static void set_http_session_ids(mp_pool_t *pool,ks_http_session_ids_t *ids,packet_info *pinfo){
guchar addr_buf[MAX_ADDR_STR_LEN];
ids->time = pinfo->fd->abs_ts;
ids->frame_num = pinfo->fd->num;
address_to_str_buf(&pinfo->dl_src,addr_buf,MAX_ADDR_STR_LEN);
ids->srcmac = mp_pstrdup(pool,addr_buf);
address_to_str_buf(&pinfo->dl_dst,addr_buf,MAX_ADDR_STR_LEN);
ids->dstmac = mp_pstrdup(pool,addr_buf);
address_to_str_buf(&pinfo->net_src,addr_buf,MAX_ADDR_STR_LEN);
ids->srcip = mp_pstrdup(pool,addr_buf);
address_to_str_buf(&pinfo->net_dst,addr_buf,MAX_ADDR_STR_LEN);
ids->dstip = mp_pstrdup(pool,addr_buf);
ids->src_port = pinfo->srcport;
ids->dst_port = pinfo->destport;
}
static const char *
followStrFilter(
const follow_t *fp
)
{
static char filter[512];
int len = 0;
const gchar *verp;
gchar *udpfilter;
gchar ip0[MAX_IP6_STR_LEN];
gchar ip1[MAX_IP6_STR_LEN];
if (fp->stream_index != G_MAXUINT32)
{
switch (fp->type)
{
case type_TCP:
case type_SSL:
len = g_snprintf(filter, sizeof filter,
"tcp.stream eq %d", fp->stream_index);
break;
case type_UDP:
udpfilter = build_follow_index_filter(UDP_STREAM);
len = g_snprintf(filter, sizeof filter,
"%s", udpfilter);
g_free(udpfilter);
break;
}
}
else
{
verp = fp->addr[0].type == AT_IPv6 ? "v6" : "";
address_to_str_buf(&fp->addr[0], ip0, sizeof ip0);
address_to_str_buf(&fp->addr[1], ip1, sizeof ip1);
switch (fp->type)
{
case type_TCP:
len = g_snprintf(filter, sizeof filter,
"((ip%s.src eq %s and tcp.srcport eq %d) and "
"(ip%s.dst eq %s and tcp.dstport eq %d))"
" or "
"((ip%s.src eq %s and tcp.srcport eq %d) and "
"(ip%s.dst eq %s and tcp.dstport eq %d))",
verp, ip0, fp->port[0],
verp, ip1, fp->port[1],
verp, ip1, fp->port[1],
verp, ip0, fp->port[0]);
break;
case type_UDP:
len = g_snprintf(filter, sizeof filter,
"((ip%s.src eq %s and udp.srcport eq %d) and "
"(ip%s.dst eq %s and udp.dstport eq %d))"
" or "
"((ip%s.src eq %s and udp.srcport eq %d) and "
"(ip%s.dst eq %s and udp.dstport eq %d))",
verp, ip0, fp->port[0],
verp, ip1, fp->port[1],
verp, ip1, fp->port[1],
verp, ip0, fp->port[0]);
break;
case type_SSL:
break;
}
}
if (len == 0)
{
followExit("Don't know how to create filter.");
}
if (len == sizeof filter)
{
followExit("Filter buffer overflow.");
}
return filter;
}
static void follow_draw(void *contextp)
{
static const char separator[] =
"===================================================================\n";
follow_info_t *follow_info = (follow_info_t*)contextp;
cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data;
gchar buf[MAX_IP6_STR_LEN];
guint32 global_client_pos = 0, global_server_pos = 0;
guint32 *global_pos;
guint32 ii, jj;
char *buffer;
GList *cur;
follow_record_t *follow_record;
guint chunk;
printf("\n%s", separator);
printf("Follow: %s,%s\n", proto_get_protocol_filter_name(get_follow_proto_id(cli_follow_info->follower)), follow_str_type(cli_follow_info));
printf("Filter: %s\n", follow_info->filter_out_filter);
address_to_str_buf(&follow_info->client_ip, buf, sizeof buf);
if (follow_info->client_ip.type == AT_IPv6)
printf("Node 0: [%s]:%d\n", buf, follow_info->client_port);
else
printf("Node 0: %s:%d\n", buf, follow_info->client_port);
address_to_str_buf(&follow_info->server_ip, buf, sizeof buf);
if (follow_info->client_ip.type == AT_IPv6)
printf("Node 1: [%s]:%d\n", buf, follow_info->server_port);
else
printf("Node 1: %s:%d\n", buf, follow_info->server_port);
for (cur = follow_info->payload, chunk = 0;
cur != NULL;
cur = g_list_next(cur), chunk++)
{
follow_record = (follow_record_t *)cur->data;
if (!follow_record->is_server) {
global_pos = &global_client_pos;
} else {
global_pos = &global_server_pos;
}
/* ignore chunks not in range */
if ((chunk < cli_follow_info->chunkMin) || (chunk > cli_follow_info->chunkMax)) {
(*global_pos) += follow_record->data->len;
continue;
}
switch (cli_follow_info->show_type)
{
case SHOW_HEXDUMP:
break;
case SHOW_ASCII:
case SHOW_EBCDIC:
printf("%s%u\n", follow_record->is_server ? "\t" : "", follow_record->data->len);
break;
case SHOW_RAW:
if (follow_record->is_server)
{
putchar('\t');
}
break;
default:
g_assert_not_reached();
}
switch (cli_follow_info->show_type)
{
case SHOW_HEXDUMP:
follow_print_hex(follow_record->is_server ? "\t" : "", *global_pos, follow_record->data->data, follow_record->data->len);
(*global_pos) += follow_record->data->len;
break;
case SHOW_ASCII:
case SHOW_EBCDIC:
buffer = (char *)g_malloc(follow_record->data->len+2);
for (ii = 0; ii < follow_record->data->len; ii++)
{
switch (follow_record->data->data[ii])
{
case '\r':
case '\n':
buffer[ii] = follow_record->data->data[ii];
break;
default:
buffer[ii] = g_ascii_isprint(follow_record->data->data[ii]) ? follow_record->data->data[ii] : '.';
break;
}
}
buffer[ii++] = '\n';
buffer[ii] = 0;
if (cli_follow_info->show_type == SHOW_EBCDIC) {
EBCDIC_to_ASCII(buffer, ii);
}
printf("%s", buffer);
g_free(buffer);
break;
case SHOW_RAW:
buffer = (char *)g_malloc((follow_record->data->len*2)+2);
for (ii = 0, jj = 0; ii < follow_record->data->len; ii++)
{
buffer[jj++] = bin2hex[follow_record->data->data[ii] >> 4];
buffer[jj++] = bin2hex[follow_record->data->data[ii] & 0xf];
}
buffer[jj++] = '\n';
buffer[jj] = 0;
printf("%s", buffer);
g_free(buffer);
break;
default:
g_assert_not_reached();
}
}
printf("%s", separator);
}
