Added parsing and utilization of yaml defined payload buffer value.

src/output-json-alert.c

@@ -35,6 +35,7 @@
 #include "threadvars.h"
 #include "util-debug.h"
 
+#include "util-misc.h"
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
 
@@ -83,6 +84,7 @@
 typedef struct AlertJsonOutputCtx_ {
     LogFileCtx* file_ctx;
     uint8_t flags;
+    uint32_t payload_buffer_size;
     HttpXFFCfg *xff_cfg;
 } AlertJsonOutputCtx;
 
@@ -285,7 +287,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                                     (void *)payload);
 
                 if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
-                    unsigned long len = JSON_STREAM_BUFFER_SIZE * 2;
+                    unsigned long len = json_output_ctx->payload_buffer_size * 2;
                     uint8_t encoded[len];
                     Base64Encode(payload->buffer, payload->offset, encoded, &len);
                     json_object_set_new(js, "payload", json_string((char *)encoded));
@@ -479,17 +481,17 @@ static TmEcode JsonAlertLogThreadInit(ThreadVars *t, void *initdata, void **data
         return TM_ECODE_FAILED;
     }
 
-    aft->payload_buffer = MemBufferCreateNew(JSON_STREAM_BUFFER_SIZE);
-    if (aft->payload_buffer == NULL) {
-        SCFree(aft);
-        return TM_ECODE_FAILED;
-    }
-
     /** Use the Output Context (file pointer and mutex) */
     AlertJsonOutputCtx *json_output_ctx = ((OutputCtx *)initdata)->data;
     aft->file_ctx = json_output_ctx->file_ctx;
     aft->json_output_ctx = json_output_ctx;
 
+    aft->payload_buffer = MemBufferCreateNew(json_output_ctx->payload_buffer_size);
+    if (aft->payload_buffer == NULL) {
+        SCFree(aft);
+        return TM_ECODE_FAILED;
+    }
+
     *data = (void *)aft;
     return TM_ECODE_OK;
 }
@@ -556,8 +558,11 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
 
     json_output_ctx->xff_cfg = xff_cfg;
 
+    uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;
+
     if (conf != NULL) {
         const char *payload = ConfNodeLookupChildValue(conf, "payload");
+        const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");
         const char *packet  = ConfNodeLookupChildValue(conf, "packet");
         const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");
         const char *http = ConfNodeLookupChildValue(conf, "http");
@@ -595,12 +600,24 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
                 json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;
             }
         }
+        if (payload_buffer_value != NULL) {
+            uint32_t value;
+            if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {
+                SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing "
+                           "payload-buffer-size - %s. Killing engine",
+                           payload_buffer_value);
+                exit(EXIT_FAILURE);
+            } else {
+                payload_buffer_size = value;
+            }
+        }
         if (packet != NULL) {
             if (ConfValIsTrue(packet)) {
                 json_output_ctx->flags |= LOG_JSON_PACKET;
             }
         }
 
+	json_output_ctx->payload_buffer_size = payload_buffer_size;
         HttpXFFGetCfg(conf, xff_cfg);
     }
 }

src/util-error.c

@@ -317,6 +317,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_DEPRECATED_CONF);
         CASE_CODE (SC_WARN_FASTER_CAPTURE_AVAILABLE);
         CASE_CODE (SC_WARN_POOR_RULE);
+        CASE_CODE (SC_ERR_ALERT_PAYLOAD_BUFFER);
     }
 
     return "UNKNOWN_ERROR";

src/util-error.h

@@ -307,6 +307,7 @@ typedef enum {
     SC_ERR_DEPRECATED_CONF, /**< Deprecated configuration parameter. */
     SC_WARN_FASTER_CAPTURE_AVAILABLE,
     SC_WARN_POOR_RULE,
+    SC_ERR_ALERT_PAYLOAD_BUFFER,
 } SCError;
 
 const char *SCErrorToString(SCError);