static int
addr_unmarshal(struct addr* addr, struct evbuffer *evbuf)
{
uint32_t tmp_int;
memset(addr, 0, sizeof(struct addr));
if (evtag_unmarshal_int(evbuf, ADDR_TYPE, &tmp_int) == -1)
return (-1);
addr->addr_type = tmp_int;
if (evtag_unmarshal_int(evbuf, ADDR_BITS, &tmp_int) == -1)
return (-1);
addr->addr_bits = tmp_int;
switch (addr->addr_type) {
case ADDR_TYPE_ETH:
evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_eth, sizeof(addr->addr_eth));
break;
case ADDR_TYPE_IP:
evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_ip, sizeof(addr->addr_ip));
break;
case ADDR_TYPE_IP6:
evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_ip6, sizeof(addr->addr_ip6));
break;
default:
return (-1);
}
return (0);
}
int
kill_unmarshal(struct kill *tmp, struct evbuffer *evbuf)
{
ev_uint32_t tag;
while (evbuffer_get_length(evbuf) > 0) {
if (evtag_peek(evbuf, &tag) == -1)
return (-1);
switch (tag) {
case KILL_WEAPON:
if (tmp->weapon_set)
return (-1);
if (evtag_unmarshal_string(evbuf, KILL_WEAPON, &tmp->weapon_data) == -1) {
event_warnx("%s: failed to unmarshal weapon", __func__);
return (-1);
}
tmp->weapon_set = 1;
break;
case KILL_ACTION:
if (tmp->action_set)
return (-1);
if (evtag_unmarshal_string(evbuf, KILL_ACTION, &tmp->action_data) == -1) {
event_warnx("%s: failed to unmarshal action", __func__);
return (-1);
}
tmp->action_set = 1;
break;
case KILL_HOW_OFTEN:
if (tmp->how_often_length >= tmp->how_often_num_allocated &&
kill_how_often_expand_to_hold_more(tmp) < 0) {
puts("HEY NOW");
return (-1);
}
if (evtag_unmarshal_int(evbuf, KILL_HOW_OFTEN, &tmp->how_often_data[tmp->how_often_length]) == -1) {
event_warnx("%s: failed to unmarshal how_often", __func__);
return (-1);
}
++tmp->how_often_length;
tmp->how_often_set = 1;
break;
default:
return -1;
}
}
if (kill_complete(tmp) == -1)
return (-1);
return (0);
}
int
kill_unmarshal(struct kill *tmp, struct evbuffer *evbuf)
{
ev_uint32_t tag;
while (EVBUFFER_LENGTH(evbuf) > 0) {
if (evtag_peek(evbuf, &tag) == -1)
return (-1);
switch (tag) {
case KILL_WEAPON:
if (tmp->weapon_set)
return (-1);
if (evtag_unmarshal_string(evbuf, KILL_WEAPON, &tmp->weapon_data) == -1) {
event_warnx("%s: failed to unmarshal weapon", __func__);
return (-1);
}
tmp->weapon_set = 1;
break;
case KILL_ACTION:
if (tmp->action_set)
return (-1);
if (evtag_unmarshal_string(evbuf, KILL_ACTION, &tmp->action_data) == -1) {
event_warnx("%s: failed to unmarshal action", __func__);
return (-1);
}
tmp->action_set = 1;
break;
case KILL_HOW_OFTEN:
if (tmp->how_often_set)
return (-1);
if (evtag_unmarshal_int(evbuf, KILL_HOW_OFTEN, &tmp->how_often_data) == -1) {
event_warnx("%s: failed to unmarshal how_often", __func__);
return (-1);
}
tmp->how_often_set = 1;
break;
default:
return -1;
}
}
if (kill_complete(tmp) == -1)
return (-1);
return (0);
}
int
run_unmarshal(struct run *tmp, struct evbuffer *evbuf)
{
ev_uint32_t tag;
while (evbuffer_get_length(evbuf) > 0) {
if (evtag_peek(evbuf, &tag) == -1)
return (-1);
switch (tag) {
case RUN_HOW:
if (tmp->how_set)
return (-1);
if (evtag_unmarshal_string(evbuf, RUN_HOW, &tmp->how_data) == -1) {
event_warnx("%s: failed to unmarshal how", __func__);
return (-1);
}
tmp->how_set = 1;
break;
case RUN_SOME_BYTES:
if (tmp->some_bytes_set)
return (-1);
if (evtag_payload_length(evbuf, &tmp->some_bytes_length) == -1)
return (-1);
if (tmp->some_bytes_length > evbuffer_get_length(evbuf))
return (-1);
if ((tmp->some_bytes_data = malloc(tmp->some_bytes_length)) == NULL)
return (-1);
if (evtag_unmarshal_fixed(evbuf, RUN_SOME_BYTES, tmp->some_bytes_data, tmp->some_bytes_length) == -1) {
event_warnx("%s: failed to unmarshal some_bytes", __func__);
return (-1);
}
tmp->some_bytes_set = 1;
break;
case RUN_FIXED_BYTES:
if (tmp->fixed_bytes_set)
return (-1);
if (evtag_unmarshal_fixed(evbuf, RUN_FIXED_BYTES, tmp->fixed_bytes_data, (24)) == -1) {
event_warnx("%s: failed to unmarshal fixed_bytes", __func__);
return (-1);
}
tmp->fixed_bytes_set = 1;
break;
case RUN_NOTES:
if (tmp->notes_length >= tmp->notes_num_allocated &&
run_notes_expand_to_hold_more(tmp) < 0) {
puts("HEY NOW");
return (-1);
}
if (evtag_unmarshal_string(evbuf, RUN_NOTES, &tmp->notes_data[tmp->notes_length]) == -1) {
event_warnx("%s: failed to unmarshal notes", __func__);
return (-1);
}
++tmp->notes_length;
tmp->notes_set = 1;
break;
case RUN_LARGE_NUMBER:
if (tmp->large_number_set)
return (-1);
if (evtag_unmarshal_int64(evbuf, RUN_LARGE_NUMBER, &tmp->large_number_data) == -1) {
event_warnx("%s: failed to unmarshal large_number", __func__);
return (-1);
}
tmp->large_number_set = 1;
break;
case RUN_OTHER_NUMBERS:
if (tmp->other_numbers_length >= tmp->other_numbers_num_allocated &&
run_other_numbers_expand_to_hold_more(tmp) < 0) {
puts("HEY NOW");
return (-1);
}
if (evtag_unmarshal_int(evbuf, RUN_OTHER_NUMBERS, &tmp->other_numbers_data[tmp->other_numbers_length]) == -1) {
event_warnx("%s: failed to unmarshal other_numbers", __func__);
return (-1);
}
++tmp->other_numbers_length;
tmp->other_numbers_set = 1;
break;
default:
return -1;
}
}
if (run_complete(tmp) == -1)
return (-1);
return (0);
}
/*
* Functions to un/marshal records.
*/
static int
record_unmarshal(struct record *record, struct evbuffer *evbuf)
{
struct evbuffer *tmp = evbuffer_new();
uint32_t integer;
uint32_t tag;
memset(record, 0, sizeof(struct record));
TAILQ_INIT(&record->hashes);
/* The timevals are optional, so we need to check their presence */
if (evtag_peek(evbuf, &tag) != -1 && tag == REC_TV_START) {
if (evtag_unmarshal_timeval(evbuf, REC_TV_START, &record->tv_start) == -1)
goto error;
}
if (evtag_peek(evbuf, &tag) != -1 && tag == REC_TV_END) {
if (evtag_unmarshal_timeval(evbuf, REC_TV_END, &record->tv_end) == -1)
goto error;
}
evbuffer_drain(tmp, evbuffer_get_length(tmp));
if (evtag_unmarshal(evbuf, &tag, tmp) == -1 || tag != REC_SRC)
goto error;
if (addr_unmarshal(&record->src, tmp) == -1)
goto error;
evbuffer_drain(tmp, evbuffer_get_length(tmp));
if (evtag_unmarshal(evbuf, &tag, tmp) == -1 || tag != REC_DST)
goto error;
if (addr_unmarshal(&record->dst, tmp) == -1)
goto error;
if (evtag_unmarshal_int(evbuf, REC_SRC_PORT, &integer) == -1)
goto error;
record->src_port = integer;
if (evtag_unmarshal_int(evbuf, REC_DST_PORT, &integer) == -1)
goto error;
record->dst_port = integer;
if (evtag_unmarshal_int(evbuf, REC_PROTO, &integer) == -1)
goto error;
record->proto = integer;
if (evtag_unmarshal_int(evbuf, REC_STATE, &integer) == -1)
goto error;
record->state = integer;
while (evtag_peek(evbuf, &tag) != -1) {
switch(tag) {
case REC_OS_FP:
if (evtag_unmarshal_string(evbuf, tag, &record->os_fp) == -1)
goto error;
break;
case REC_HASH:
{
struct hash *tmp;
if ((tmp = calloc(1, sizeof(struct hash))) == NULL)
err(1, "%s: calloc", __func__);
if (evtag_unmarshal_fixed(evbuf, REC_HASH, tmp->digest, sizeof(tmp->digest)) == -1) {
free(tmp);
goto error;
}
TAILQ_INSERT_TAIL(&record->hashes, tmp, next);
}
break;
case REC_BYTES:
if (evtag_unmarshal_int(evbuf, tag,&record->bytes) == -1)
goto error;
break;
case REC_FLAGS:
if (evtag_unmarshal_int(evbuf, tag,&record->flags) == -1)
goto error;
break;
default:
syslog(LOG_DEBUG, "Ignoring unknown record tag %d", tag);
evtag_consume(evbuf);
break;
}
}
evbuffer_free(tmp);
return (0);
error:
evbuffer_free(tmp);
return (-1);
}
