void moloch_http_free_conn(MolochConn_t *conn, gboolean process) { DEBUGCONN("AAA free %s %p read: %d write: %d", conn->server->names[0], conn, conn->readWatch, conn->writeWatch); if (conn->readWatch) g_source_remove(conn->readWatch); if (conn->writeWatch) g_source_remove(conn->writeWatch); MolochHttp_t *server = conn->server; if (conn->conn) { g_object_unref (conn->conn); conn->conn = 0; } conn->request = 0; conn->server->numConns--; if (conn->h_next) { HASH_REMOVE(h_, connections, conn); } if (conn->e_next) { DLL_REMOVE(e_, &conn->server->connQ, conn); } MOLOCH_TYPE_FREE(MolochConn_t, conn); if (process) moloch_http_do_requests(server); }
static void callid_2_sdp_dtor(struct callid_2_sdp *c2s) { SLOG(LOG_DEBUG, "Destruct callid_2_sdp@%p for callid '%s'", c2s, c2s->call_id); HASH_REMOVE(&callids_2_sdps, c2s, entry); TAILQ_REMOVE(&callids_2_sdps_used, c2s, used_entry); parser_unref(&c2s->sdp_parser); }
void wise_free_item(WiseItem_t *wi) { int i; HASH_REMOVE(wih_, itemHash[(int)wi->type], wi); if (wi->sessions) { for (i = 0; i < wi->numSessions; i++) { moloch_nids_decr_outstanding(wi->sessions[i]); } g_free(wi->sessions); } g_free(wi->key); wise_free_ops(wi); MOLOCH_TYPE_FREE(WiseItem_t, wi); }
void wise_free_item_unlocked(WiseItem_t *wi) { int i; HASH_REMOVE(wih_, itemHash[(int)wi->type], wi); if (wi->sessions) { for (i = 0; i < wi->numSessions; i++) { moloch_session_add_cmd(wi->sessions[i], MOLOCH_SES_CMD_FUNC, NULL, NULL, wise_session_cmd_cb); } g_free(wi->sessions); } g_free(wi->key); wise_free_ops(wi); MOLOCH_TYPE_FREE(WiseItem_t, wi); }
int moloch_http_curl_close_callback(void *serverV, curl_socket_t fd) { MolochHttpServer_t *server = serverV; if (! BIT_ISSET(fd, connectionsSet)) { LOG("Couldn't connect %s defaultPort: %d", server->names[0], server->defaultPort); return 0; } struct sockaddr_in localAddress, remoteAddress; memset(&localAddress, 0, sizeof(localAddress)); memset(&remoteAddress, 0, sizeof(localAddress)); socklen_t addressLength = sizeof(localAddress); getsockname(fd, (struct sockaddr*)&localAddress, &addressLength); addressLength = sizeof(remoteAddress); getpeername(fd, (struct sockaddr*)&remoteAddress, &addressLength); char sessionId[MOLOCH_SESSIONID_LEN]; moloch_session_id(sessionId, localAddress.sin_addr.s_addr, localAddress.sin_port, remoteAddress.sin_addr.s_addr, remoteAddress.sin_port); MolochHttpConn_t *conn; BIT_CLR(fd, connectionsSet); MOLOCH_LOCK(connections); HASH_FIND(h_, connections, sessionId, conn); if (conn) { HASH_REMOVE(h_, connections, conn); MOLOCH_TYPE_FREE(MolochHttpConn_t, conn); } MOLOCH_UNLOCK(connections); server->connections--; LOG("Close %d/%d - %s %d->%s:%d fd:%d", server->outstanding, server->connections, server->names[0], ntohs(localAddress.sin_port), inet_ntoa(remoteAddress.sin_addr), ntohs(remoteAddress.sin_port), fd); close (fd); return 0; }
LOCAL void moloch_session_save(MolochSession_t *session) { if (session->h_next) { HASH_REMOVE(h_, sessions[session->thread][session->ses], session); } if (session->closingQ) { DLL_REMOVE(q_, &closingQ[session->thread], session); } else DLL_REMOVE(q_, &sessionsQ[session->thread][session->ses], session); moloch_packet_tcp_free(session); if (session->parserInfo) { int i; for (i = 0; i < session->parserNum; i++) { if (session->parserInfo[i].parserSaveFunc) session->parserInfo[i].parserSaveFunc(session, session->parserInfo[i].uw, TRUE); } } if (pluginsCbs & MOLOCH_PLUGIN_PRE_SAVE) moloch_plugins_cb_pre_save(session, TRUE); moloch_rules_run_before_save(session, 1); if (session->tcp_next) { DLL_REMOVE(tcp_, &tcpWriteQ[session->thread], session); } if (session->outstandingQueries > 0) { session->needSave = 1; needSave[session->thread]++; return; } moloch_db_save_session(session, TRUE); moloch_session_free(session); }
int moloch_http_curl_close_callback(void *snameV, curl_socket_t fd) { MolochHttpServerName_t *sname = snameV; MolochHttpServer_t *server = sname->server; if (! BIT_ISSET(fd, connectionsSet)) { long ev = (long)g_hash_table_lookup(server->fd2ev, (void *)(long)fd); LOG("Couldn't connect %s (%d, %ld) ", sname->name, fd, ev); close(fd); GSource *source = g_main_context_find_source_by_id (NULL, ev); if (source) g_source_destroy (source); g_hash_table_remove(server->fd2ev, (void *)(long)fd); return 0; } struct sockaddr_storage localAddressStorage, remoteAddressStorage; socklen_t addressLength = sizeof(localAddressStorage); int rc = getsockname(fd, (struct sockaddr*)&localAddressStorage, &addressLength); if (rc != 0) return 0; addressLength = sizeof(remoteAddressStorage); rc = getpeername(fd, (struct sockaddr*)&remoteAddressStorage, &addressLength); if (rc != 0) return 0; char sessionId[MOLOCH_SESSIONID_LEN]; int localPort, remotePort; char remoteIp[INET6_ADDRSTRLEN+2]; if (localAddressStorage.ss_family == AF_INET) { struct sockaddr_in *localAddress = (struct sockaddr_in *)&localAddressStorage; struct sockaddr_in *remoteAddress = (struct sockaddr_in *)&remoteAddressStorage; moloch_session_id(sessionId, localAddress->sin_addr.s_addr, localAddress->sin_port, remoteAddress->sin_addr.s_addr, remoteAddress->sin_port); localPort = ntohs(localAddress->sin_port); remotePort = ntohs(remoteAddress->sin_port); inet_ntop(AF_INET, &remoteAddress->sin_addr, remoteIp, sizeof(remoteIp)); } else { struct sockaddr_in6 *localAddress = (struct sockaddr_in6 *)&localAddressStorage; struct sockaddr_in6 *remoteAddress = (struct sockaddr_in6 *)&remoteAddressStorage; moloch_session_id6(sessionId, localAddress->sin6_addr.s6_addr, localAddress->sin6_port, remoteAddress->sin6_addr.s6_addr, remoteAddress->sin6_port); localPort = ntohs(localAddress->sin6_port); remotePort = ntohs(remoteAddress->sin6_port); inet_ntop(AF_INET6, &remoteAddress->sin6_addr, remoteIp+1, sizeof(remoteIp)-2); remoteIp[0] = '['; strcat(remoteIp, "]"); } MolochHttpConn_t *conn; BIT_CLR(fd, connectionsSet); MOLOCH_LOCK(connections); HASH_FIND(h_, connections, sessionId, conn); if (conn) { HASH_REMOVE(h_, connections, conn); MOLOCH_TYPE_FREE(MolochHttpConn_t, conn); } MOLOCH_UNLOCK(connections); server->connections--; if (config.logHTTPConnections) { LOG("Close %d/%d - %s %d->%s:%d fd:%d removed: %s", server->outstanding, server->connections, sname->name, localPort, remoteIp, remotePort, fd, conn?"true":"false"); } close (fd); return 0; }
/** * Delete a class from class handle. * * API to dmClassByHandleDelete <Deailed desc>. * * @param this object handle * @param * * @returns * ClRcT CL_OK on success <br> * CL_COR_SET_RC(CL_COR_ERR_NULL_PTR) on null parameter. * * @todo * */ ClRcT dmClassByHandleDelete(CORClass_h classHandle ) { ClRcT ret = CL_OK; CORClass_h tmp = 0; CL_FUNC_ENTER(); if((!classHandle) || (!dmGlobal)) { CL_FUNC_EXIT(); return(CL_COR_SET_RC(CL_COR_ERR_NULL_PTR)); } CL_DEBUG_PRINT(CL_DEBUG_TRACE, ( "ClassDelete (Class:%04x)", classHandle->classId)); /* check if instances are there and also base classes * by default cannot be deleted, they may be in other * inherited classes. */ if (COR_CLASS_IS_BASE(*classHandle)) { CL_DEBUG_PRINT(CL_DEBUG_ERROR, ( "ClassDelete (Class:%04x) [Class is base]", classHandle->classId)); ret = CL_COR_SET_RC(CL_COR_ERR_CLASS_IS_BASE); } else if(classHandle->objCount == 0 && (classHandle->moClassInstances == 0)) { /* get the handle to the parent class */ HASH_GET(dmGlobal->classTable,classHandle->superClassId, tmp); if(tmp) { tmp->noOfChildren--; if(tmp->noOfChildren == 0) COR_CLASS_RESETAS_BASE(*tmp); } /* now we can remove from hash table & free it */ HASH_REMOVE(dmGlobal->classTable, classHandle->classId); /* free the attribute list hashtable and the elements in * the vector */ HASH_FREE(classHandle->attrList); COR_LLIST_FREE(classHandle->objFreeList); corVectorRemoveAll(&classHandle->attrs); /* nothing to remove in the objects vector */ clHeapFree(classHandle); } else { CL_DEBUG_PRINT(CL_DEBUG_ERROR, ( "ClassDelete (Class:%04x) [Instances present]", classHandle->classId)); ret = CL_COR_SET_RC(CL_COR_ERR_CLASS_INSTANCES_PRESENT); } CL_FUNC_EXIT(); return (ret); }
int moloch_field_define(char *group, char *kind, char *expression, char *friendlyName, char *dbField, char *help, int type, int flags, ...) { char dbField2[100]; char expression2[1000]; char friendlyName2[1000]; char help2[1000]; char rawField[100]; MolochFieldInfo_t *minfo = 0; HASH_FIND(d_, fieldsByDb, dbField, minfo); if (!minfo) { minfo = MOLOCH_TYPE_ALLOC0(MolochFieldInfo_t); minfo->dbFieldFull = g_strdup(dbField); minfo->dbField = minfo->dbFieldFull; minfo->dbFieldLen = strlen(minfo->dbField); minfo->pos = -1; minfo->expression = g_strdup(expression); minfo->group = g_strdup(group); minfo->kind = g_strdup(kind); HASH_ADD(d_, fieldsByDb, minfo->dbField, minfo); HASH_ADD(e_, fieldsByExp, minfo->expression, minfo); if ((flags & MOLOCH_FIELD_FLAG_NODB) == 0) { va_list args; va_start(args, flags); moloch_db_add_field(group, kind, expression, friendlyName, dbField, help, args); va_end(args); } } else { char *category = NULL; if (strcmp(kind, minfo->kind) != 0) { LOG("WARNING - Field kind in db %s doesn't match field kind %s in capture for field %s", minfo->kind, kind, expression); } va_list args; va_start(args, flags); while(1) { char *field = va_arg(args, char *); if (!field) break; char *value = va_arg(args, char *); if (strcmp(field, "category") == 0 && value) { category = value; } } va_end(args); if (category && (!minfo->category || strcmp(category, minfo->category) != 0)) { LOG("UPDATING - Field category in db %s doesn't match field category %s in capture for field %s", minfo->category, category, expression); moloch_db_update_field(expression, "category", category); } } // Hack to remove trailing .snow on capture side int dbLen = strlen(minfo->dbField); if (dbLen > 5 && memcmp(".snow", minfo->dbField+dbLen-5, 5) == 0) { minfo->dbField[dbLen-5] = 0; minfo->dbFieldLen -= 5; } minfo->type = type; minfo->flags = flags; if ((flags & MOLOCH_FIELD_FLAG_FAKE) == 0) { if (minfo->pos == -1) { minfo->pos = config.maxField++; } config.fields[minfo->pos] = minfo; // Change leading part to dbGroup char *firstdot = strchr(minfo->dbField, '.'); if (firstdot) { static char lastGroup[100] = ""; static int groupNum = 0; if (memcmp(minfo->dbField, lastGroup, (firstdot-minfo->dbField)+1) == 0) { minfo->dbGroupNum = groupNum; } else { groupNum++; minfo->dbGroupNum = groupNum; memcpy(lastGroup, minfo->dbField, (firstdot-minfo->dbField)+1); } minfo->dbGroup = minfo->dbField; minfo->dbGroupLen = firstdot - minfo->dbField; minfo->dbField += (firstdot - minfo->dbField) + 1; minfo->dbFieldLen = strlen(minfo->dbField); } } if (flags & MOLOCH_FIELD_FLAG_NODB) return minfo->pos; MolochFieldInfo_t *info = 0; if (flags & MOLOCH_FIELD_FLAG_CNT) { sprintf(dbField2, "%scnt", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "%s.cnt", expression); sprintf(friendlyName2, "%s Cnt", friendlyName); sprintf(help2, "Unique number of %s", help); moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL); } } if (flags & MOLOCH_FIELD_FLAG_SCNT) { sprintf(dbField2, "%sscnt", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "%s.cnt", expression); sprintf(friendlyName2, "%s Cnt", friendlyName); sprintf(help2, "Unique number of %s", help); moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL); } } if (flags & MOLOCH_FIELD_FLAG_COUNT) { sprintf(dbField2, "%s-cnt", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "%s.cnt", expression); sprintf(friendlyName2, "%s Cnt", friendlyName); sprintf(help2, "Unique number of %s", help); moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL); } } if (flags & MOLOCH_FIELD_FLAG_FAKE) { g_free(minfo->expression); g_free(minfo->dbField); g_free(minfo->group); HASH_REMOVE(d_, fieldsByDb, minfo); HASH_REMOVE(e_, fieldsByExp, minfo); MOLOCH_TYPE_FREE(MolochFieldInfo_t, minfo); return -1; } if (flags & MOLOCH_FIELD_FLAG_IPPRE) { int fnlen = strlen(friendlyName); sprintf(dbField2, "g%s", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "country.%s", expression+3); sprintf(friendlyName2, "%.*s GEO", fnlen-2, friendlyName); sprintf(help2, "GeoIP country string calculated from the %s", help); moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL); } sprintf(dbField2, "as%s", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "asn.%s", expression+3); sprintf(friendlyName2, "%.*s ASN", fnlen-2, friendlyName); sprintf(help2, "GeoIP ASN string calculated from the %s", help); sprintf(rawField, "raw%s", dbField2); moloch_nids_add_field_proxy(group, "textfield", expression2, friendlyName2, dbField2, help2, "rawField", rawField, NULL); } sprintf(dbField2, "rir%s", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "rir.%s", expression+3); sprintf(friendlyName2, "%.*s RIR", fnlen-2, friendlyName); sprintf(help2, "Regional Internet Registry string calculated from %s", help); moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL); } } else if (type == MOLOCH_FIELD_TYPE_IP || type == MOLOCH_FIELD_TYPE_IP_HASH || type == MOLOCH_FIELD_TYPE_IP_GHASH) { sprintf(dbField2, "%s-geo", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "%s.country", expression); sprintf(friendlyName2, "%s GEO", friendlyName); sprintf(help2, "GeoIP country string calculated from the %s", help); moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL); } sprintf(dbField2, "%s-asn.snow", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(dbField2, "%s-asn.snow", dbField); sprintf(expression2, "%s.asn", expression); sprintf(friendlyName2, "%s ASN", friendlyName); sprintf(rawField, "%s-asn.raw", dbField); sprintf(help2, "GeoIP ASN string calculated from the %s", help); moloch_nids_add_field_proxy(group, "textfield", expression2, friendlyName2, dbField2, help2, "rawField", rawField, NULL); } sprintf(dbField2, "%s-rir", dbField); HASH_FIND(d_, fieldsByDb, dbField2, info); if (!info) { sprintf(expression2, "%s.rir", expression); sprintf(friendlyName2, "%s RIR", friendlyName); sprintf(help2, "Regional Internet Registry string calculated from %s", help); moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL); } } return minfo->pos; }
int moloch_http_curl_close_callback(void *serverV, curl_socket_t fd) { MolochHttpServer_t *server = serverV; if (! BIT_ISSET(fd, connectionsSet)) { LOG("Couldn't connect %s defaultPort: %d", server->names[0], server->defaultPort); return 0; } struct sockaddr_storage localAddressStorage, remoteAddressStorage; socklen_t addressLength = sizeof(localAddressStorage); int rc = getsockname(fd, (struct sockaddr*)&localAddressStorage, &addressLength); if (rc != 0) return 0; addressLength = sizeof(remoteAddressStorage); rc = getpeername(fd, (struct sockaddr*)&remoteAddressStorage, &addressLength); if (rc != 0) return 0; char sessionId[MOLOCH_SESSIONID_LEN]; int localPort, remotePort; char remoteIp[INET6_ADDRSTRLEN+2]; if (localAddressStorage.ss_family == AF_INET) { struct sockaddr_in *localAddress = (struct sockaddr_in *)&localAddressStorage; struct sockaddr_in *remoteAddress = (struct sockaddr_in *)&remoteAddressStorage; moloch_session_id(sessionId, localAddress->sin_addr.s_addr, localAddress->sin_port, remoteAddress->sin_addr.s_addr, remoteAddress->sin_port); localPort = ntohs(localAddress->sin_port); remotePort = ntohs(remoteAddress->sin_port); inet_ntop(AF_INET, &remoteAddress->sin_addr, remoteIp, sizeof(remoteIp)); } else { struct sockaddr_in6 *localAddress = (struct sockaddr_in6 *)&localAddressStorage; struct sockaddr_in6 *remoteAddress = (struct sockaddr_in6 *)&remoteAddressStorage; moloch_session_id6(sessionId, localAddress->sin6_addr.s6_addr, localAddress->sin6_port, remoteAddress->sin6_addr.s6_addr, remoteAddress->sin6_port); localPort = ntohs(localAddress->sin6_port); remotePort = ntohs(remoteAddress->sin6_port); inet_ntop(AF_INET6, &remoteAddress->sin6_addr, remoteIp+1, sizeof(remoteIp)-2); remoteIp[0] = '['; strcat(remoteIp, "]"); } MolochHttpConn_t *conn; BIT_CLR(fd, connectionsSet); MOLOCH_LOCK(connections); HASH_FIND(h_, connections, sessionId, conn); if (conn) { HASH_REMOVE(h_, connections, conn); MOLOCH_TYPE_FREE(MolochHttpConn_t, conn); } MOLOCH_UNLOCK(connections); server->connections--; LOG("Close %d/%d - %s %d->%s:%d fd:%d removed: %s", server->outstanding, server->connections, server->names[0], localPort, remoteIp, remotePort, fd, conn?"true":"false"); close (fd); return 0; }