void RRDVisAnalyzer::analyzeFlow(const Flow* flow)
{
if (firstFlow) {
initDatabases((uint64_t)(((uint64_t)flow->flowStart / 1000) / 60) * 60);
firstFlow = false;
}
static char output[16];
lpm_lookup(tree, flow->srcIP, output);
// VERMONT does not use the timestamps properly to determine which direction of the
// flow did start the flow. It is therefore possible that the reverse flow direction
// actually started the flow. Hence, we need to check this manually.
if (flow->flowStart < flow->revFlowStart) {
updateEntry(output, flow->flowStart, flow->flowEnd, flow->proto, flow->revBytes, flow->revPackets, flow->bytes, flow->packets);
} else {
updateEntry(output, flow->revFlowStart, flow->revFlowEnd, flow->proto, flow->bytes, flow->packets, flow->revBytes, flow->revPackets);
}
lpm_lookup(tree, flow->dstIP, output);
if (flow->flowStart < flow->revFlowStart) {
updateEntry(output, flow->revFlowStart, flow->revFlowEnd, flow->proto, flow->bytes, flow->packets, flow->revBytes, flow->revPackets);
} else {
updateEntry(output, flow->flowStart, flow->flowEnd, flow->proto, flow->revBytes, flow->revPackets, flow->bytes, flow->packets);
}
}
void ExportPrimersDialog::sl_connectionCompleted() {
QObject *connectionDialog = sender();
if (Q_LIKELY(NULL != connectionDialog)) {
connectionDialog->deleteLater();
}
initDatabases();
sl_updateState();
}
void MainWindow::loadFinished(bool ok)
{
disconnect(m_webView, SIGNAL(loadFinished(bool)), this, SLOT(loadFinished(bool)));
if (ok) {
initDatabases();
m_webView->page()->currentFrame()->evaluateJavaScript(QString("db.MAX_TWEET_CACHE_SIZE = 2048;"));
m_webView->page()->currentFrame()->evaluateJavaScript(QString("db.MAX_USER_CACHE_SIZE = 128;"));
m_webView->page()->currentFrame()->evaluateJavaScript(QString("i18n.locale = \"%1\";").arg(QLocale::system().name()));
m_webView->page()->currentFrame()->evaluateJavaScript("globals.load_flags = 1;");
}
}
void MainWindow::loadFinished(bool ok)
{
disconnect(m_webView, SIGNAL(loadFinished(bool)), this, SLOT(loadFinished(bool)));
if (ok) {
initDatabases();
m_webView->page()->currentFrame()->evaluateJavaScript(QString("i18n.locale = \"%1\";").arg(QLocale::system().name()));
m_webView->page()->currentFrame()->evaluateJavaScript("globals.load_flags = 1;");
#ifndef MEEGO_EDITION_HARMATTAN
if (!isStartMinimized() || !isAutoSignIn())
show();
#else
show();
#endif
}
else {
show();
}
}
void MainWindow::loadFinished(bool ok)
{
disconnect(m_webView, SIGNAL(loadFinished(bool)), this, SLOT(loadFinished(bool)));
if (ok) {
initDatabases();
QString confString = QString(
"hotot_qt_variables = {"
" 'platform': 'Linux'"
" , 'avatar_cache_dir': '%3'"
" , 'extra_fonts': %4"
" , 'extra_exts': %5"
" , 'extra_themes': %6"
" , 'locale': '%7'"
"};").arg(m_confDir)
.arg(extraFonts())
.arg(extraExtensions())
.arg(extraThemes())
.arg(QLocale::system().name());
m_webView->page()->currentFrame()->evaluateJavaScript(confString);
QTimer::singleShot(0, this, SLOT(notifyLoadFinished()));
#ifndef MEEGO_EDITION_HARMATTAN
if (!isStartMinimized() || !isAutoSignIn()) {
show();
QSettings settings("hotot-qt", "hotot");
restoreGeometry(settings.value("geometry").toByteArray());
restoreState(settings.value("windowState").toByteArray());
}
#else
show();
#endif
}
else {
show();
}
}
static enum a6o_mod_status moduleH1_post_init(struct a6o_module *module)
{
#ifdef _WIN32
const char * bases_location = NULL;
int len;
char* modelMalwareEat = NULL;
char* modelMalwareIat = NULL;
char* modelNotMalwareEat = NULL;
char* modelNotMalwareIat = NULL;
char* databaseEat = NULL;
char* databaseIat = NULL;
char* databaseTFIDFInf = NULL;
char* databaseTFIDFSain = NULL;
/*build db directory complete path*/
bases_location = a6o_std_path(BASES_LOCATION);
// modelMalwareEat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\Database_malsain_2.zip") + 1;
modelMalwareEat = calloc(len + 1, sizeof(char));
modelMalwareEat[len] = '\0';
sprintf_s(modelMalwareEat, len, "%s%cmoduleH1\\windows\\Database_malsain_2.zip", bases_location, a6o_path_sep());
// modelMalwareIat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\Database_malsain_1.zip") + 1;
modelMalwareIat = calloc(len + 1, sizeof(char));
modelMalwareIat[len] = '\0';
sprintf_s(modelMalwareIat, len, "%s%cmoduleH1\\windows\\Database_malsain_1.zip", bases_location, a6o_path_sep());
// modelNotMalwareEat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\Database_sain_2.zip") + 1;
modelNotMalwareEat = calloc(len + 1, sizeof(char));
modelNotMalwareEat[len] = '\0';
sprintf_s(modelNotMalwareEat, len, "%s%cmoduleH1\\windows\\Database_sain_2.zip", bases_location, a6o_path_sep());
// modelNotMalwareIat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\Database_sain_1.zip") + 1;
modelNotMalwareIat = calloc(len + 1, sizeof(char));
modelNotMalwareIat[len] = '\0';
sprintf_s(modelNotMalwareIat, len, "%s%cmoduleH1\\windows\\Database_sain_1.zip", bases_location, a6o_path_sep());
// databaseEat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\database_2.dat") + 1;
databaseEat = calloc(len + 1, sizeof(char));
databaseEat[len] = '\0';
sprintf_s(databaseEat, len, "%s%cmoduleH1\\windows\\database_2.dat", bases_location, a6o_path_sep());
// databaseIat
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\database_1.dat") + 1;
databaseIat = calloc(len + 1, sizeof(char));
databaseIat[len] = '\0';
sprintf_s(databaseIat, len, "%s%cmoduleH1\\windows\\database_1.dat", bases_location, a6o_path_sep());
// databaseTFIDFInf
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\DBI_inf.dat") + 1;
databaseTFIDFInf = calloc(len + 1, sizeof(char));
databaseTFIDFInf[len] = '\0';
sprintf_s(databaseTFIDFInf, len, "%s%cmoduleH1\\windows\\DBI_inf.dat", bases_location, a6o_path_sep());
// databaseTFIDFSain
len = strlen(bases_location) + 1 + strlen("moduleH1\\windows\\DBI_sain.dat") + 1;
databaseTFIDFSain = calloc(len + 1, sizeof(char));
databaseTFIDFSain[len] = '\0';
sprintf_s(databaseTFIDFSain, len, "%s%cmoduleH1\\windows\\DBI_sain.dat", bases_location, a6o_path_sep());
//printf("[+] Debug :: module H1 database file = [%s]\n", databaseEat);
/* initDatabase function extension :: add db location as first parameter */
if (initDatabases(modelMalwareEat,
modelMalwareIat,
modelNotMalwareEat,
modelNotMalwareIat,
databaseEat,
databaseIat,
databaseTFIDFInf,
databaseTFIDFSain) != 0)
return ARMADITO_MOD_INIT_ERROR;
a6o_log(ARMADITO_LOG_MODULE, ARMADITO_LOG_LEVEL_INFO, "module H1 PE databases loaded from %s\\moduleH1\\windows \n", bases_location);
free(modelMalwareEat);
free(modelMalwareIat);
free(modelNotMalwareEat);
free(modelNotMalwareIat);
free(databaseEat);
free(databaseIat);
free(databaseTFIDFInf);
free(databaseTFIDFSain);
free(bases_location);
#else
a6o_log(ARMADITO_LOG_MODULE, ARMADITO_LOG_LEVEL_INFO, "loading module H1 ELF databases from " MODULEH1_DBDIR "/linux");
if (initDB(MODULEH1_DBDIR "/linux/database.elfdata",
MODULEH1_DBDIR "/linux/db_malicious.zip",
MODULEH1_DBDIR "/linux/db_safe.zip",
MODULEH1_DBDIR "/linux/tfidf_m.dat",
MODULEH1_DBDIR "/linux/tfidf_s.dat") != 0)
return ARMADITO_MOD_INIT_ERROR;
a6o_log(ARMADITO_LOG_MODULE, ARMADITO_LOG_LEVEL_INFO, "module H1 ELF databases loaded from " MODULEH1_DBDIR "/linux");
a6o_log(ARMADITO_LOG_MODULE, ARMADITO_LOG_LEVEL_INFO, "loading module H1 PE databases from " MODULEH1_DBDIR "/windows");
if (initDatabases(MODULEH1_DBDIR "/windows/Database_malsain_2.zip",
MODULEH1_DBDIR "/windows/Database_malsain_1.zip",
MODULEH1_DBDIR "/windows/Database_sain_2.zip",
MODULEH1_DBDIR "/windows/Database_sain_1.zip",
MODULEH1_DBDIR "/windows/database_2.dat",
MODULEH1_DBDIR "/windows/database_1.dat",
MODULEH1_DBDIR "/windows/DBI_inf.dat",
MODULEH1_DBDIR "/windows/DBI_sain.dat") != 0)
return ARMADITO_MOD_INIT_ERROR;
a6o_log(ARMADITO_LOG_MODULE, ARMADITO_LOG_LEVEL_INFO, "module H1 PE databases loaded from %s " MODULEH1_DBDIR "/windows");
#endif
return ARMADITO_MOD_OK;
}
