void mysql_classify(MolochSession_t *session, const unsigned char *data, int len)
{
if (session->which != 1)
return;
if (moloch_nids_has_protocol(session, "mysql"))
return;
unsigned char *ptr = (unsigned char*)data + 5;
unsigned char *end = (unsigned char*)data + len;
while (ptr < end) {
if (*ptr == 0)
break;
if (!isprint(*ptr)) {
return;
}
ptr++;
}
if (ptr == end || ptr == data + 5) {
return;
}
Info_t *info = MOLOCH_TYPE_ALLOC0(Info_t);
info->versionLen = ptr - (data + 5);
info->version = g_strndup((char*)data + 5, info->versionLen);
moloch_parsers_register(session, mysql_parser, info, mysql_free);
}
void dns_tcp_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int UNUSED(len), int which)
{
if (which == 0 && session->port2 == 53 && !moloch_nids_has_protocol(session, "dns")) {
moloch_nids_add_protocol(session, "dns");
moloch_parsers_register(session, dns_tcp_parser, 0, 0);
}
}
void irc_classify(MolochSession_t *session, const unsigned char *data, int len, int which)
{
if (data[0] == ':' && !moloch_memstr((char *)data, len, " NOTICE ", 8))
return;
//If a USER packet must have NICK with it so we don't pickup FTP
if (data[0] == 'U' && !moloch_memstr((char *)data, len, "\nNICK ", 6)) {
return;
}
if (moloch_nids_has_protocol(session, "irc"))
return;
moloch_nids_add_protocol(session, "irc");
IRCInfo_t *irc = MOLOCH_TYPE_ALLOC0(IRCInfo_t);
moloch_parsers_register(session, irc_parser, irc, irc_free);
irc_parser(session, irc, data, len, which);
}
