void EVECollectDispatcher::Handle_Other(PyPacket **in_packet) { PyPacket *packet = *in_packet; *in_packet = NULL; //everything else... if(is_log_enabled(COLLECT__CALL_DUMP)) { //semi-hack: if we are dumping general stuff, dump the misc packets directly. //decode substreams to facilitate dumping better: SubStreamDecoder v; packet->payload->visit(&v); _log(COLLECT__OTHER_DUMP, "Misc Packet:"); packet->source.Dump(COLLECT__PACKET_SRC, " Src: "); packet->dest.Dump(COLLECT__PACKET_DEST, " Dest: "); PyLookupDump dumper(&lookResolver, COLLECT__CALL_DUMP); packet->Dump(COLLECT__CALL_DUMP, &dumper); } if(is_log_enabled(COLLECT__MISC_XML)) { printf("<element name=\"??\">\n"); PyXMLGenerator gen(stdout); packet->payload->visit(&gen); printf("</element>\n"); } delete packet; }
PyPacket* EVEClientSession::_HandlePacket( PyRep* rep ) { //take the PyRep and turn it into a PyPacket PyPacket* p = new PyPacket; if( !p->Decode( &rep ) ) //rep is consumed here { sLog.Error("Network", "%s: Failed to decode packet rep", GetAddress().c_str()); SafeDelete( p ); } else return p; // recurse return PopPacket(); }
void tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed) { char buf[1024]; strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf if (a_tcp->nids_state == NIDS_JUST_EST) { //see if this is a stream we care about... if(a_tcp->addr.source != 26000 && a_tcp->addr.dest != 26000 && a_tcp->addr.source != 26001 && a_tcp->addr.dest != 26001) return; a_tcp->client.collect++; // we want data received by a client a_tcp->server.collect++; // and by a server, too _log(COLLECT__TCP, "%s established", buf); return; } if (a_tcp->nids_state == NIDS_CLOSE) { // connection has been closed normally _log(COLLECT__TCP, "%s closing", buf); return; } if (a_tcp->nids_state == NIDS_RESET) { // connection has been closed by RST _log(COLLECT__TCP, "%s reset", buf); return; } if (a_tcp->nids_state == NIDS_DATA) { // new data has arrived; gotta determine in what direction // and if it's urgent or not struct half_stream *hlf; StreamPacketizer *sp; if (a_tcp->client.count_new) { // new data for client hlf = &a_tcp->client; // from now on, we will deal with hlf var, // which will point to client side of conn sp = &clientPacketizer; strcat (buf, "(<-)"); // symbolic direction of data } else { sp = &serverPacketizer; hlf = &a_tcp->server; // analogical strcat (buf, "(->)"); } _log(COLLECT__TCP, "Data %s (len %d)", buf, hlf->count_new); // we print the connection parameters // (saddr, daddr, sport, dport) accompanied // by data flow direction (-> or <-) sp->InputBytes((const byte *) hlf->data, hlf->count_new); StreamPacketizer::Packet *p; while((p = sp->PopPacket()) != NULL) { //const PacketHeader *head = (const PacketHeader *) p->data; uint32 body_len = p->length; const byte *body = p->data; _log(COLLECT__RAW_HEX, "Raw Hex Dump of len %d:", body_len); _hex(COLLECT__RAW_HEX, body, body_len); PyRep *rep = InflateAndUnmarshal(body, body_len); if(rep == NULL) { printf("Failed to inflate or unmarshal!"); delete p; continue; } if(is_log_enabled(COLLECT__PYREP_DUMP)) { //decode substreams to facilitate dumping better: SubStreamDecoder v; rep->visit(&v); //TODO: make dump use logsys. _log(COLLECT__PYREP_DUMP, "Unmarshaled PyRep:"); PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PYREP_DUMP); rep->visit(&dumper); } PyPacket *packet = new PyPacket; if(!packet->Decode(rep)) { _log(COLLECT__ERROR, "Failed to decode packet rep"); } else { if(is_log_enabled(COLLECT__PACKET_DUMP)) { //decode substreams to facilitate dumping better: SubStreamDecoder v; packet->payload->visit(&v); //TODO: make dump use logsys. _log(COLLECT__PACKET_DUMP, "Decoded message:"); PyLookupDump dumper(&CollectDispatcher->lookResolver, COLLECT__PACKET_DUMP); packet->Dump(COLLECT__PACKET_DUMP, &dumper); printf("\n\n"); } fflush(stdout); CollectDispatcher->DispatchPacket(&packet); } delete packet; delete p; } //end "while pop packet" } return ; }