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->request_protocol),
bstr_len(tx->request_protocol));
} else {
MemBufferWriteString(aft->buffer, "<no protocol>");
}
MemBufferWriteString(aft->buffer, " [**] ");
/* response status */
if (tx->response_status != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status));
/* Redirect? */
if ((tx->response_status_number > 300) && ((tx->response_status_number) < 303)) {
htp_header_t *h_location = table_getc(tx->response_headers, "location");
if (h_location != NULL) {
MemBufferWriteString(aft->buffer, " => ");
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(h_location->value),
bstr_len(h_location->value));
}
}
} else {
MemBufferWriteString(aft->buffer, "<no status>");
}
/* length */
MemBufferWriteString(aft->buffer, " [**] %"PRIuMAX" bytes", (uintmax_t)tx->response_message_len);
}
static void DumpFp(const SigMatch *sm, char *pat_orig, uint32_t pat_orig_sz, char *pat_chop, uint32_t pat_chop_sz)
{
int fast_pattern_chop_set = 0;
const DetectContentData *cd = (DetectContentData *)sm->ctx;
if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP) {
fast_pattern_chop_set = 1;
}
}
uint32_t off = 0;
PrintRawUriBuf(pat_orig, &off, pat_orig_sz, cd->content, cd->content_len);
if (fast_pattern_chop_set) {
off = 0;
PrintRawUriBuf(pat_chop, &off, pat_chop_sz, cd->content + cd->fp_chop_offset, cd->fp_chop_len);
}
}
static int LogTcpDataLoggerFile(ThreadVars *tv, void *thread_data, const Flow *f,
const uint8_t *data, uint32_t data_len, uint64_t tx_id, uint8_t flags)
{
SCEnter();
LogTcpDataLogThread *aft = thread_data;
LogTcpDataFileCtx *td = aft->tcpdatalog_ctx;
if (data && data_len) {
MemBufferReset(aft->buffer);
char srcip[46] = "", dstip[46] = "";
if (FLOW_IS_IPV4(f)) {
PrintInet(AF_INET, (const void *)&f->src.addr_data32[0], srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)&f->dst.addr_data32[0], dstip, sizeof(dstip));
} else if (FLOW_IS_IPV6(f)) {
PrintInet(AF_INET6, (const void *)f->src.addr_data32, srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)f->dst.addr_data32, dstip, sizeof(dstip));
}
char name[PATH_MAX];
snprintf(name, sizeof(name), "%s_%u-%s_%u-%s:",
srcip, f->sp, dstip, f->dp,
flags & OUTPUT_STREAMING_FLAG_TOSERVER ? "ts" : "tc");
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)name,strlen(name));
MemBufferWriteString(aft->buffer, "\n");
PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)data,data_len);
td->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), td->file_ctx);
}
SCReturnInt(TM_ECODE_OK);
}
static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
PacketQueue *postpq, int ipproto)
{
SCEnter();
LogHttpLogThread *aft = (LogHttpLogThread *)data;
LogHttpFileCtx *hlog = aft->httplog_ctx;
char timebuf[64];
size_t idx = 0;
/* no flow, no htp state */
if (p->flow == NULL) {
SCReturnInt(TM_ECODE_OK);
}
/* check if we have HTTP state or not */
FLOWLOCK_WRLOCK(p->flow); /* WRITE lock before we updated flow logged id */
uint16_t proto = AppLayerGetProtoFromPacket(p);
if (proto != ALPROTO_HTTP)
goto end;
int r = AppLayerTransactionGetLoggedId(p->flow);
if (r < 0) {
goto end;
}
size_t logged = (size_t)r;
r = HtpTransactionGetLoggableId(p->flow);
if (r < 0) {
goto end;
}
size_t loggable = (size_t)r;
/* nothing to do */
if (logged >= loggable) {
goto end;
}
HtpState *htp_state = (HtpState *)AppLayerGetProtoStateFromPacket(p);
if (htp_state == NULL) {
SCLogDebug("no http state, so no request logging");
goto end;
}
if (htp_state->connp == NULL || htp_state->connp->conn == NULL)
goto end;
htp_tx_t *tx = NULL;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
Port sp, dp;
if ((PKT_IS_TOSERVER(p))) {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->sp;
dp = p->dp;
} else {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->dp;
dp = p->sp;
}
for (idx = logged; idx < loggable; idx++)
{
tx = list_get(htp_state->connp->conn->transactions, idx);
if (tx == NULL) {
SCLogDebug("tx is NULL not logging !!");
continue;
}
SCLogDebug("got a HTTP request and now logging !!");
/* reset */
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_HTTP_CUSTOM) {
LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
} else {
/* time */
MemBufferWriteString(aft->buffer, "%s ", timebuf);
/* hostname */
if (tx->parsed_uri != NULL &&
tx->parsed_uri->hostname != NULL)
{
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->parsed_uri->hostname),
bstr_len(tx->parsed_uri->hostname));
} else {
MemBufferWriteString(aft->buffer, "<hostname unknown>");
}
MemBufferWriteString(aft->buffer, " [**] ");
/* uri */
if (tx->request_uri != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri));
}
MemBufferWriteString(aft->buffer, " [**] ");
/* user agent */
htp_header_t *h_user_agent = NULL;
if (tx->request_headers != NULL) {
h_user_agent = table_getc(tx->request_headers, "user-agent");
}
if (h_user_agent != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(h_user_agent->value),
bstr_len(h_user_agent->value));
} else {
MemBufferWriteString(aft->buffer, "<useragent unknown>");
}
if (hlog->flags & LOG_HTTP_EXTENDED) {
LogHttpLogExtended(aft, tx);
}
/* ip/tcp header info */
MemBufferWriteString(aft->buffer,
" [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
srcip, sp, dstip, dp);
}
aft->uri_cnt ++;
SCMutexLock(&hlog->file_ctx->fp_mutex);
MemBufferPrintToFPAsString(aft->buffer, hlog->file_ctx->fp);
fflush(hlog->file_ctx->fp);
SCMutexUnlock(&hlog->file_ctx->fp_mutex);
AppLayerTransactionUpdateLoggedId(p->flow);
}
end:
FLOWLOCK_UNLOCK(p->flow);
SCReturnInt(TM_ECODE_OK);
}
/* Custom format logging */
static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const struct timeval *ts,
char *srcip, Port sp, char *dstip, Port dp)
{
LogHttpFileCtx *httplog_ctx = aft->httplog_ctx;
uint32_t i;
char buf[128];
htp_header_t *h_request_hdr = NULL;
htp_header_t *h_response_hdr = NULL;
time_t time = ts->tv_sec;
struct tm local_tm;
struct tm *timestamp = (struct tm *)SCLocalTime(time, &local_tm);
for (i = 0; i < httplog_ctx->cf_n; i++) {
switch (httplog_ctx->cf_nodes[i]->type){
case LOG_HTTP_CF_LITERAL:
/* LITERAL */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)httplog_ctx->cf_nodes[i]->data,
strlen(httplog_ctx->cf_nodes[i]->data));
break;
case LOG_HTTP_CF_TIMESTAMP:
/* TIMESTAMP */
if (httplog_ctx->cf_nodes[i]->data == '\0') {
strftime(buf, 62, TIMESTAMP_DEFAULT_FORMAT, timestamp);
} else {
strftime(buf, 62, httplog_ctx->cf_nodes[i]->data, timestamp);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf,strlen(buf));
break;
case LOG_HTTP_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
snprintf(buf, 62, "%06u", (unsigned int) ts->tv_usec);
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf,strlen(buf));
break;
case LOG_HTTP_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)srcip,strlen(srcip));
break;
case LOG_HTTP_CF_SERVER_IP:
/* SERVER IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)dstip,strlen(dstip));
break;
case LOG_HTTP_CF_CLIENT_PORT:
/* CLIENT PORT */
MemBufferWriteString(aft->buffer, "%" PRIu16 "", sp);
break;
case LOG_HTTP_CF_SERVER_PORT:
/* SERVER PORT */
MemBufferWriteString(aft->buffer, "%" PRIu16 "", dp);
break;
case LOG_HTTP_CF_REQUEST_METHOD:
/* METHOD */
if (tx->request_method != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_URI:
/* URI */
if (tx->request_uri != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_HOST:
/* HOSTNAME */
if (tx->parsed_uri != NULL && tx->parsed_uri->hostname != NULL)
{
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->parsed_uri->hostname),
bstr_len(tx->parsed_uri->hostname));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_PROTOCOL:
/* PROTOCOL */
if (tx->request_protocol != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_protocol),
bstr_len(tx->request_protocol));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_HEADER:
/* REQUEST HEADER */
if (tx->request_headers != NULL) {
h_request_hdr = table_getc(tx->request_headers, httplog_ctx->cf_nodes[i]->data);
}
if (h_request_hdr != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(h_request_hdr->value),
bstr_len(h_request_hdr->value));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_RESPONSE_STATUS:
/* RESPONSE STATUS */
if (tx->response_status != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status));
/* Redirect? */
if ((tx->response_status_number > 300) && ((tx->response_status_number) < 303)){
htp_header_t *h_location = table_getc(tx->response_headers, "location");
if (h_location != NULL) {
MemBufferWriteString(aft->buffer, "(");
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(h_location->value),
bstr_len(h_location->value));
MemBufferWriteString(aft->buffer, ")");
}
}
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_RESPONSE_HEADER:
/* RESPONSE HEADER */
if (tx->response_headers != NULL) {
h_response_hdr = table_getc(tx->response_headers,
httplog_ctx->cf_nodes[i]->data);
}
if (h_response_hdr != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(h_response_hdr->value),
bstr_len(h_response_hdr->value));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_RESPONSE_LEN:
/* RESPONSE LEN */
MemBufferWriteString(aft->buffer, "%"PRIuMAX"", (uintmax_t)tx->response_message_len);
break;
}
}
MemBufferWriteString(aft->buffer, "\n");
}
static TmEcode LogHttpLogIPWrapper(ThreadVars *tv, void *data, const Packet *p, Flow *f, HtpState *htp_state, htp_tx_t *tx, uint64_t tx_id, int ipproto)
{
SCEnter();
LogHttpLogThread *aft = (LogHttpLogThread *)data;
LogHttpFileCtx *hlog = aft->httplog_ctx;
char timebuf[64];
/* check if we have HTTP state or not */
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
char srcip[46], dstip[46];
Port sp, dp;
if ((PKT_IS_TOSERVER(p))) {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->sp;
dp = p->dp;
} else {
switch (ipproto) {
case AF_INET:
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), dstip, sizeof(dstip));
break;
case AF_INET6:
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), dstip, sizeof(dstip));
break;
default:
goto end;
}
sp = p->dp;
dp = p->sp;
}
SCLogDebug("got a HTTP request and now logging !!");
/* reset */
MemBufferReset(aft->buffer);
if (hlog->flags & LOG_HTTP_CUSTOM) {
LogHttpLogCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
} else {
/* time */
MemBufferWriteString(aft->buffer, "%s ", timebuf);
/* hostname */
if (tx->request_hostname != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->request_hostname),
bstr_len(tx->request_hostname));
} else {
MemBufferWriteString(aft->buffer, "<hostname unknown>");
}
MemBufferWriteString(aft->buffer, " [**] ");
/* uri */
if (tx->request_uri != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri));
}
MemBufferWriteString(aft->buffer, " [**] ");
/* user agent */
htp_header_t *h_user_agent = NULL;
if (tx->request_headers != NULL) {
h_user_agent = htp_table_get_c(tx->request_headers, "user-agent");
}
if (h_user_agent != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
(uint8_t *)bstr_ptr(h_user_agent->value),
bstr_len(h_user_agent->value));
} else {
MemBufferWriteString(aft->buffer, "<useragent unknown>");
}
if (hlog->flags & LOG_HTTP_EXTENDED) {
LogHttpLogExtended(aft, tx);
}
/* ip/tcp header info */
MemBufferWriteString(aft->buffer,
" [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",
srcip, sp, dstip, dp);
}
aft->uri_cnt ++;
SCMutexLock(&hlog->file_ctx->fp_mutex);
hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
SCMutexUnlock(&hlog->file_ctx->fp_mutex);
end:
SCReturnInt(0);
}
/* Custom format logging */
static void LogHttpLogCustom(LogHttpLogThread *aft, htp_tx_t *tx, const struct timeval *ts,
char *srcip, Port sp, char *dstip, Port dp)
{
LogHttpFileCtx *httplog_ctx = aft->httplog_ctx;
uint32_t i;
uint32_t datalen;
char buf[128];
uint8_t *cvalue = NULL;
uint32_t cvalue_len = 0;
htp_header_t *h_request_hdr;
htp_header_t *h_response_hdr;
time_t time = ts->tv_sec;
struct tm local_tm;
struct tm *timestamp = SCLocalTime(time, &local_tm);
for (i = 0; i < httplog_ctx->cf_n; i++) {
h_request_hdr = NULL;
h_response_hdr = NULL;
switch (httplog_ctx->cf_nodes[i]->type){
case LOG_HTTP_CF_LITERAL:
/* LITERAL */
MemBufferWriteString(aft->buffer, "%s", httplog_ctx->cf_nodes[i]->data);
break;
case LOG_HTTP_CF_TIMESTAMP:
/* TIMESTAMP */
if (httplog_ctx->cf_nodes[i]->data[0] == '\0') {
strftime(buf, 62, TIMESTAMP_DEFAULT_FORMAT, timestamp);
} else {
strftime(buf, 62, httplog_ctx->cf_nodes[i]->data, timestamp);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf,strlen(buf));
break;
case LOG_HTTP_CF_TIMESTAMP_U:
/* TIMESTAMP USECONDS */
snprintf(buf, 62, "%06u", (unsigned int) ts->tv_usec);
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)buf,strlen(buf));
break;
case LOG_HTTP_CF_CLIENT_IP:
/* CLIENT IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)srcip,strlen(srcip));
break;
case LOG_HTTP_CF_SERVER_IP:
/* SERVER IP ADDRESS */
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)dstip,strlen(dstip));
break;
case LOG_HTTP_CF_CLIENT_PORT:
/* CLIENT PORT */
MemBufferWriteString(aft->buffer, "%" PRIu16 "", sp);
break;
case LOG_HTTP_CF_SERVER_PORT:
/* SERVER PORT */
MemBufferWriteString(aft->buffer, "%" PRIu16 "", dp);
break;
case LOG_HTTP_CF_REQUEST_METHOD:
/* METHOD */
if (tx->request_method != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_URI:
/* URI */
if (tx->request_uri != NULL) {
datalen = httplog_ctx->cf_nodes[i]->maxlen;
if (datalen == 0 || datalen > bstr_len(tx->request_uri)) {
datalen = bstr_len(tx->request_uri);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_uri),
datalen);
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_HOST:
/* HOSTNAME */
if (tx->request_hostname != NULL)
{
datalen = httplog_ctx->cf_nodes[i]->maxlen;
if (datalen == 0 || datalen > bstr_len(tx->request_hostname)) {
datalen = bstr_len(tx->request_hostname);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_hostname),
datalen);
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_PROTOCOL:
/* PROTOCOL */
if (tx->request_protocol != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->request_protocol),
bstr_len(tx->request_protocol));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_HEADER:
/* REQUEST HEADER */
if (tx->request_headers != NULL) {
h_request_hdr = htp_table_get_c(tx->request_headers, httplog_ctx->cf_nodes[i]->data);
}
if (h_request_hdr != NULL) {
datalen = httplog_ctx->cf_nodes[i]->maxlen;
if (datalen == 0 || datalen > bstr_len(h_request_hdr->value)) {
datalen = bstr_len(h_request_hdr->value);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(h_request_hdr->value),
datalen);
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_COOKIE:
/* REQUEST COOKIE */
if (tx->request_headers != NULL) {
h_request_hdr = htp_table_get_c(tx->request_headers, "Cookie");
if (h_request_hdr != NULL) {
cvalue_len = GetCookieValue((uint8_t *) bstr_ptr(h_request_hdr->value),
bstr_len(h_request_hdr->value), (char *) httplog_ctx->cf_nodes[i]->data,
&cvalue);
}
}
if (cvalue_len > 0 && cvalue != NULL) {
datalen = httplog_ctx->cf_nodes[i]->maxlen;
if (datalen == 0 || datalen > cvalue_len) {
datalen = cvalue_len;
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, cvalue, datalen);
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_REQUEST_LEN:
/* REQUEST LEN */
MemBufferWriteString(aft->buffer, "%"PRIuMAX"", (uintmax_t)tx->request_message_len);
break;
case LOG_HTTP_CF_RESPONSE_STATUS:
/* RESPONSE STATUS */
if (tx->response_status != NULL) {
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status));
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_RESPONSE_HEADER:
/* RESPONSE HEADER */
if (tx->response_headers != NULL) {
h_response_hdr = htp_table_get_c(tx->response_headers,
httplog_ctx->cf_nodes[i]->data);
}
if (h_response_hdr != NULL) {
datalen = httplog_ctx->cf_nodes[i]->maxlen;
if (datalen == 0 || datalen > bstr_len(h_response_hdr->value)) {
datalen = bstr_len(h_response_hdr->value);
}
PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset,
aft->buffer->size, (uint8_t *)bstr_ptr(h_response_hdr->value),
datalen);
} else {
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
}
break;
case LOG_HTTP_CF_RESPONSE_LEN:
/* RESPONSE LEN */
MemBufferWriteString(aft->buffer, "%"PRIuMAX"", (uintmax_t)tx->response_message_len);
break;
default:
/* NO MATCH */
MemBufferWriteString(aft->buffer, LOG_HTTP_CF_NONE);
SCLogDebug("No matching parameter %%%c for custom http log.", httplog_ctx->cf_nodes[i]->type);
break;
}
}
MemBufferWriteString(aft->buffer, "\n");
}