static int GrbDigPei(dig *dig_srch, const pstack_f *tcp)
{
pei *ppei;
pei_component *cmpn;
PeiNew(&ppei, tcp_grb_id);
PeiCapTime(ppei, dig_srch->start_cap);
PeiMarker(ppei, dig_srch->serial);
PeiStackFlow(ppei, tcp);
/* compose pei */
PeiNewComponent(&cmpn, pei_file_id);
PeiCompCapTime(cmpn, dig_srch->start_cap);
PeiCompCapEndTime(cmpn, dig_srch->end_cap);
PeiCompAddFile(cmpn, strrchr(dig_srch->filename, '/')+1, dig_srch->filename, dig_srch->fsize);
PeiAddComponent(ppei, cmpn);
PeiNewComponent(&cmpn, pei_file_type_id);
PeiCompCapTime(cmpn, dig_srch->start_cap);
PeiCompAddStingBuff(cmpn, dig_srch->ft->ename);
PeiAddComponent(ppei, cmpn);
/* insert pei */
PeiIns(ppei);
return 0;
}
static void GrbPei(pei *ppei, const char *prot_name, size_t size, char *txt_file, time_t *cap_sec, time_t *end_cap)
{
char val[TCP_GRB_FILENAME_PATH_SIZE];
pei_component *cmpn;
/* pei components */
PeiNewComponent(&cmpn, pei_l7protocol_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, prot_name);
PeiAddComponent(ppei, cmpn);
if (txt_file != NULL) {
PeiNewComponent(&cmpn, pei_txt_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddFile(cmpn, "Text", txt_file, 0);
PeiAddComponent(ppei, cmpn);
}
sprintf(val, "%zu", size);
PeiNewComponent(&cmpn, pei_size_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
}
static void ArpPei(char *ips, char *mac, const packet *pkt)
{
pei_component *cmpn;
pei *ppei;
/* create pei */
PeiNew(&ppei, prot_id);
PeiCapTime(ppei, pkt->cap_sec);
PeiMarker(ppei, pkt->serial);
PeiStackFlow(ppei, pkt->stk);
/* new components */
PeiNewComponent(&cmpn, pei_mac_id);
PeiCompCapTime(cmpn, ppei->time_cap);
PeiCompAddStingBuff(cmpn, mac);
PeiAddComponent(ppei, cmpn);
PeiNewComponent(&cmpn, pei_ip_id);
PeiCompCapTime(cmpn, ppei->time_cap);
PeiCompAddStingBuff(cmpn, ips);
PeiAddComponent(ppei, cmpn);
PeiIns(ppei);
}
static int TelnetPei(pei *ppei, const char *host, const char *user, const char *password, const char *cmd_file, time_t *cap_sec, time_t *end_cap)
{
pei_component *cmpn;
/* compose pei */
/* host */
PeiNewComponent(&cmpn, pei_host_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompAddStingBuff(cmpn, host);
PeiAddComponent(ppei, cmpn);
/* user */
if (user[0] != '\0') {
PeiNewComponent(&cmpn, pei_user_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompAddStingBuff(cmpn, user);
PeiAddComponent(ppei, cmpn);
}
/* password */
if (password[0] != '\0') {
PeiNewComponent(&cmpn, pei_password_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompAddStingBuff(cmpn, password);
PeiAddComponent(ppei, cmpn);
}
/* cmd */
PeiNewComponent(&cmpn, pei_cmd_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddFile(cmpn, "Telnet commands", cmd_file, 0);
PeiAddComponent(ppei, cmpn);
return 0;
}
static packet* RtpDissector(int flow_id)
{
struct in_addr ip_addr;
struct in6_addr ipv6_addr;
const pstack_f *udp, *ip;
ftval port_src, port_dst, offset, phone;
char ips_str[INET6_ADDRSTRLEN], ipd_str[INET6_ADDRSTRLEN];
rtp_priv *priv;
packet *pkt;
int rid, ret, gid, rtcp_fid;
cmp_val rip, rport;
char tmp_file_1[256];
char tmp_file_2[256];
char media_file_1[256];
char media_file_2[256];
char media_conv[256];
FILE *fp_pcap_1, *fp_pcap_2, *fp_pcap;
struct pcap_file_header fh;
struct pcappkt_hdr pckt_header;
struct stat fsbuf;
char cmd[1024];
size_t nwrt, wcnt;
time_t tstart, tend;
pei *ppei;
pei_component *cmpn;
bool aud1, aud2;
unsigned short pkt_cnt;
LogPrintf(LV_DEBUG, "RTP id: %d", flow_id);
gid = FlowGrpId(flow_id);
priv = DMemMalloc(sizeof(rtp_priv));
memset(priv, 0, sizeof(rtp_priv));
udp = FlowStack(flow_id);
ip = ProtGetNxtFrame(udp);
ProtGetAttr(udp, uport_src_id, &port_src);
ProtGetAttr(udp, uport_dst_id, &port_dst);
priv->port_s = port_src.uint16;
priv->port_d = port_dst.uint16;
priv->stack = udp;
if (priv->port_s != port_dst.uint16)
priv->port_diff = TRUE;
priv->ipv6 = TRUE;
if (ProtFrameProtocol(ip) == ip_id)
priv->ipv6 = FALSE;
if (priv->ipv6 == FALSE) {
ProtGetAttr(ip, ip_src_id, &priv->ip_s);
ProtGetAttr(ip, ip_dst_id, &priv->ip_d);
ip_addr.s_addr = priv->ip_s.uint32;
inet_ntop(AF_INET, &ip_addr, ips_str, INET6_ADDRSTRLEN);
ip_addr.s_addr = priv->ip_d.uint32;
inet_ntop(AF_INET, &ip_addr, ipd_str, INET6_ADDRSTRLEN);
}
else {
ProtGetAttr(ip, ipv6_src_id, &priv->ip_s);
ProtGetAttr(ip, ipv6_dst_id, &priv->ip_d);
memcpy(ipv6_addr.s6_addr, priv->ip_s.ipv6, sizeof(priv->ip_s.ipv6));
inet_ntop(AF_INET6, &ipv6_addr, ips_str, INET6_ADDRSTRLEN);
memcpy(ipv6_addr.s6_addr, priv->ip_d.ipv6, sizeof(priv->ip_d.ipv6));
inet_ntop(AF_INET6, &ipv6_addr, ipd_str, INET6_ADDRSTRLEN);
}
LogPrintf(LV_DEBUG, "\tSRC: %s:%d", ips_str, port_src.uint16);
LogPrintf(LV_DEBUG, "\tDST: %s:%d", ipd_str, port_dst.uint16);
/* RTCP flow search */
rid = -1;
rtcp_fid = -1;
if (rtcp_id != -1) {
rid = GrpRuleNew(flow_id);
if (priv->ipv6 == TRUE) {
rip.prot = ipv6_id;
rip.att = ipv6_dst_id;
FTCopy(&rip.val, &priv->ip_d, FT_IPv6);
}
else {
rip.prot = ip_id;
rip.att = ip_dst_id;
rip.val.uint32 = priv->ip_d.uint32;
}
rport.prot = udp_id;
rport.att = uport_dst_id;
port_dst.uint16++;
rport.val.int16 = port_dst.uint16;
GrpRule(rid, 2, &rip, &rport);
if (priv->ipv6 == TRUE) {
rip.att = ipv6_src_id;
}
else {
rip.att = ip_src_id;
}
rport.att = uport_src_id;
GrpRule(rid, 2, &rip, &rport);
GrpRuleCmplt(rid);
LogPrintf(LV_DEBUG, "Rule rtcp %i, port:%i", rid, port_dst.uint16);
}
/* put packets in the pcap files */
sprintf(tmp_file_1, "%s/%s/rtp_1_%d_%lu_%d.pcap", ProtTmpDir(), RTP_TMP_DIR, incr, time(NULL), port_src.uint16);
sprintf(tmp_file_2, "%s/%s/rtp_2_%d_%lu_%d.pcap", ProtTmpDir(), RTP_TMP_DIR, incr, time(NULL), port_src.uint16);
sprintf(media_conv, "%s/%s/rtp_%d_%lu_%d", ProtTmpDir(), RTP_TMP_DIR, incr, time(NULL), port_src.uint16);
incr++;
fp_pcap_1 = fopen(tmp_file_1, "w");
fp_pcap_2 = fopen(tmp_file_2, "w");
memset(&fh, 0, sizeof(struct pcap_file_header));
fh.magic = 0xA1B2C3D4;
fh.version_major = PCAP_VERSION_MAJOR;
fh.version_minor = PCAP_VERSION_MINOR;
fh.snaplen = 65535;
fh.linktype = DLT_RAW;
if (fp_pcap_1 != NULL) {
fwrite((char *)&fh, 1, sizeof(struct pcap_file_header), fp_pcap_1);
}
if (fp_pcap_2 != NULL) {
fwrite((char *)&fh, 1, sizeof(struct pcap_file_header), fp_pcap_2);
}
/* first packet */
pkt_cnt = 0;
pkt = FlowGetPkt(flow_id);
/* start time */
if (pkt != NULL) {
/* pei definition */
PeiNew(&ppei, rtp_id);
PeiCapTime(ppei, pkt->cap_sec);
PeiMarker(ppei, pkt->serial);
PeiStackFlow(ppei, udp);
tstart = pkt->cap_sec;
}
while (pkt != NULL) {
pkt_cnt++;
/* check if exit rtcp "stream" */
if (rid != -1) {
rtcp_fid = GrpLink(gid);
if (rtcp_fid != -1) {
FlowSyncr(flow_id, FALSE);
FlowSyncr(rtcp_fid, FALSE);
PeiAddStkGrp(ppei, FlowStack(rtcp_fid));
rid = -1;
}
}
tend = pkt->cap_sec;
if (priv->ipv6) {
ip = ProtStackSearchProt(pkt->stk, ipv6_id);
ProtGetAttr(ip, ipv6_offset_id, &offset);
wcnt = offset.uint32;
}
else {
ip = ProtStackSearchProt(pkt->stk, ip_id);
ProtGetAttr(ip, ip_offset_id, &offset);
wcnt = offset.uint32;
}
pckt_header.caplen = pkt->raw_len - wcnt;
pckt_header.len = pkt->raw_len - wcnt;
pckt_header.tv_sec = pkt->cap_sec;
pckt_header.tv_usec = pkt->cap_usec;
if (RtpClientPkt(priv, pkt)) {
fp_pcap = fp_pcap_1;
}
else {
fp_pcap = fp_pcap_2;
}
if (fp_pcap != NULL) {
wcnt = 0;
do {
nwrt = fwrite(((char *)&pckt_header)+wcnt, 1, sizeof(struct pcappkt_hdr)-wcnt, fp_pcap);
if (nwrt != -1)
wcnt += nwrt;
else
break;
} while (wcnt != sizeof(struct pcappkt_hdr));
wcnt = offset.uint32;
do {
nwrt = fwrite(((char *)pkt->raw)+wcnt, 1, pkt->raw_len-wcnt, fp_pcap);
if (nwrt != -1)
wcnt += nwrt;
else
break;
} while (wcnt != pkt->raw_len);
}
PktFree(pkt);
pkt = FlowGetPkt(flow_id);
}
/* close file */
if (fp_pcap_1 != NULL)
fclose(fp_pcap_1);
if (fp_pcap_1 != NULL)
fclose(fp_pcap_2);
/* remove rtcp rule */
if (rid != -1) {
rtcp_fid = GrpLink(gid);
if (rtcp_fid != -1) {
FlowSyncr(flow_id, FALSE);
FlowSyncr(rtcp_fid, FALSE);
PeiAddStkGrp(ppei, FlowStack(rtcp_fid));
rid = -1;
}
else {
GrpRuleRm(rid);
}
}
/* decode rtcp packet */
if (rtcp_fid != -1) {
/* new priv data */
priv->port_s++;
priv->port_d++;
pkt = FlowGetPkt(rtcp_fid);
while (pkt != NULL) {
pkt = ProtDissecPkt(rtcp_id, pkt);
if (pkt != NULL) {
ProtGetAttr(pkt->stk, rtcp_phone_id, &phone);
if (RtcpClientPkt(priv, pkt)) {
strcpy(ipd_str, phone.str);
}
else {
strcpy(ips_str, phone.str);
}
PktFree(pkt);
}
pkt = FlowGetPkt(rtcp_fid);
}
}
/* audio decoding */
sprintf(cmd, "./videosnarf -i %s -o %s 2>/dev/null 1>/dev/null", tmp_file_1, tmp_file_1);
ret = system(cmd);
if (ret == -1) {
LogPrintf(LV_WARNING, "videosnarf failed");
}
else if (WEXITSTATUS(ret) != 0) {
LogPrintf(LV_WARNING, "videosnarf crash");
}
sprintf(cmd, "./videosnarf -i %s -o %s 2>/dev/null 1>/dev/null", tmp_file_2, tmp_file_2);
ret = system(cmd);
if (ret == -1) {
LogPrintf(LV_WARNING, "videosnarf failed");
}
else if (WEXITSTATUS(ret) != 0) {
LogPrintf(LV_WARNING, "videosnarf crash");
}
/* delete temporary files */
#if DEBUG_RM
remove(tmp_file_1);
remove(tmp_file_2);
#endif
/* media file check */
sprintf(media_file_1, "%s-media-1.wav", tmp_file_1);
sprintf(media_file_2, "%s-media-1.wav", tmp_file_2);
/* complete pei */
/* from */
PeiNewComponent(&cmpn, pei_from);
PeiCompCapTime(cmpn, tstart);
PeiCompAddStingBuff(cmpn, ipd_str);
PeiAddComponent(ppei, cmpn);
/* to */
PeiNewComponent(&cmpn, pei_to);
PeiCompCapTime(cmpn, tstart);
PeiCompAddStingBuff(cmpn, ips_str);
PeiAddComponent(ppei, cmpn);
/* duration */
sprintf(cmd, "%lu", tend-tstart);
PeiNewComponent(&cmpn, pei_duration);
PeiCompCapTime(cmpn, tstart);
PeiCompAddStingBuff(cmpn, cmd);
PeiAddComponent(ppei, cmpn);
/* audio from */
aud2 = FALSE;
if (stat(media_file_2, &fsbuf) == 0) {
aud2 = TRUE;
/* convert to be used with lame */
sprintf(tmp_file_2, "%s_2.wav", media_conv);
sprintf(cmd, "sox %s -s %s 2>/dev/null 1>/dev/null", media_file_2, tmp_file_2);
ret = system(cmd);
#if DEBUG_RM
remove(media_file_2);
#endif
/* mp3 conversion */
sprintf(media_file_2, "%s_2.mp3", media_conv);
sprintf(cmd, "lame --quiet -h %s %s 2>/dev/null 1>/dev/null", tmp_file_2, media_file_2);
ret = system(cmd);
if (ret == -1) {
LogPrintf(LV_WARNING, "lame failed");
}
else if (WEXITSTATUS(ret) != 0) {
LogPrintf(LV_WARNING, "lame crash (%i): %s", WEXITSTATUS(ret), cmd);
}
if (stat(media_file_2, &fsbuf) == 0) {
PeiNewComponent(&cmpn, pei_audio_from);
PeiCompCapTime(cmpn, tstart);
PeiCompCapEndTime(cmpn, tend);
PeiCompAddFile(cmpn, "audio_caller.mp3", media_file_2, fsbuf.st_size);
PeiAddComponent(ppei, cmpn);
}
sprintf(media_file_2, "%s_stereo_2.wav", media_conv);
sprintf(cmd, "sox %s -c 2 %s pan 1 2>/dev/null 1>/dev/null", tmp_file_2, media_file_2);
ret = system(cmd);
#if DEBUG_RM
remove(tmp_file_2);
#endif
}
/* audio to */
aud1 = FALSE;
if (stat(media_file_1, &fsbuf) == 0) {
aud1 = TRUE;
/* convert to be used with lame */
sprintf(tmp_file_1, "%s_1.wav", media_conv);
sprintf(cmd, "sox %s -s %s 2>/dev/null 1>/dev/null", media_file_1, tmp_file_1);
ret = system(cmd);
#if DEBUG_RM
remove(media_file_1);
#endif
/* mp3 conversion */
sprintf(media_file_1, "%s_1.mp3", media_conv);
sprintf(cmd, "lame --quiet -h %s %s 2>/dev/null 1>/dev/null", tmp_file_1, media_file_1);
ret = system(cmd);
if (ret == -1) {
LogPrintf(LV_WARNING, "lame failed");
}
else if (WEXITSTATUS(ret) != 0) {
LogPrintf(LV_WARNING, "lame crash (%i): %s", WEXITSTATUS(ret), cmd);
}
if (stat(media_file_1, &fsbuf) == 0) {
PeiNewComponent(&cmpn, pei_audio_to);
PeiCompCapTime(cmpn, tstart);
PeiCompCapEndTime(cmpn, tend);
PeiCompAddFile(cmpn, "audio_called.mp3", media_file_1, fsbuf.st_size);
PeiAddComponent(ppei, cmpn);
}
sprintf(media_file_1, "%s_stereo_1.wav", media_conv);
sprintf(cmd, "sox %s -c 2 %s pan -1 2>/dev/null 1>/dev/null", tmp_file_1, media_file_1);
ret = system(cmd);
#if DEBUG_RM
remove(tmp_file_1);
#endif
}
/* mix audio */
if (aud2 || aud1) {
/* mix two audio files */
sprintf(tmp_file_1, "%s_mix.wav", media_conv);
sprintf(tmp_file_2, "%s_mix.mp3", media_conv);
if (aud1 == FALSE) {
sprintf(cmd, "sox %s %s 2>/dev/null 1>/dev/null", media_file_2, tmp_file_1);
}
else if (aud2 == FALSE) {
sprintf(cmd, "sox %s %s 2>/dev/null 1>/dev/null", media_file_1, tmp_file_1);
}
else {
sprintf(cmd, "sox -m %s %s -s %s 2>/dev/null 1>/dev/null", media_file_2, media_file_1, tmp_file_1);
}
ret = system(cmd);
if (ret == -1) {
LogPrintf(LV_WARNING, "sox failed");
}
else if (WEXITSTATUS(ret) != 0) {
LogPrintf(LV_WARNING, "sox mix crash: %s", cmd);
}
/* mp3 conversion */
sprintf(cmd, "lame --quiet -h %s %s 2>/dev/null 1>/dev/null", tmp_file_1, tmp_file_2);
ret = system(cmd);
/* delete temporary files */
#if DEBUG_RM
remove(media_file_1);
remove(media_file_2);
remove(tmp_file_1);
#endif
if (stat(tmp_file_2, &fsbuf) == 0) {
PeiNewComponent(&cmpn, pei_audio_mix);
PeiCompCapTime(cmpn, tstart);
PeiCompCapEndTime(cmpn, tend);
PeiCompAddFile(cmpn, "audio_mix.mp3", tmp_file_2, fsbuf.st_size);
PeiAddComponent(ppei, cmpn);
}
}
/* insert pei */
PeiIns(ppei);
/* free */
DMemFree(priv);
LogPrintf(LV_DEBUG, "RTP... bye bye fid:%d (pkt:%i)", flow_id, pkt_cnt);
return NULL;
}
static pei *HFileElab(const char *url, const char *file, size_t len, const char *range, const char *ct, const pei *lpei)
{
long i, j, k, add;
pei *ppei, *new;
unsigned long bstart, bend, bdim;
char *file_name, *tmp;
FILE *fp, *fpr;
size_t rd;
bool complete;
pei_component *cmpn;
file_part *parts;
long parts_dim;
struct stat file_st;
ppei = NULL;
add = -1;
/* reseacrh file */
for (i=0; i!=list_dim; i++) {
if (strcmp(url, list[i].url) == 0) {
break;
}
else if (add == -1 && list[i].url[0] == '\0') {
add = i;
}
}
if (range != NULL) {
sscanf(range, "%lu-%lu/%lu", &bstart, &bend, &bdim);
bend = bstart+len-1;
}
else {
LogPrintfPei(LV_DEBUG, lpei, "No range");
bstart = 0;
bend = bstart+len-1;
bdim = len + 1; /* in this way the file is not completed (see comp_note) */
}
if (i == list_dim) {
/* new file */
if (add == -1) {
add = list_dim;
if (HFileExt() == -1) {
LogPrintf(LV_ERROR, "Unable to extend file manager table!");
return NULL;
}
}
/* insert basic data */
strcpy(list[add].url, url);
sprintf(list[add].file, "%s/%s/httpfile_%lu_%p_%li", ProtTmpDir(), HTTPFILE_TMP_DIR, time(NULL), list, incr);
sprintf(list[add].part_list, "%s/%s/httpfile_part_%lu_%p_%li", ProtTmpDir(), HTTPFILE_TMP_DIR, time(NULL), file, incr++);
LogPrintf(LV_DEBUG, "File(%i): %s", bdim, list[add].part_list);
if (ct != NULL) {
sprintf(list[add].content_type, "%s", ct);
}
list[add].range = FALSE;
fp = fopen(list[add].file, "w");
if (fp != NULL) {
tmp = xmalloc(HTTPFILE_FILE_DIM);
memset(tmp, 0, HTTPFILE_FILE_DIM);
for (j=0; j!=(long)(bdim/HTTPFILE_FILE_DIM); j++) {
fwrite(tmp, 1, HTTPFILE_FILE_DIM, fp);
}
fwrite(tmp, 1, (bdim%HTTPFILE_FILE_DIM), fp);
fclose(fp);
xfree(tmp);
}
file_name = strrchr(url, '/');
if (file_name == NULL) {
file_name = strrchr(url, '\\');
}
if (file_name == NULL) {
strcpy(list[add].file_name, url);
}
else {
strcpy(list[add].file_name, file_name+1);
}
list[add].dim = bdim;
list[add].len = 0;
list[add].cnt = 0;
/* create a PEI */
PeiNew(&new, prot_id);
list[add].ppei = new;
PeiSetReturn(new, TRUE);
PeiCapTime(new, lpei->time_cap);
PeiMarker(new, lpei->serial);
PeiStackFlow(new, lpei->stack);
/* url */
PeiNewComponent(&cmpn, pei_url_id);
PeiCompCapTime(cmpn, lpei->time_cap);
PeiCompAddStingBuff(cmpn, url);
PeiAddComponent(new, cmpn);
/* content type */
if (ct != NULL) {
PeiNewComponent(&cmpn, pei_content_type);
PeiCompCapTime(cmpn, lpei->time_cap);
PeiCompAddStingBuff(cmpn, ct);
PeiAddComponent(new, cmpn);
}
i = add;
}
static void CaPei(pei *ppei, const char *prot_name, tca_priv *priv, time_t *cap_sec, time_t *end_cap)
{
char val[TCP_CA_FILENAME_PATH_SIZE];
char dns[TCP_CA_FILENAME_PATH_SIZE];
float latitude;
float longitude;
pei_component *cmpn;
char *cc;
latitude = longitude = 0;
cc = NULL;
dns[0] = '\0';
/* pei components */
if (priv->ipv6) {
FTString(&priv->ip_s, FT_IPv6, val);
PeiNewComponent(&cmpn, pei_ip_src_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
FTString(&priv->ip_d, FT_IPv6, val);
PeiNewComponent(&cmpn, pei_ip_dst_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
DnsDbSearch(&priv->ip_d, FT_IPv6, dns, TCP_CA_FILENAME_PATH_SIZE);
GeoIPLocIP(&priv->ip_d, FT_IPv6, &latitude, &longitude, &cc);
}
else {
FTString(&priv->ip_s, FT_IPv4, val);
PeiNewComponent(&cmpn, pei_ip_src_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
FTString(&priv->ip_d, FT_IPv4, val);
PeiNewComponent(&cmpn, pei_ip_dst_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
DnsDbSearch(&priv->ip_d, FT_IPv4, dns, TCP_CA_FILENAME_PATH_SIZE);
GeoIPLocIP(&priv->ip_d, FT_IPv4, &latitude, &longitude, &cc);
}
PeiNewComponent(&cmpn, pei_dns_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, dns);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%i", priv->port_s);
PeiNewComponent(&cmpn, pei_port_src_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%i", priv->port_d);
PeiNewComponent(&cmpn, pei_port_dst_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
PeiNewComponent(&cmpn, pei_l7protocol_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, prot_name);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%f", latitude);
PeiNewComponent(&cmpn, pei_lat_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%f", longitude);
PeiNewComponent(&cmpn, pei_long_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
if (cc != NULL) {
PeiNewComponent(&cmpn, pei_country_code_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, cc);
PeiAddComponent(ppei, cmpn);
}
sprintf(val, "%zu", priv->bsent);
PeiNewComponent(&cmpn, pei_bsent_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%zu", priv->breceiv);
PeiNewComponent(&cmpn, pei_brecv_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%zu", priv->blost_sent);
PeiNewComponent(&cmpn, pei_blost_sent_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%zu", priv->blost_receiv);
PeiNewComponent(&cmpn, pei_blost_recv_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%lu", priv->pkt_sent);
PeiNewComponent(&cmpn, pei_pkt_sent_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
sprintf(val, "%lu", priv->pkt_receiv);
PeiNewComponent(&cmpn, pei_pkt_recv_id);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddStingBuff(cmpn, val);
PeiAddComponent(ppei, cmpn);
if (priv->img1[0] != '\0') {
PeiNewComponent(&cmpn, pei_trace_img);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddFile(cmpn, "client.png", priv->img1, 0);
PeiAddComponent(ppei, cmpn);
}
if (priv->img2[0] != '\0') {
PeiNewComponent(&cmpn, pei_trace_img);
PeiCompCapTime(cmpn, *cap_sec);
PeiCompCapEndTime(cmpn, *end_cap);
PeiCompAddFile(cmpn, "server.png", priv->img2, 0);
PeiAddComponent(ppei, cmpn);
}
}
static packet* HttpFdDissector(packet *pkt)
{
http_msg *msg;
packet *httppkt;
pei *ppei;
pei_component *cmpn;
char strbuf[HTTPFD_FILE_PATH];
char new_path[HTTPFD_FILE_PATH];
char *orig_file, *file_save, *content_type;
const char *bnd;
multipart_f *mpfile;
multipart_f *nxt;
bool nend;
unsigned long rbase, rend, rsize;
ppei = NULL;
mpfile = nxt = NULL;
nend = FALSE;
content_type = NULL;
/* display info */
msg = (http_msg *)pkt->data;
LogPrintf(LV_DEBUG, "HTTPfd HttpFdDissector");
#ifdef XPL_CHECK_CODE
if (msg->serial == 0) {
LogPrintf(LV_FATAL, "HTTPfd HttpFdDissector serial error");
exit(-1);
}
#endif
/* make the HTTP-PEI also for this message */
if (insert_http == TRUE) {
httppkt = HttpMsgPktCpy(pkt);
if (httppkt != NULL) {
HttpPktDis(httppkt);
}
}
orig_file = msg->res_body_file;
/* encoding */
if (msg->content_encoding[1] != NULL) {
/* compressed */
sprintf(new_path, "%s.dec", msg->res_body_file);
FFormatUncompress(msg->content_encoding[1], msg->res_body_file, new_path);
remove(msg->res_body_file);
DMemFree(orig_file);
orig_file = new_path;
}
msg->res_body_file = NULL;
bnd = HttpMsgBodyBoundary(msg, FALSE);
if (bnd != NULL) {
mpfile = FFormatMultipart(orig_file, bnd);
if (orig_file == new_path)
remove(orig_file);
//FFormatMultipartPrint(mpfile);
nxt = mpfile;
if (mpfile != NULL && mpfile->content_range != NULL)
nend = TRUE;
}
else {
rbase = msg->rbase;
rend = msg->rend;
rsize = msg->rsize;
file_save = orig_file;
}
do {
if (nxt != NULL) {
file_save = nxt->file_path;
nxt->file_path = NULL;
HttpFdRange(nxt->content_range, &rbase, &rend, &rsize);
ppei = NULL;
if (nxt->content_type)
content_type = nxt->content_type;
else
content_type = NULL;
}
/* compose pei (to send to manipulator) */
PeiNew(&ppei, prot_id);
PeiCapTime(ppei, pkt->cap_sec);
PeiMarker(ppei, pkt->serial);
PeiStackFlow(ppei, pkt->stk);
/* url */
PeiNewComponent(&cmpn, pei_url_id);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
PeiCompAddStingBuff(cmpn, msg->uri);
PeiAddComponent(ppei, cmpn);
/* file */
PeiNewComponent(&cmpn, pei_file_id);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
PeiCompAddFile(cmpn, "Http file", file_save, 0);
if (msg->error)
PeiCompError(cmpn, ELMT_ER_PARTIAL);
PeiAddComponent(ppei, cmpn);
/* range */
if (rsize != 0) {
PeiNewComponent(&cmpn, pei_range_id);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
sprintf(strbuf, "%lu-%lu/%lu", rbase, rend, rsize);
PeiCompAddStingBuff(cmpn, strbuf);
PeiAddComponent(ppei, cmpn);
}
/* content_type */
if (content_type != NULL) {
PeiNewComponent(&cmpn, pei_content_type);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
PeiCompAddStingBuff(cmpn, content_type);
PeiAddComponent(ppei, cmpn);
}
else {
if (msg->content_type[1] != NULL) {
PeiNewComponent(&cmpn, pei_content_type);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
PeiCompAddStingBuff(cmpn, msg->content_type[1]);
PeiAddComponent(ppei, cmpn);
}
else if (msg->content_type[0] != NULL) {
PeiNewComponent(&cmpn, pei_content_type);
PeiCompCapTime(cmpn, msg->start_cap);
PeiCompCapEndTime(cmpn, msg->end_cap);
PeiCompAddStingBuff(cmpn, msg->content_type[0]);
PeiAddComponent(ppei, cmpn);
}
}
/* insert pei */
PeiIns(ppei);
if (nxt != NULL) {
do {
nxt = nxt->nxt;
if (nxt == NULL) {
nend = FALSE;
break;
}
} while (nxt != NULL && nxt->content_range == NULL);
}
} while (nend);
/* remove file */
HttpMsgRemove(msg);
if (mpfile != NULL) {
FFormatMultipartFree(mpfile);
}
/* free memory */
if (orig_file != new_path)
msg->res_body_file = orig_file;
HttpMsgFree(msg);
PktFree(pkt);
return NULL;
}
static int MmsToPei(const mms_message *mms, const http_msg *msg, const pstack_f *stk, const char *mms_raw, unsigned long size)
{
pei *ppei;
pei_component *comp;
short i;
if (PeiNew(&ppei, mms_id) == -1) {
return -1;
}
PeiCapTime(ppei, msg->start_cap);
PeiDecodeTime(ppei, time(NULL));
PeiStackFlow(ppei, stk);
PeiMarker(ppei, msg->serial);
if (mms->from != NULL) {
if (PeiNewComponent(&comp, pei_from_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of from failed");
}
else {
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddStingBuff(comp, mms->from);
PeiAddComponent(ppei, comp);
}
}
if (mms->to != NULL) {
if (PeiNewComponent(&comp, pei_to_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of to failed");
}
else {
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddStingBuff(comp, mms->to);
PeiAddComponent(ppei, comp);
}
}
if (mms->cc != NULL) {
if (PeiNewComponent(&comp, pei_cc_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of cc failed");
}
else {
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddStingBuff(comp, mms->cc);
PeiAddComponent(ppei, comp);
}
}
if (mms->bcc != NULL) {
if (PeiNewComponent(&comp, pei_bcc_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of bcc failed");
}
else {
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddStingBuff(comp, mms->bcc);
PeiAddComponent(ppei, comp);
}
}
if (mms->part != NULL) {
for (i=0; i!=mms->nparts; i++) {
if (PeiNewComponent(&comp, pei_part_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of part failed");
break;
}
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddFile(comp, mms->part[i].name, mms->part[i].path, mms->part[i].size);
if (mms->part[i].ctype != NULL) {
PeiCompAddStingBuff(comp, mms->part[i].ctype);
}
PeiAddComponent(ppei, comp);
}
}
if (PeiNewComponent(&comp, pei_raw_id) == -1) {
LogPrintf(LV_WARNING, "Pei component of raw failed");
}
else {
PeiCompCapTime(comp, msg->start_cap);
PeiCompCapEndTime(comp, msg->end_cap);
PeiCompAddFile(comp, "binary.mms", mms_raw, size);
PeiAddComponent(ppei, comp);
}
/* insert pei */
PeiIns(ppei);
return 0;
}
