void EVECollectDispatcher::Handle_Other(PyPacket **in_packet) {
PyPacket *packet = *in_packet;
*in_packet = NULL;
//everything else...
if(is_log_enabled(COLLECT__CALL_DUMP)) {
//semi-hack: if we are dumping general stuff, dump the misc packets directly.
//decode substreams to facilitate dumping better:
SubStreamDecoder v;
packet->payload->visit(&v);
_log(COLLECT__OTHER_DUMP, "Misc Packet:");
packet->source.Dump(COLLECT__PACKET_SRC, " Src: ");
packet->dest.Dump(COLLECT__PACKET_DEST, " Dest: ");
PyLookupDump dumper(&lookResolver, COLLECT__CALL_DUMP);
packet->Dump(COLLECT__CALL_DUMP, &dumper);
}
if(is_log_enabled(COLLECT__MISC_XML)) {
printf("<element name=\"??\">\n");
PyXMLGenerator gen(stdout);
packet->payload->visit(&gen);
printf("</element>\n");
}
delete packet;
}
PyPacket* EVEClientSession::_HandlePacket( PyRep* rep )
{
//take the PyRep and turn it into a PyPacket
PyPacket* p = new PyPacket;
if( !p->Decode( &rep ) ) //rep is consumed here
{
sLog.Error("Network", "%s: Failed to decode packet rep", GetAddress().c_str());
SafeDelete( p );
}
else
return p;
// recurse
return PopPacket();
}
void tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed) {
char buf[1024];
strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf
if (a_tcp->nids_state == NIDS_JUST_EST) {
//see if this is a stream we care about...
if(a_tcp->addr.source != 26000 && a_tcp->addr.dest != 26000 &&
a_tcp->addr.source != 26001 && a_tcp->addr.dest != 26001)
return;
a_tcp->client.collect++; // we want data received by a client
a_tcp->server.collect++; // and by a server, too
_log(COLLECT__TCP, "%s established", buf);
return;
}
if (a_tcp->nids_state == NIDS_CLOSE) {
// connection has been closed normally
_log(COLLECT__TCP, "%s closing", buf);
return;
}
if (a_tcp->nids_state == NIDS_RESET) {
// connection has been closed by RST
_log(COLLECT__TCP, "%s reset", buf);
return;
}
if (a_tcp->nids_state == NIDS_DATA) {
// new data has arrived; gotta determine in what direction
// and if it's urgent or not
struct half_stream *hlf;
StreamPacketizer *sp;
if (a_tcp->client.count_new) {
// new data for client
hlf = &a_tcp->client; // from now on, we will deal with hlf var,
// which will point to client side of conn
sp = &clientPacketizer;
strcat (buf, "(<-)"); // symbolic direction of data
} else {
sp = &serverPacketizer;
hlf = &a_tcp->server; // analogical
strcat (buf, "(->)");
}
_log(COLLECT__TCP, "Data %s (len %d)", buf, hlf->count_new); // we print the connection parameters
// (saddr, daddr, sport, dport) accompanied
// by data flow direction (-> or <-)
sp->InputBytes((const byte *) hlf->data, hlf->count_new);
StreamPacketizer::Packet *p;
while((p = sp->PopPacket()) != NULL) {
//const PacketHeader *head = (const PacketHeader *) p->data;
uint32 body_len = p->length;
const byte *body = p->data;
_log(COLLECT__RAW_HEX, "Raw Hex Dump of len %d:", body_len);
_hex(COLLECT__RAW_HEX, body, body_len);
PyRep *rep = InflateAndUnmarshal(body, body_len);
if(rep == NULL) {
printf("Failed to inflate or unmarshal!");
delete p;
continue;
}
if(is_log_enabled(COLLECT__PYREP_DUMP)) {
//decode substreams to facilitate dumping better:
SubStreamDecoder v;
rep->visit(&v);
//TODO: make dump use logsys.
_log(COLLECT__PYREP_DUMP, "Unmarshaled PyRep:");
PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PYREP_DUMP);
rep->visit(&dumper);
}
PyPacket *packet = new PyPacket;
if(!packet->Decode(rep)) {
_log(COLLECT__ERROR, "Failed to decode packet rep");
} else {
if(is_log_enabled(COLLECT__PACKET_DUMP)) {
//decode substreams to facilitate dumping better:
SubStreamDecoder v;
packet->payload->visit(&v);
//TODO: make dump use logsys.
_log(COLLECT__PACKET_DUMP, "Decoded message:");
PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PACKET_DUMP);
packet->Dump(COLLECT__PACKET_DUMP, &dumper);
printf("\n\n");
}
fflush(stdout);
CollectDispatcher->DispatchPacket(&packet);
}
delete packet;
delete p;
} //end "while pop packet"
}
return ;
}
