static void set_http_session_ids(mp_pool_t *pool,ks_http_session_ids_t *ids,packet_info *pinfo){ guchar addr_buf[MAX_ADDR_STR_LEN]; ids->time = pinfo->fd->abs_ts; ids->frame_num = pinfo->fd->num; address_to_str_buf(&pinfo->dl_src,addr_buf,MAX_ADDR_STR_LEN); ids->srcmac = mp_pstrdup(pool,addr_buf); address_to_str_buf(&pinfo->dl_dst,addr_buf,MAX_ADDR_STR_LEN); ids->dstmac = mp_pstrdup(pool,addr_buf); address_to_str_buf(&pinfo->net_src,addr_buf,MAX_ADDR_STR_LEN); ids->srcip = mp_pstrdup(pool,addr_buf); address_to_str_buf(&pinfo->net_dst,addr_buf,MAX_ADDR_STR_LEN); ids->dstip = mp_pstrdup(pool,addr_buf); ids->src_port = pinfo->srcport; ids->dst_port = pinfo->destport; }
static const char * followStrFilter( const follow_t *fp ) { static char filter[512]; int len = 0; const gchar *verp; gchar *udpfilter; gchar ip0[MAX_IP6_STR_LEN]; gchar ip1[MAX_IP6_STR_LEN]; if (fp->stream_index != G_MAXUINT32) { switch (fp->type) { case type_TCP: case type_SSL: len = g_snprintf(filter, sizeof filter, "tcp.stream eq %d", fp->stream_index); break; case type_UDP: udpfilter = build_follow_index_filter(UDP_STREAM); len = g_snprintf(filter, sizeof filter, "%s", udpfilter); g_free(udpfilter); break; } } else { verp = fp->addr[0].type == AT_IPv6 ? "v6" : ""; address_to_str_buf(&fp->addr[0], ip0, sizeof ip0); address_to_str_buf(&fp->addr[1], ip1, sizeof ip1); switch (fp->type) { case type_TCP: len = g_snprintf(filter, sizeof filter, "((ip%s.src eq %s and tcp.srcport eq %d) and " "(ip%s.dst eq %s and tcp.dstport eq %d))" " or " "((ip%s.src eq %s and tcp.srcport eq %d) and " "(ip%s.dst eq %s and tcp.dstport eq %d))", verp, ip0, fp->port[0], verp, ip1, fp->port[1], verp, ip1, fp->port[1], verp, ip0, fp->port[0]); break; case type_UDP: len = g_snprintf(filter, sizeof filter, "((ip%s.src eq %s and udp.srcport eq %d) and " "(ip%s.dst eq %s and udp.dstport eq %d))" " or " "((ip%s.src eq %s and udp.srcport eq %d) and " "(ip%s.dst eq %s and udp.dstport eq %d))", verp, ip0, fp->port[0], verp, ip1, fp->port[1], verp, ip1, fp->port[1], verp, ip0, fp->port[0]); break; case type_SSL: break; } } if (len == 0) { followExit("Don't know how to create filter."); } if (len == sizeof filter) { followExit("Filter buffer overflow."); } return filter; }
static void follow_draw(void *contextp) { static const char separator[] = "===================================================================\n"; follow_info_t *follow_info = (follow_info_t*)contextp; cli_follow_info_t* cli_follow_info = (cli_follow_info_t*)follow_info->gui_data; gchar buf[MAX_IP6_STR_LEN]; guint32 global_client_pos = 0, global_server_pos = 0; guint32 *global_pos; guint32 ii, jj; char *buffer; GList *cur; follow_record_t *follow_record; guint chunk; printf("\n%s", separator); printf("Follow: %s,%s\n", proto_get_protocol_filter_name(get_follow_proto_id(cli_follow_info->follower)), follow_str_type(cli_follow_info)); printf("Filter: %s\n", follow_info->filter_out_filter); address_to_str_buf(&follow_info->client_ip, buf, sizeof buf); if (follow_info->client_ip.type == AT_IPv6) printf("Node 0: [%s]:%d\n", buf, follow_info->client_port); else printf("Node 0: %s:%d\n", buf, follow_info->client_port); address_to_str_buf(&follow_info->server_ip, buf, sizeof buf); if (follow_info->client_ip.type == AT_IPv6) printf("Node 1: [%s]:%d\n", buf, follow_info->server_port); else printf("Node 1: %s:%d\n", buf, follow_info->server_port); for (cur = follow_info->payload, chunk = 0; cur != NULL; cur = g_list_next(cur), chunk++) { follow_record = (follow_record_t *)cur->data; if (!follow_record->is_server) { global_pos = &global_client_pos; } else { global_pos = &global_server_pos; } /* ignore chunks not in range */ if ((chunk < cli_follow_info->chunkMin) || (chunk > cli_follow_info->chunkMax)) { (*global_pos) += follow_record->data->len; continue; } switch (cli_follow_info->show_type) { case SHOW_HEXDUMP: break; case SHOW_ASCII: case SHOW_EBCDIC: printf("%s%u\n", follow_record->is_server ? "\t" : "", follow_record->data->len); break; case SHOW_RAW: if (follow_record->is_server) { putchar('\t'); } break; default: g_assert_not_reached(); } switch (cli_follow_info->show_type) { case SHOW_HEXDUMP: follow_print_hex(follow_record->is_server ? "\t" : "", *global_pos, follow_record->data->data, follow_record->data->len); (*global_pos) += follow_record->data->len; break; case SHOW_ASCII: case SHOW_EBCDIC: buffer = (char *)g_malloc(follow_record->data->len+2); for (ii = 0; ii < follow_record->data->len; ii++) { switch (follow_record->data->data[ii]) { case '\r': case '\n': buffer[ii] = follow_record->data->data[ii]; break; default: buffer[ii] = g_ascii_isprint(follow_record->data->data[ii]) ? follow_record->data->data[ii] : '.'; break; } } buffer[ii++] = '\n'; buffer[ii] = 0; if (cli_follow_info->show_type == SHOW_EBCDIC) { EBCDIC_to_ASCII(buffer, ii); } printf("%s", buffer); g_free(buffer); break; case SHOW_RAW: buffer = (char *)g_malloc((follow_record->data->len*2)+2); for (ii = 0, jj = 0; ii < follow_record->data->len; ii++) { buffer[jj++] = bin2hex[follow_record->data->data[ii] >> 4]; buffer[jj++] = bin2hex[follow_record->data->data[ii] & 0xf]; } buffer[jj++] = '\n'; buffer[jj] = 0; printf("%s", buffer); g_free(buffer); break; default: g_assert_not_reached(); } } printf("%s", separator); }