Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eve: revert ethernet addresses when needed #9715

Closed
wants to merge 1 commit into from
Closed

eve: revert ethernet addresses when needed #9715

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/output-json-flow.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,7 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
/* Close flow. */
jb_close(jb);

EveAddCommonOptions(&aft->ctx->cfg, NULL, f, jb);
EveAddCommonOptions(&aft->ctx->cfg, NULL, f, jb, LOG_DIR_FLOW);

/* TCP */
if (f->proto == IPPROTO_TCP) {
Expand Down
4 changes: 2 additions & 2 deletions src/output-json-netflow.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,7 @@ static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
if (unlikely(jb == NULL))
return TM_ECODE_OK;
NetFlowLogEveToServer(jb, f);
EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb);
EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb, LOG_DIR_FLOW_TOSERVER);
OutputJsonBuilderBuffer(jb, jhl);
jb_free(jb);

Expand All @@ -285,7 +285,7 @@ static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
if (unlikely(jb == NULL))
return TM_ECODE_OK;
NetFlowLogEveToClient(jb, f);
EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb);
EveAddCommonOptions(&jhl->ctx->cfg, NULL, f, jb, LOG_DIR_FLOW_TOCLIENT);
OutputJsonBuilderBuffer(jb, jhl);
jb_free(jb);
}
Expand Down
71 changes: 61 additions & 10 deletions src/output-json.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@

static void OutputJsonDeInitCtx(OutputCtx *);
static void CreateEveCommunityFlowId(JsonBuilder *js, const Flow *f, const uint16_t seed);
static int CreateJSONEther(JsonBuilder *parent, const Packet *p, const Flow *f);
static int CreateJSONEther(
JsonBuilder *parent, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir);

static const char *TRAFFIC_ID_PREFIX = "traffic/id/";
static const char *TRAFFIC_LABEL_PREFIX = "traffic/label/";
Expand Down Expand Up @@ -412,14 +413,14 @@ void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js)
}
}

void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
const Packet *p, const Flow *f, JsonBuilder *js)
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
JsonBuilder *js, enum OutputJsonLogDirection dir)
{
if (cfg->include_metadata) {
EveAddMetadata(p, f, js);
}
if (cfg->include_ethernet) {
CreateJSONEther(js, p, f);
CreateJSONEther(js, p, f, dir);
}
if (cfg->include_community_id && f != NULL) {
CreateEveCommunityFlowId(js, f, cfg->community_id_seed);
Expand Down Expand Up @@ -742,14 +743,58 @@ static int MacSetIterateToJSON(uint8_t *val, MacSetSide side, void *data)
return 0;
}

static int CreateJSONEther(JsonBuilder *js, const Packet *p, const Flow *f)
static int CreateJSONEther(
JsonBuilder *js, const Packet *p, const Flow *f, enum OutputJsonLogDirection dir)
{
if (p != NULL) {
/* this is a packet context, so we need to add scalar fields */
if (p->ethh != NULL) {
jb_open_object(js, "ether");
uint8_t *src = p->ethh->eth_src;
uint8_t *dst = p->ethh->eth_dst;
uint8_t *src;
uint8_t *dst;
switch (dir) {
case LOG_DIR_FLOW:
if
PKT_IS_TOCLIENT(p)
{
src = p->ethh->eth_dst;
dst = p->ethh->eth_src;
}
else {
src = p->ethh->eth_src;
dst = p->ethh->eth_dst;
}
break;
case LOG_DIR_FLOW_TOCLIENT:
if
PKT_IS_TOSERVER(p)
{
src = p->ethh->eth_dst;
dst = p->ethh->eth_src;
}
else {
src = p->ethh->eth_src;
dst = p->ethh->eth_dst;
}
break;
case LOG_DIR_FLOW_TOSERVER:
if
PKT_IS_TOCLIENT(p)
{
src = p->ethh->eth_dst;
dst = p->ethh->eth_src;
}
else {
src = p->ethh->eth_src;
dst = p->ethh->eth_dst;
}
Comment on lines +780 to +790
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird formatting, but it passes the check. When I run the formatting scripts it reformats it back to something more normal.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know what happened here. I used regular formatting and it was changed to that by clang.

break;
case LOG_DIR_PACKET:
default:
src = p->ethh->eth_src;
dst = p->ethh->eth_dst;
break;
}
JSONFormatAndAddMACAddr(js, "src_mac", src, false);
JSONFormatAndAddMACAddr(js, "dest_mac", dst, false);
jb_close(js);
Expand All @@ -773,8 +818,14 @@ static int CreateJSONEther(JsonBuilder *js, const Packet *p, const Flow *f)
}
jb_close(info.dst);
jb_close(info.src);
jb_set_object(js, "dest_macs", info.dst);
jb_set_object(js, "src_macs", info.src);
/* case is handling netflow too so may need to revert */
if (dir == LOG_DIR_FLOW_TOCLIENT) {
jb_set_object(js, "dest_macs", info.src);
jb_set_object(js, "src_macs", info.dst);
} else {
jb_set_object(js, "dest_macs", info.dst);
jb_set_object(js, "src_macs", info.src);
}
jb_free(info.dst);
jb_free(info.src);
jb_close(js);
Expand Down Expand Up @@ -863,7 +914,7 @@ JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
jb_set_string(js, "pkt_src", PktSrcToString(p->pkt_src));

if (eve_ctx != NULL) {
EveAddCommonOptions(&eve_ctx->cfg, p, f, js);
EveAddCommonOptions(&eve_ctx->cfg, p, f, js, dir);
}

return js;
Expand Down
4 changes: 2 additions & 2 deletions src/output-json.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,8 @@ OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);

void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
const Packet *p, const Flow *f, JsonBuilder *js);
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f,
JsonBuilder *js, enum OutputJsonLogDirection dir);
void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js);

int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
Expand Down