blob: 13342412ed949f257c1ac77113c8747129e8e6f5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
#! /bin/sh
set -e
function usage() {
cat <<EOF
usage: $0 <protocol name>
This script will provision a new JSON application layer transaction
logger for the protocol name specified on the command line. This is
done by copying and patching src/output-json-template.h and
src/output-json-template.c then link the new files into the build
system.
It is required that the application layer parser has already been
provisioned by the setup-app-layer.sh script.
Examples:
$0 DNP3
$0 Gopher
EOF
}
fail_if_exists() {
path="$1"
if test -e "${path}"; then
echo "error: ${path} already exists."
exit 1
fi
}
function copy_template_file() {
src="$1"
dst="$2"
echo "Creating ${dst}."
sed -e '/TEMPLATE_START_REMOVE/,/TEMPLATE_END_REMOVE/d' \
-e "s/TEMPLATE/${protoname_upper}/g" \
-e "s/template/${protoname_lower}/g" \
-e "s/Template/${protoname}/g" \
> ${dst} < ${src}
}
function copy_templates() {
src_h="src/output-json-template.h"
dst_h="src/output-json-${protoname_lower}.h"
src_c="src/output-json-template.c"
dst_c="src/output-json-${protoname_lower}.c"
fail_if_exists ${dst_h}
fail_if_exists ${dst_c}
copy_template_file ${src_h} ${dst_h}
copy_template_file ${src_c} ${dst_c}
}
function patch_makefile_am() {
filename="src/Makefile.am"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/output-json-template.c
t-
s/template/${protoname_lower}/g
w
EOF
}
function patch_suricata_c() {
filename="src/suricata.c"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/#include "output-json-template.h"
t-
s/template/${protoname_lower}/
/TmModuleJsonTemplateLogRegister
-
.,+t-
-
.,+s/Template/${protoname}/
w
EOF
}
patch_tm_modules_c() {
filename="src/tm-modules.c"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/TMM_JSONTEMPLATELOG
t-
s/TEMPLATE/${protoname_upper}
w
EOF
}
patch_tm_threads_common_h() {
filename="src/tm-threads-common.h"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/TMM_JSONTEMPLATELOG
t-
s/TEMPLATE/${protoname_upper}
w
EOF
}
patch_suricata_yaml_in() {
filename="suricata.yaml.in"
echo "Patching ${filename}."
ed -s ${filename} > /dev/null <<EOF
/eve-log:
/types:
a
- ${protoname_lower}
.
w
EOF
}
protoname="$1"
if [ "${protoname}" = "" ]; then
usage
exit 1
fi
protoname_lower=$(printf ${protoname} | tr '[:upper:]' '[:lower:]')
protoname_upper=$(printf ${protoname} | tr '[:lower:]' '[:upper:]')
# Requires that the protocol has already been setup.
if ! grep -q "ALPROTO_${protoname_upper}" src/app-layer-protos.h; then
echo "error: no app-layer parser exists for ALPROTO_${protoname_upper}."
exit 1
fi
copy_templates
patch_makefile_am
patch_suricata_c
patch_tm_modules_c
patch_tm_threads_common_h
patch_suricata_yaml_in
cat <<EOF
A JSON application layer transaction logger for the protocol
${protoname} has now been set in the files:
src/output-json-${protoname_lower}.h
src/output-json-${protoname_lower}.c
and should now build cleanly. Try running 'make'.
EOF
|
