static int analyzer_rtp_stream_event_cleanup(struct event *evt) {
struct data *evt_data = event_get_data(evt);
if (data_is_set(evt_data[analyzer_rtp_stream_src_addr]))
ptype_cleanup(evt_data[analyzer_rtp_stream_src_addr].value);
if (data_is_set(evt_data[analyzer_rtp_stream_dst_addr]))
ptype_cleanup(evt_data[analyzer_rtp_stream_dst_addr].value);
return POM_OK;
}
static int input_kismet_drone_init(struct input *i) {
struct input_kismet_drone_priv *priv;
priv = malloc(sizeof(struct input_kismet_drone_priv));
if (!priv) {
pom_oom(sizeof(struct input_kismet_drone_priv));
return POM_ERR;
}
memset(priv, 0, sizeof(struct input_kismet_drone_priv));
priv->fd = -1;
struct registry_param *p = NULL;
priv->datalink_80211 = proto_get("80211");
priv->datalink_radiotap = proto_get("radiotap");
if (!priv->datalink_80211 || !priv->datalink_radiotap) {
pomlog(POMLOG_ERR "Could not find datalink 80211 or radiotap");
goto err;
}
priv->p_host = ptype_alloc("string");
priv->p_port = ptype_alloc("uint16");
if (!priv->p_host || !priv->p_port)
goto err;
p = registry_new_param("host", "localhost", priv->p_host, "Kismet drone host", 0);
if (input_add_param(i, p) != POM_OK)
goto err;
p = registry_new_param("port", "2502", priv->p_port, "Kismet drone port", 0);
if (input_add_param(i, p) != POM_OK)
goto err;
i->priv = priv;
return POM_OK;
err:
if (p)
registry_cleanup_param(p);
if (priv->p_host)
ptype_cleanup(priv->p_host);
if (priv->p_port)
ptype_cleanup(priv->p_port);
free(priv);
return POM_ERR;
}
int output_log_txt_cleanup(void *output_priv) {
struct output_log_txt_priv *priv = output_priv;
if (priv) {
if (priv->p_prefix)
ptype_cleanup(priv->p_prefix);
if (priv->p_template)
ptype_cleanup(priv->p_template);
free(priv);
}
return POM_OK;
}
int output_file_cleanup(void *output_priv) {
struct output_file_priv *priv = output_priv;
if (priv) {
if (priv->p_listen_pload_evt)
ptype_cleanup(priv->p_listen_pload_evt);
if (priv->p_path)
ptype_cleanup(priv->p_path);
free(priv);
}
return POM_OK;
}
int output_tap_cleanup(void *output_priv) {
struct output_tap_priv *priv = output_priv;
if (priv) {
if (priv->p_ifname)
ptype_cleanup(priv->p_ifname);
if (priv->p_persistent)
ptype_cleanup(priv->p_persistent);
if (priv->p_filter)
ptype_cleanup(priv->p_filter);
free(priv);
}
return POM_OK;
}
int output_log_xml_cleanup(void *output_priv) {
struct output_log_xml_priv *priv = output_priv;
if (priv) {
if (priv->fd != -1)
close(priv->fd);
if (priv->p_filename)
ptype_cleanup(priv->p_filename);
if (priv->p_source)
ptype_cleanup(priv->p_source);
free(priv);
}
return POM_OK;
}
static int analyzer_multipart_pload_close(void *obj, void *p) {
struct analyzer_multipart_pload_priv *priv = p;
if (!priv)
return POM_OK;
if (priv->boundary)
free(priv->boundary);
if (priv->pload)
pload_end(priv->pload);
if (priv->last_line)
free(priv->last_line);
while (priv->pload_data.items) {
struct data_item *itm = priv->pload_data.items;
priv->pload_data.items = itm->next;
if (itm->key)
free(itm->key);
if (itm->value)
ptype_cleanup(itm->value);
free(itm);
}
free(priv);
return POM_OK;
}
static int output_inject_cleanup(void *output_priv) {
struct output_inject_priv *priv = output_priv;
if (priv) {
if (priv->p_interface)
ptype_cleanup(priv->p_interface);
if (priv->p_filter)
ptype_cleanup(priv->p_filter);
free(priv);
}
return POM_OK;
}
struct data *data_alloc_table(struct data_reg *d_reg) {
struct data *d = malloc(sizeof(struct data) * d_reg->data_count);
if (!d) {
pom_oom(sizeof(struct data) * d_reg->data_count);
return NULL;
}
memset(d, 0, sizeof(struct data) * d_reg->data_count);
int i;
for (i = 0; i < d_reg->data_count; i++) {
if (!(d_reg->items[i].flags & (DATA_REG_FLAG_LIST | DATA_REG_FLAG_NO_ALLOC))) {
d[i].value = ptype_alloc_from_type(d_reg->items[i].value_type);
if (!d[i].value)
goto err;
}
// Automatically set the non cleanup flag for non allocated data
if (d_reg->items[i].flags & DATA_REG_FLAG_NO_ALLOC)
d[i].flags = DATA_FLAG_NO_CLEAN;
}
return d;
err:
for (i = 0; i < d_reg->data_count && d[i].value; i++)
ptype_cleanup(d[i].value);
free(d);
return NULL;
}
int packet_info_pool_cleanup() {
unsigned int proto_count = proto_get_count();
unsigned int i;
for (i = 0; i < proto_count; i++) {
struct packet_info *pool = packet_info_pool[i];
while (pool) {
struct packet_info *tmp = pool;
int j;
for (j = 0; tmp->fields_value[j]; j++)
ptype_cleanup(tmp->fields_value[j]);
free(tmp->fields_value);
pool = tmp->next;
free(tmp);
}
}
free(packet_info_pool);
packet_info_pool = NULL;
return POM_OK;
}
static struct proto_expectation_stack *proto_expectation_stack_alloc(struct proto *p, struct ptype *fwd_value, struct ptype *rev_value) {
if (!p || !fwd_value) {
pomlog(POMLOG_ERR "Cannot allocate expectation with a forward nor reverse conntrack entry field value");
return NULL;
}
struct proto_expectation_stack *es = malloc(sizeof(struct proto_expectation_stack));
if (!es) {
pom_oom(sizeof(struct proto_expectation_stack));
return NULL;
}
memset(es, 0, sizeof(struct proto_expectation_stack));
es->proto = p;
es->fields[POM_DIR_FWD] = ptype_alloc_from(fwd_value);
if (!es->fields[POM_DIR_FWD]) {
free(es);
return NULL;
}
if (rev_value) {
es->fields[POM_DIR_REV] = ptype_alloc_from(rev_value);
if (!es->fields[POM_DIR_REV]) {
ptype_cleanup(es->fields[POM_DIR_FWD]);
free(es);
return NULL;
}
}
return es;
}
static int proto_udp_init(struct proto *proto, struct registry_instance *i) {
proto_dns = proto_get("dns");
proto_tftp = proto_get("tftp");
param_conntrack_timeout = ptype_alloc_unit("uint32", "seconds");
if (!param_conntrack_timeout)
return POM_ERR;
struct registry_param *p = registry_new_param("conntrack_timeout", "600", param_conntrack_timeout, "Timeout for UDP connections", 0);
if (!p)
goto err;
if (registry_instance_add_param(i, p) != POM_OK)
goto err;
return POM_OK;
err:
if (p)
registry_cleanup_param(p);
if (param_conntrack_timeout) {
ptype_cleanup(param_conntrack_timeout);
param_conntrack_timeout = NULL;
}
return POM_ERR;
}
static struct proto_expectation_stack *proto_expectation_stack_alloc(struct proto *p, struct ptype *fwd_value, struct ptype *rev_value) {
if (!p || !fwd_value)
return NULL;
struct proto_expectation_stack *es = malloc(sizeof(struct proto_expectation_stack));
if (!es) {
pom_oom(sizeof(struct proto_expectation_stack));
return NULL;
}
memset(es, 0, sizeof(struct proto_expectation_stack));
es->proto = p;
es->fields[POM_DIR_FWD] = ptype_alloc_from(fwd_value);
if (!es->fields[POM_DIR_FWD]) {
free(es);
return NULL;
}
if (rev_value) {
es->fields[POM_DIR_REV] = ptype_alloc_from(rev_value);
if (!es->fields[POM_DIR_REV]) {
ptype_cleanup(es->fields[POM_DIR_FWD]);
free(es);
return NULL;
}
}
return es;
}
int proto_expectation_set_field(struct proto_expectation *e, int stack_index, struct ptype *value, int direction) {
struct proto_expectation_stack *es = NULL;
int i;
if (stack_index > 0) {
es = e->head;
for (i = 1; es && i < stack_index; i++)
es = es->next;
} else {
stack_index = -stack_index;
es = e->tail;
for (i = 1; es && i < stack_index; i++)
es = es->prev;
}
if (!es) {
pomlog(POMLOG_ERR "Invalid stack index in the expectation");
return POM_ERR;
}
if (es->fields[direction]) {
ptype_cleanup(es->fields[direction]);
es->fields[direction] = NULL;
}
if (value) {
es->fields[direction] = ptype_alloc_from(value);
if (!es->fields[direction])
return POM_ERR;
}
return POM_OK;
}
static int input_pcap_file_init(struct input *i) {
if (input_pcap_common_init(i) != POM_OK)
return POM_ERR;
struct input_pcap_priv *priv = i->priv;
struct registry_param *p = NULL;
priv->tpriv.file.p_file = ptype_alloc("string");
if (!priv->tpriv.file.p_file)
goto err;
p = registry_new_param("filename", "dump.cap", priv->tpriv.file.p_file, "File in PCAP format", 0);
if (input_add_param(i, p) != POM_OK)
goto err;
priv->type = input_pcap_type_file;
return POM_OK;
err:
if (priv->tpriv.file.p_file)
ptype_cleanup(priv->tpriv.file.p_file);
if (p)
registry_cleanup_param(p);
free(priv);
return POM_ERR;
}
static int input_pcap_common_init(struct input *i) {
struct input_pcap_priv *priv;
priv = malloc(sizeof(struct input_pcap_priv));
if (!priv) {
pom_oom(sizeof(struct input_pcap_priv));
return POM_ERR;
}
memset(priv, 0, sizeof(struct input_pcap_priv));
struct registry_param *p = NULL;
priv->p_filter = ptype_alloc("string");
if (!priv->p_filter)
goto err;
p = registry_new_param("bpf_filter", "", priv->p_filter, "BPF filter to use", 0);
if (input_add_param(i, p) != POM_OK)
goto err;
i->priv = priv;
return POM_OK;
err:
if (p)
registry_cleanup_param(p);
if (priv->p_filter)
ptype_cleanup(priv->p_filter);
free(priv);
return POM_ERR;
}
static int input_kismet_drone_cleanup(struct input *i) {
struct input_kismet_drone_priv *priv;
priv = i->priv;
if (priv->fd != -1)
close(priv->fd);
if (priv->p_host)
ptype_cleanup(priv->p_host);
if (priv->p_port)
ptype_cleanup(priv->p_port);
free(priv);
return POM_OK;
}
static int input_pcap_cleanup(struct input *i) {
struct input_pcap_priv *priv;
priv = i->priv;
if (priv->p)
pcap_close(priv->p);
switch (priv->type) {
case input_pcap_type_interface:
ptype_cleanup(priv->tpriv.iface.p_interface);
ptype_cleanup(priv->tpriv.iface.p_promisc);
ptype_cleanup(priv->tpriv.iface.p_buff_size);
break;
case input_pcap_type_file:
ptype_cleanup(priv->tpriv.file.p_file);
break;
case input_pcap_type_dir:
ptype_cleanup(priv->tpriv.dir.p_dir);
ptype_cleanup(priv->tpriv.dir.p_match);
break;
}
ptype_cleanup(priv->p_filter);
free(priv);
return POM_OK;
}
static int proto_udp_cleanup(void *proto_priv) {
if (param_conntrack_timeout) {
ptype_cleanup(param_conntrack_timeout);
param_conntrack_timeout = NULL;
}
return POM_OK;
}
struct packet_info *packet_info_pool_get(struct proto *p) {
struct packet_info *info = NULL;
pom_mutex_lock(&p->pkt_info_pool.lock);
if (!p->pkt_info_pool.unused) {
// Allocate new packet_info
info = malloc(sizeof(struct packet_info));
if (!info) {
pom_mutex_unlock(&p->pkt_info_pool.lock);
pom_oom(sizeof(struct packet_info));
return NULL;
}
memset(info, 0, sizeof(struct packet_info));
struct proto_pkt_field *fields = p->info->pkt_fields;
int i;
for (i = 0; fields[i].name; i++);
info->fields_value = malloc(sizeof(struct ptype*) * (i + 1));
memset(info->fields_value, 0, sizeof(struct ptype*) * (i + 1));
for (; i--; ){
info->fields_value[i] = ptype_alloc_from_type(fields[i].value_type);
if (!info->fields_value[i]) {
i++;
for (; fields[i].name; i++)
ptype_cleanup(info->fields_value[i]);
free(info);
pom_mutex_unlock(&p->pkt_info_pool.lock);
return NULL;
}
}
debug_info_pool("Allocated info %p for proto %s", info, p->info->name);
} else {
// Dequeue the packet_info from the unused pool
info = p->pkt_info_pool.unused;
p->pkt_info_pool.unused = info->pool_next;
if (p->pkt_info_pool.unused)
p->pkt_info_pool.unused->pool_prev = NULL;
debug_info_pool("Used info %p for proto %s", info, p->info->name);
}
// Queue the packet_info in the used pool
info->pool_prev = NULL;
info->pool_next = p->pkt_info_pool.used;
if (info->pool_next)
info->pool_next->pool_prev = info;
p->pkt_info_pool.used = info;
pom_mutex_unlock(&p->pkt_info_pool.lock);
return info;
}
static int proto_ipv4_init(struct proto *proto, struct registry_instance *i) {
if (proto_number_register("ethernet", 0x0800, proto) != POM_OK ||
proto_number_register("ip", IPPROTO_IPIP, proto) != POM_OK ||
proto_number_register("ppp", 0x21, proto) != POM_OK)
return POM_ERR;
perf_frags = registry_instance_add_perf(i, "fragments", registry_perf_type_counter, "Number of fragments received", "pkts");
perf_frags_dropped = registry_instance_add_perf(i, "dropped_fragments", registry_perf_type_counter, "Number of fragments dropped", "pkts");
perf_reassembled_pkts = registry_instance_add_perf(i, "reassembled_pkts", registry_perf_type_counter, "Number of reassembled packets", "pkts");
if (!perf_frags || !perf_frags_dropped || !perf_reassembled_pkts)
return POM_ERR;
param_frag_timeout = ptype_alloc_unit("uint32", "seconds");
if (!param_frag_timeout)
return POM_ERR;
param_conntrack_timeout = ptype_alloc_unit("uint32", "seconds");
if (!param_conntrack_timeout)
return POM_ERR;
struct registry_param *p = registry_new_param("fragment_timeout", "60", param_frag_timeout, "Timeout for incomplete ipv4 fragments", 0);
if (registry_instance_add_param(i, p) != POM_OK)
goto err;
p = registry_new_param("conntrack_timeout", "7200", param_conntrack_timeout, "Timeout for ipv4 connections", 0);
if (registry_instance_add_param(i, p) != POM_OK)
goto err;
return POM_OK;
err:
if (param_frag_timeout) {
ptype_cleanup(param_frag_timeout);
param_frag_timeout = NULL;
}
if (param_conntrack_timeout) {
ptype_cleanup(param_conntrack_timeout);
param_conntrack_timeout = NULL;
}
return POM_ERR;
}
struct ptype *data_item_add(struct data *d, struct data_reg *d_reg, unsigned int data_id, const char *key) {
struct ptype *value = ptype_alloc_from_type(d_reg->items[data_id].value_type);
if (!value)
return NULL;
if (data_item_add_ptype(d, data_id, key, value) != POM_OK) {
ptype_cleanup(value);
return NULL;
}
return value;
}
void proto_expectation_cleanup(struct proto_expectation *e) {
if (!e)
return;
if (e->flags & PROTO_EXPECTATION_FLAG_QUEUED)
proto_expectation_remove(e);
debug_expectation("Cleaning up expectation %p", e);
while (e->head) {
struct proto_expectation_stack *es = e->head;
e->head = es->next;
if (es->fields[POM_DIR_FWD])
ptype_cleanup(es->fields[POM_DIR_FWD]);
if (es->fields[POM_DIR_REV])
ptype_cleanup(es->fields[POM_DIR_REV]);
free(es);
}
if (e->priv && e->proto->info->ct_info->cleanup_handler) {
if (e->proto->info->ct_info->cleanup_handler(e->priv) != POM_OK)
pomlog(POMLOG_WARN "Unable to free the conntrack priv of the proto_expectation");
}
if (e->session)
conntrack_session_refcount_dec(e->session);
if (e->expiry)
timer_cleanup(e->expiry);
if (e->callback_priv && e->callback_priv_cleanup)
e->callback_priv_cleanup(e->callback_priv);
free(e);
}
static int registry_uid_add(struct registry_instance *instance, uint32_t uid) {
// Add the uid to the instance
struct ptype *uid_ptype = ptype_alloc("uint32");
if (!uid_ptype)
return POM_ERR;
PTYPE_UINT32_SETVAL(uid_ptype, uid);
struct registry_param* uid_param = registry_new_param("uid", NULL, uid_ptype, "Unique ID", REGISTRY_PARAM_FLAG_CLEANUP_VAL | REGISTRY_PARAM_FLAG_IMMUTABLE);
if (!uid_param) {
ptype_cleanup(uid_ptype);
return POM_ERR;
}
// Add the new uid to the table
registry_uid_table_size++;
uint32_t *new_uid_table = realloc(registry_uid_table, sizeof(uint32_t) * registry_uid_table_size);
if (!new_uid_table) {
pom_oom(sizeof(uint32_t) * registry_uid_table_size);
ptype_cleanup(uid_ptype);
return POM_ERR;
}
registry_uid_table = new_uid_table;
registry_uid_table[registry_uid_table_size - 1] = uid;
if (registry_instance_add_param(instance, uid_param) != POM_OK) {
registry_cleanup_param(uid_param);
ptype_cleanup(uid_ptype);
registry_uid_table_size--;
return POM_ERR;
}
return POM_OK;
}
void data_cleanup_table(struct data *d, struct data_reg *d_reg) {
int i;
for (i = 0; i < d_reg->data_count; i++) {
if (d[i].flags & DATA_FLAG_NO_CLEAN)
continue;
if (d_reg->items[i].flags & DATA_REG_FLAG_LIST) {
struct data_item *item = d[i].items;
while (item) {
struct data_item *tmp = item->next;
free(item->key);
ptype_cleanup(item->value);
free(item);
item = tmp;
}
} else {
ptype_cleanup(d[i].value);
}
}
free(d);
}
int registry_set_param_value(struct registry_param *p, char *value) {
if (!p || !value)
return POM_ERR;
if (p->flags & REGISTRY_PARAM_FLAG_IMMUTABLE)
return POM_ERR;
if (p->set_pre_callback && p->set_pre_callback(p->callback_priv, value) != POM_OK) {
return POM_ERR;
}
core_pause_processing();
struct ptype *old_value = ptype_alloc_from(p->value);
if (ptype_parse_val(p->value, value) != POM_OK) {
core_resume_processing();
ptype_cleanup(old_value);
return POM_ERR;
}
if (p->set_post_callback && p->set_post_callback(p->callback_priv, p->value) != POM_OK) {
// Revert the old value
ptype_copy(p->value, old_value);
core_resume_processing();
ptype_cleanup(old_value);
return POM_ERR;
}
core_resume_processing();
ptype_cleanup(old_value);
return POM_OK;
}
int analyzer_ppp_pap_ce_priv_cleanup(void *obj, void *priv) {
struct analyzer *analyzer = obj;
struct analyzer_ppp_pap_ce_priv *cpriv = priv;
int res = analyzer_ppp_pap_finalize(analyzer->priv, cpriv);
if (cpriv->evt_request)
event_refcount_dec(cpriv->evt_request);
if (cpriv->evt_ack_nack)
event_refcount_dec(cpriv->evt_ack_nack);
if (cpriv->client)
ptype_cleanup(cpriv->client);
if (cpriv->server)
ptype_cleanup(cpriv->server);
if (cpriv->vlan)
ptype_cleanup(cpriv->vlan);
free(priv);
return res;
}
// Garbage collector function for an output parameter
static int addon_output_priv_gc(lua_State *L) {
struct addon_instance_priv *priv = luaL_checkudata(L, 1, ADDON_OUTPUT_PRIV_METATABLE);
while (priv->params) {
struct addon_param *tmp = priv->params;
priv->params = tmp->next;
free(tmp->name);
ptype_cleanup(tmp->value);
free(tmp);
}
pthread_mutex_destroy(&priv->lock);
return 0;
}
struct packet_info *packet_info_pool_get(struct proto *p) {
struct packet_info *info = NULL;
struct packet_info **pool = &packet_info_pool[p->id];
if (*pool) {
// We can reuse the old one
info = *pool;
*pool = (*pool)->next;
debug_info_pool("Used info %p for proto %s", info, p->info->name);
} else {
// Allocate new packet_info
info = malloc(sizeof(struct packet_info));
if (!info) {
pom_oom(sizeof(struct packet_info));
return NULL;
}
memset(info, 0, sizeof(struct packet_info));
struct proto_pkt_field *fields = p->info->pkt_fields;
int i;
for (i = 0; fields[i].name; i++);
info->fields_value = malloc(sizeof(struct ptype*) * (i + 1));
memset(info->fields_value, 0, sizeof(struct ptype*) * (i + 1));
for (; i--; ) {
info->fields_value[i] = ptype_alloc_from_type(fields[i].value_type);
if (!info->fields_value[i]) {
i++;
for (; fields[i].name; i++)
ptype_cleanup(info->fields_value[i]);
free(info);
return NULL;
}
}
debug_info_pool("Allocated info %p for proto %s", info, p->info->name);
}
return info;
}
static int proto_ppp_pap_cleanup(void *proto_priv) {
if (!proto_priv)
return POM_OK;
struct proto_ppp_pap_priv *priv = proto_priv;
if (priv->p_auth_timeout)
ptype_cleanup(priv->p_auth_timeout);
if (priv->evt_request)
event_unregister(priv->evt_request);
if (priv->evt_ack_nack)
event_unregister(priv->evt_ack_nack);
free(priv);
return POM_OK;
}