void moloch_http_free_conn(MolochConn_t *conn, gboolean process)
{
DEBUGCONN("AAA free %s %p read: %d write: %d", conn->server->names[0], conn, conn->readWatch, conn->writeWatch);
if (conn->readWatch)
g_source_remove(conn->readWatch);
if (conn->writeWatch)
g_source_remove(conn->writeWatch);
MolochHttp_t *server = conn->server;
if (conn->conn) {
g_object_unref (conn->conn);
conn->conn = 0;
}
conn->request = 0;
conn->server->numConns--;
if (conn->h_next) {
HASH_REMOVE(h_, connections, conn);
}
if (conn->e_next) {
DLL_REMOVE(e_, &conn->server->connQ, conn);
}
MOLOCH_TYPE_FREE(MolochConn_t, conn);
if (process)
moloch_http_do_requests(server);
}
static void callid_2_sdp_dtor(struct callid_2_sdp *c2s)
{
SLOG(LOG_DEBUG, "Destruct callid_2_sdp@%p for callid '%s'", c2s, c2s->call_id);
HASH_REMOVE(&callids_2_sdps, c2s, entry);
TAILQ_REMOVE(&callids_2_sdps_used, c2s, used_entry);
parser_unref(&c2s->sdp_parser);
}
void wise_free_item(WiseItem_t *wi)
{
int i;
HASH_REMOVE(wih_, itemHash[(int)wi->type], wi);
if (wi->sessions) {
for (i = 0; i < wi->numSessions; i++) {
moloch_nids_decr_outstanding(wi->sessions[i]);
}
g_free(wi->sessions);
}
g_free(wi->key);
wise_free_ops(wi);
MOLOCH_TYPE_FREE(WiseItem_t, wi);
}
void wise_free_item_unlocked(WiseItem_t *wi)
{
int i;
HASH_REMOVE(wih_, itemHash[(int)wi->type], wi);
if (wi->sessions) {
for (i = 0; i < wi->numSessions; i++) {
moloch_session_add_cmd(wi->sessions[i], MOLOCH_SES_CMD_FUNC, NULL, NULL, wise_session_cmd_cb);
}
g_free(wi->sessions);
}
g_free(wi->key);
wise_free_ops(wi);
MOLOCH_TYPE_FREE(WiseItem_t, wi);
}
int moloch_http_curl_close_callback(void *serverV, curl_socket_t fd)
{
MolochHttpServer_t *server = serverV;
if (! BIT_ISSET(fd, connectionsSet)) {
LOG("Couldn't connect %s defaultPort: %d", server->names[0], server->defaultPort);
return 0;
}
struct sockaddr_in localAddress, remoteAddress;
memset(&localAddress, 0, sizeof(localAddress));
memset(&remoteAddress, 0, sizeof(localAddress));
socklen_t addressLength = sizeof(localAddress);
getsockname(fd, (struct sockaddr*)&localAddress, &addressLength);
addressLength = sizeof(remoteAddress);
getpeername(fd, (struct sockaddr*)&remoteAddress, &addressLength);
char sessionId[MOLOCH_SESSIONID_LEN];
moloch_session_id(sessionId, localAddress.sin_addr.s_addr, localAddress.sin_port,
remoteAddress.sin_addr.s_addr, remoteAddress.sin_port);
MolochHttpConn_t *conn;
BIT_CLR(fd, connectionsSet);
MOLOCH_LOCK(connections);
HASH_FIND(h_, connections, sessionId, conn);
if (conn) {
HASH_REMOVE(h_, connections, conn);
MOLOCH_TYPE_FREE(MolochHttpConn_t, conn);
}
MOLOCH_UNLOCK(connections);
server->connections--;
LOG("Close %d/%d - %s %d->%s:%d fd:%d",
server->outstanding,
server->connections,
server->names[0],
ntohs(localAddress.sin_port),
inet_ntoa(remoteAddress.sin_addr),
ntohs(remoteAddress.sin_port),
fd);
close (fd);
return 0;
}
LOCAL void moloch_session_save(MolochSession_t *session)
{
if (session->h_next) {
HASH_REMOVE(h_, sessions[session->thread][session->ses], session);
}
if (session->closingQ) {
DLL_REMOVE(q_, &closingQ[session->thread], session);
} else
DLL_REMOVE(q_, &sessionsQ[session->thread][session->ses], session);
moloch_packet_tcp_free(session);
if (session->parserInfo) {
int i;
for (i = 0; i < session->parserNum; i++) {
if (session->parserInfo[i].parserSaveFunc)
session->parserInfo[i].parserSaveFunc(session, session->parserInfo[i].uw, TRUE);
}
}
if (pluginsCbs & MOLOCH_PLUGIN_PRE_SAVE)
moloch_plugins_cb_pre_save(session, TRUE);
moloch_rules_run_before_save(session, 1);
if (session->tcp_next) {
DLL_REMOVE(tcp_, &tcpWriteQ[session->thread], session);
}
if (session->outstandingQueries > 0) {
session->needSave = 1;
needSave[session->thread]++;
return;
}
moloch_db_save_session(session, TRUE);
moloch_session_free(session);
}
int moloch_http_curl_close_callback(void *snameV, curl_socket_t fd)
{
MolochHttpServerName_t *sname = snameV;
MolochHttpServer_t *server = sname->server;
if (! BIT_ISSET(fd, connectionsSet)) {
long ev = (long)g_hash_table_lookup(server->fd2ev, (void *)(long)fd);
LOG("Couldn't connect %s (%d, %ld) ", sname->name, fd, ev);
close(fd);
GSource *source = g_main_context_find_source_by_id (NULL, ev);
if (source)
g_source_destroy (source);
g_hash_table_remove(server->fd2ev, (void *)(long)fd);
return 0;
}
struct sockaddr_storage localAddressStorage, remoteAddressStorage;
socklen_t addressLength = sizeof(localAddressStorage);
int rc = getsockname(fd, (struct sockaddr*)&localAddressStorage, &addressLength);
if (rc != 0)
return 0;
addressLength = sizeof(remoteAddressStorage);
rc = getpeername(fd, (struct sockaddr*)&remoteAddressStorage, &addressLength);
if (rc != 0)
return 0;
char sessionId[MOLOCH_SESSIONID_LEN];
int localPort, remotePort;
char remoteIp[INET6_ADDRSTRLEN+2];
if (localAddressStorage.ss_family == AF_INET) {
struct sockaddr_in *localAddress = (struct sockaddr_in *)&localAddressStorage;
struct sockaddr_in *remoteAddress = (struct sockaddr_in *)&remoteAddressStorage;
moloch_session_id(sessionId, localAddress->sin_addr.s_addr, localAddress->sin_port,
remoteAddress->sin_addr.s_addr, remoteAddress->sin_port);
localPort = ntohs(localAddress->sin_port);
remotePort = ntohs(remoteAddress->sin_port);
inet_ntop(AF_INET, &remoteAddress->sin_addr, remoteIp, sizeof(remoteIp));
} else {
struct sockaddr_in6 *localAddress = (struct sockaddr_in6 *)&localAddressStorage;
struct sockaddr_in6 *remoteAddress = (struct sockaddr_in6 *)&remoteAddressStorage;
moloch_session_id6(sessionId, localAddress->sin6_addr.s6_addr, localAddress->sin6_port,
remoteAddress->sin6_addr.s6_addr, remoteAddress->sin6_port);
localPort = ntohs(localAddress->sin6_port);
remotePort = ntohs(remoteAddress->sin6_port);
inet_ntop(AF_INET6, &remoteAddress->sin6_addr, remoteIp+1, sizeof(remoteIp)-2);
remoteIp[0] = '[';
strcat(remoteIp, "]");
}
MolochHttpConn_t *conn;
BIT_CLR(fd, connectionsSet);
MOLOCH_LOCK(connections);
HASH_FIND(h_, connections, sessionId, conn);
if (conn) {
HASH_REMOVE(h_, connections, conn);
MOLOCH_TYPE_FREE(MolochHttpConn_t, conn);
}
MOLOCH_UNLOCK(connections);
server->connections--;
if (config.logHTTPConnections) {
LOG("Close %d/%d - %s %d->%s:%d fd:%d removed: %s",
server->outstanding,
server->connections,
sname->name,
localPort,
remoteIp,
remotePort,
fd,
conn?"true":"false");
}
close (fd);
return 0;
}
/**
* Delete a class from class handle.
*
* API to dmClassByHandleDelete <Deailed desc>.
*
* @param this object handle
* @param
*
* @returns
* ClRcT CL_OK on success <br>
* CL_COR_SET_RC(CL_COR_ERR_NULL_PTR) on null parameter.
*
* @todo
*
*/
ClRcT
dmClassByHandleDelete(CORClass_h classHandle
)
{
ClRcT ret = CL_OK;
CORClass_h tmp = 0;
CL_FUNC_ENTER();
if((!classHandle) || (!dmGlobal))
{
CL_FUNC_EXIT();
return(CL_COR_SET_RC(CL_COR_ERR_NULL_PTR));
}
CL_DEBUG_PRINT(CL_DEBUG_TRACE, ( "ClassDelete (Class:%04x)",
classHandle->classId));
/* check if instances are there and also base classes
* by default cannot be deleted, they may be in other
* inherited classes.
*/
if (COR_CLASS_IS_BASE(*classHandle))
{
CL_DEBUG_PRINT(CL_DEBUG_ERROR, ( "ClassDelete (Class:%04x) [Class is base]", classHandle->classId));
ret = CL_COR_SET_RC(CL_COR_ERR_CLASS_IS_BASE);
}
else if(classHandle->objCount == 0 &&
(classHandle->moClassInstances == 0))
{
/* get the handle to the parent class */
HASH_GET(dmGlobal->classTable,classHandle->superClassId, tmp);
if(tmp)
{
tmp->noOfChildren--;
if(tmp->noOfChildren == 0)
COR_CLASS_RESETAS_BASE(*tmp);
}
/* now we can remove from hash table & free it
*/
HASH_REMOVE(dmGlobal->classTable, classHandle->classId);
/* free the attribute list hashtable and the elements in
* the vector
*/
HASH_FREE(classHandle->attrList);
COR_LLIST_FREE(classHandle->objFreeList);
corVectorRemoveAll(&classHandle->attrs);
/* nothing to remove in the objects vector */
clHeapFree(classHandle);
}
else
{
CL_DEBUG_PRINT(CL_DEBUG_ERROR, ( "ClassDelete (Class:%04x) [Instances present]",
classHandle->classId));
ret = CL_COR_SET_RC(CL_COR_ERR_CLASS_INSTANCES_PRESENT);
}
CL_FUNC_EXIT();
return (ret);
}
int moloch_field_define(char *group, char *kind, char *expression, char *friendlyName, char *dbField, char *help, int type, int flags, ...)
{
char dbField2[100];
char expression2[1000];
char friendlyName2[1000];
char help2[1000];
char rawField[100];
MolochFieldInfo_t *minfo = 0;
HASH_FIND(d_, fieldsByDb, dbField, minfo);
if (!minfo) {
minfo = MOLOCH_TYPE_ALLOC0(MolochFieldInfo_t);
minfo->dbFieldFull = g_strdup(dbField);
minfo->dbField = minfo->dbFieldFull;
minfo->dbFieldLen = strlen(minfo->dbField);
minfo->pos = -1;
minfo->expression = g_strdup(expression);
minfo->group = g_strdup(group);
minfo->kind = g_strdup(kind);
HASH_ADD(d_, fieldsByDb, minfo->dbField, minfo);
HASH_ADD(e_, fieldsByExp, minfo->expression, minfo);
if ((flags & MOLOCH_FIELD_FLAG_NODB) == 0) {
va_list args;
va_start(args, flags);
moloch_db_add_field(group, kind, expression, friendlyName, dbField, help, args);
va_end(args);
}
} else {
char *category = NULL;
if (strcmp(kind, minfo->kind) != 0) {
LOG("WARNING - Field kind in db %s doesn't match field kind %s in capture for field %s", minfo->kind, kind, expression);
}
va_list args;
va_start(args, flags);
while(1) {
char *field = va_arg(args, char *);
if (!field) break;
char *value = va_arg(args, char *);
if (strcmp(field, "category") == 0 && value) {
category = value;
}
}
va_end(args);
if (category && (!minfo->category || strcmp(category, minfo->category) != 0)) {
LOG("UPDATING - Field category in db %s doesn't match field category %s in capture for field %s", minfo->category, category, expression);
moloch_db_update_field(expression, "category", category);
}
}
// Hack to remove trailing .snow on capture side
int dbLen = strlen(minfo->dbField);
if (dbLen > 5 && memcmp(".snow", minfo->dbField+dbLen-5, 5) == 0) {
minfo->dbField[dbLen-5] = 0;
minfo->dbFieldLen -= 5;
}
minfo->type = type;
minfo->flags = flags;
if ((flags & MOLOCH_FIELD_FLAG_FAKE) == 0) {
if (minfo->pos == -1) {
minfo->pos = config.maxField++;
}
config.fields[minfo->pos] = minfo;
// Change leading part to dbGroup
char *firstdot = strchr(minfo->dbField, '.');
if (firstdot) {
static char lastGroup[100] = "";
static int groupNum = 0;
if (memcmp(minfo->dbField, lastGroup, (firstdot-minfo->dbField)+1) == 0) {
minfo->dbGroupNum = groupNum;
} else {
groupNum++;
minfo->dbGroupNum = groupNum;
memcpy(lastGroup, minfo->dbField, (firstdot-minfo->dbField)+1);
}
minfo->dbGroup = minfo->dbField;
minfo->dbGroupLen = firstdot - minfo->dbField;
minfo->dbField += (firstdot - minfo->dbField) + 1;
minfo->dbFieldLen = strlen(minfo->dbField);
}
}
if (flags & MOLOCH_FIELD_FLAG_NODB)
return minfo->pos;
MolochFieldInfo_t *info = 0;
if (flags & MOLOCH_FIELD_FLAG_CNT) {
sprintf(dbField2, "%scnt", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "%s.cnt", expression);
sprintf(friendlyName2, "%s Cnt", friendlyName);
sprintf(help2, "Unique number of %s", help);
moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL);
}
}
if (flags & MOLOCH_FIELD_FLAG_SCNT) {
sprintf(dbField2, "%sscnt", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "%s.cnt", expression);
sprintf(friendlyName2, "%s Cnt", friendlyName);
sprintf(help2, "Unique number of %s", help);
moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL);
}
}
if (flags & MOLOCH_FIELD_FLAG_COUNT) {
sprintf(dbField2, "%s-cnt", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "%s.cnt", expression);
sprintf(friendlyName2, "%s Cnt", friendlyName);
sprintf(help2, "Unique number of %s", help);
moloch_db_add_field(group, "integer", expression2, friendlyName2, dbField2, help2, NULL);
}
}
if (flags & MOLOCH_FIELD_FLAG_FAKE) {
g_free(minfo->expression);
g_free(minfo->dbField);
g_free(minfo->group);
HASH_REMOVE(d_, fieldsByDb, minfo);
HASH_REMOVE(e_, fieldsByExp, minfo);
MOLOCH_TYPE_FREE(MolochFieldInfo_t, minfo);
return -1;
}
if (flags & MOLOCH_FIELD_FLAG_IPPRE) {
int fnlen = strlen(friendlyName);
sprintf(dbField2, "g%s", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "country.%s", expression+3);
sprintf(friendlyName2, "%.*s GEO", fnlen-2, friendlyName);
sprintf(help2, "GeoIP country string calculated from the %s", help);
moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL);
}
sprintf(dbField2, "as%s", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "asn.%s", expression+3);
sprintf(friendlyName2, "%.*s ASN", fnlen-2, friendlyName);
sprintf(help2, "GeoIP ASN string calculated from the %s", help);
sprintf(rawField, "raw%s", dbField2);
moloch_nids_add_field_proxy(group, "textfield", expression2, friendlyName2, dbField2, help2, "rawField", rawField, NULL);
}
sprintf(dbField2, "rir%s", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "rir.%s", expression+3);
sprintf(friendlyName2, "%.*s RIR", fnlen-2, friendlyName);
sprintf(help2, "Regional Internet Registry string calculated from %s", help);
moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL);
}
} else if (type == MOLOCH_FIELD_TYPE_IP || type == MOLOCH_FIELD_TYPE_IP_HASH || type == MOLOCH_FIELD_TYPE_IP_GHASH) {
sprintf(dbField2, "%s-geo", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "%s.country", expression);
sprintf(friendlyName2, "%s GEO", friendlyName);
sprintf(help2, "GeoIP country string calculated from the %s", help);
moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL);
}
sprintf(dbField2, "%s-asn.snow", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(dbField2, "%s-asn.snow", dbField);
sprintf(expression2, "%s.asn", expression);
sprintf(friendlyName2, "%s ASN", friendlyName);
sprintf(rawField, "%s-asn.raw", dbField);
sprintf(help2, "GeoIP ASN string calculated from the %s", help);
moloch_nids_add_field_proxy(group, "textfield", expression2, friendlyName2, dbField2, help2, "rawField", rawField, NULL);
}
sprintf(dbField2, "%s-rir", dbField);
HASH_FIND(d_, fieldsByDb, dbField2, info);
if (!info) {
sprintf(expression2, "%s.rir", expression);
sprintf(friendlyName2, "%s RIR", friendlyName);
sprintf(help2, "Regional Internet Registry string calculated from %s", help);
moloch_db_add_field(group, "uptermfield", expression2, friendlyName2, dbField2, help2, NULL);
}
}
return minfo->pos;
}
int moloch_http_curl_close_callback(void *serverV, curl_socket_t fd)
{
MolochHttpServer_t *server = serverV;
if (! BIT_ISSET(fd, connectionsSet)) {
LOG("Couldn't connect %s defaultPort: %d", server->names[0], server->defaultPort);
return 0;
}
struct sockaddr_storage localAddressStorage, remoteAddressStorage;
socklen_t addressLength = sizeof(localAddressStorage);
int rc = getsockname(fd, (struct sockaddr*)&localAddressStorage, &addressLength);
if (rc != 0)
return 0;
addressLength = sizeof(remoteAddressStorage);
rc = getpeername(fd, (struct sockaddr*)&remoteAddressStorage, &addressLength);
if (rc != 0)
return 0;
char sessionId[MOLOCH_SESSIONID_LEN];
int localPort, remotePort;
char remoteIp[INET6_ADDRSTRLEN+2];
if (localAddressStorage.ss_family == AF_INET) {
struct sockaddr_in *localAddress = (struct sockaddr_in *)&localAddressStorage;
struct sockaddr_in *remoteAddress = (struct sockaddr_in *)&remoteAddressStorage;
moloch_session_id(sessionId, localAddress->sin_addr.s_addr, localAddress->sin_port,
remoteAddress->sin_addr.s_addr, remoteAddress->sin_port);
localPort = ntohs(localAddress->sin_port);
remotePort = ntohs(remoteAddress->sin_port);
inet_ntop(AF_INET, &remoteAddress->sin_addr, remoteIp, sizeof(remoteIp));
} else {
struct sockaddr_in6 *localAddress = (struct sockaddr_in6 *)&localAddressStorage;
struct sockaddr_in6 *remoteAddress = (struct sockaddr_in6 *)&remoteAddressStorage;
moloch_session_id6(sessionId, localAddress->sin6_addr.s6_addr, localAddress->sin6_port,
remoteAddress->sin6_addr.s6_addr, remoteAddress->sin6_port);
localPort = ntohs(localAddress->sin6_port);
remotePort = ntohs(remoteAddress->sin6_port);
inet_ntop(AF_INET6, &remoteAddress->sin6_addr, remoteIp+1, sizeof(remoteIp)-2);
remoteIp[0] = '[';
strcat(remoteIp, "]");
}
MolochHttpConn_t *conn;
BIT_CLR(fd, connectionsSet);
MOLOCH_LOCK(connections);
HASH_FIND(h_, connections, sessionId, conn);
if (conn) {
HASH_REMOVE(h_, connections, conn);
MOLOCH_TYPE_FREE(MolochHttpConn_t, conn);
}
MOLOCH_UNLOCK(connections);
server->connections--;
LOG("Close %d/%d - %s %d->%s:%d fd:%d removed: %s",
server->outstanding,
server->connections,
server->names[0],
localPort,
remoteIp,
remotePort,
fd,
conn?"true":"false");
close (fd);
return 0;
}