void wise_session_cmd_cb(MolochSession_t *session, gpointer uw1, gpointer UNUSED(uw2)) { WiseItem_t *wi = uw1; if (wi) { wise_process_ops(session, wi); } moloch_session_decr_outstanding(session); }
void wise_lookup(MolochSession_t *session, WiseRequest_t *request, char *value, int type) { static int lookups = 0; if (*value == 0) return; if (request->numItems >= 256) return; lookups++; if ((lookups % 10000) == 0) wise_print_stats(); stats[type][INTEL_STAT_LOOKUP]++; WiseItem_t *wi; HASH_FIND(wih_, itemHash[type], value, wi); if (wi) { // Already being looked up if (wi->sessions) { if (wi->numSessions < wi->sessionsSize) { wi->sessions[wi->numSessions++] = session; moloch_nids_incr_outstanding(session); } stats[type][INTEL_STAT_INPROGRESS]++; return; } struct timeval currentTime; gettimeofday(¤tTime, NULL); if (wi->loadTime + cacheSecs > currentTime.tv_sec) { wise_process_ops(session, wi); stats[type][INTEL_STAT_CACHE]++; return; } /* Had it in cache, but it is too old */ DLL_REMOVE(wil_, &itemList[type], wi); wise_free_ops(wi); } else { // Know nothing about it wi = MOLOCH_TYPE_ALLOC0(WiseItem_t); wi->key = g_strdup(value); wi->type = type; wi->sessionsSize = 20; HASH_ADD(wih_, itemHash[type], wi->key, wi); } wi->sessions = malloc(sizeof(MolochSession_t *) * wi->sessionsSize); wi->sessions[wi->numSessions++] = session; moloch_nids_incr_outstanding(session); stats[type][INTEL_STAT_REQUEST]++; BSB_EXPORT_u08(request->bsb, type); int len = strlen(value); BSB_EXPORT_u16(request->bsb, len); BSB_EXPORT_ptr(request->bsb, value, len); request->items[request->numItems++] = wi; }
void wise_cb(unsigned char *data, int data_len, gpointer uw) { BSB bsb; WiseRequest_t *request = uw; int i; inflight -= request->numItems; BSB_INIT(bsb, data, data_len); uint32_t fts = 0, ver = 0; BSB_IMPORT_u32(bsb, fts); BSB_IMPORT_u32(bsb, ver); if (BSB_IS_ERROR(bsb) || ver != 0) { for (i = 0; i < request->numItems; i++) { wise_free_item(request->items[i]); } MOLOCH_TYPE_FREE(WiseRequest_t, request); return; } if (fts != fieldsTS) wise_load_fields(); struct timeval currentTime; gettimeofday(¤tTime, NULL); for (i = 0; i < request->numItems; i++) { WiseItem_t *wi = request->items[i]; BSB_IMPORT_u08(bsb, wi->numOps); if (wi->numOps > 0) { wi->ops = malloc(wi->numOps * sizeof(WiseOp_t)); int i; for (i = 0; i < wi->numOps; i++) { WiseOp_t *op = &(wi->ops[i]); int rfield = 0; BSB_IMPORT_u08(bsb, rfield); op->fieldPos = fieldsMap[rfield]; int len = 0; BSB_IMPORT_u08(bsb, len); char *str = (char*)BSB_WORK_PTR(bsb); BSB_IMPORT_skip(bsb, len); switch (config.fields[op->fieldPos]->type) { case MOLOCH_FIELD_TYPE_INT_HASH: if (op->fieldPos == tagsField) { moloch_db_get_tag(NULL, tagsField, str, NULL); // Preload the tagname -> tag mapping op->str = g_strdup(str); op->strLenOrInt = len - 1; continue; } // Fall thru case MOLOCH_FIELD_TYPE_INT: case MOLOCH_FIELD_TYPE_INT_ARRAY: op->str = 0; op->strLenOrInt = atoi(str); break; case MOLOCH_FIELD_TYPE_STR: case MOLOCH_FIELD_TYPE_STR_ARRAY: case MOLOCH_FIELD_TYPE_STR_HASH: op->str = g_strdup(str); op->strLenOrInt = len - 1; break; case MOLOCH_FIELD_TYPE_IP: case MOLOCH_FIELD_TYPE_IP_HASH: op->str = 0; op->strLenOrInt = inet_addr(str); break; default: LOG("WARNING - Unsupported expression type for %s", str); continue; } } } wi->loadTime = currentTime.tv_sec; int s; for (s = 0; s < wi->numSessions; s++) { wise_process_ops(wi->sessions[s], wi); moloch_nids_decr_outstanding(wi->sessions[s]); } g_free(wi->sessions); wi->sessions = 0; wi->numSessions = 0; DLL_PUSH_HEAD(wil_, &itemList[(int)wi->type], wi); // Cache needs to be reduced if (itemList[(int)wi->type].wil_count > maxCache) { DLL_POP_TAIL(wil_, &itemList[(int)wi->type], wi); wise_free_item(wi); } } MOLOCH_TYPE_FREE(WiseRequest_t, request); }