コード例 #1
0
ファイル: misc.c プロジェクト: Carlos-C-M/moloch 
void imap_classify(MolochSession_t *session, const unsigned char *data, int len, int UNUSED(which))
{
    if (moloch_memstr((const char *)data+5, len-5, "IMAP", 4)) {
        moloch_nids_add_tag(session, "protocol:imap");
        moloch_nids_add_protocol(session, "imap");
    }
}
コード例 #2
0
ファイル: http.c プロジェクト: Amelos/moloch 
int
moloch_hp_cb_on_body (http_parser *parser, const char *at, size_t length)
{
    HTTPInfo_t            *http = parser->data;
    MolochSession_t       *session = http->session;

#ifdef HTTPDEBUG
    LOG("HTTPDEBUG: which: %d", http->which);
#endif

    if (!(http->inBody & (1 << http->which))) {
        if (moloch_memstr(at, length, "password="******"http:password");
        }

        moloch_parsers_magic_tag(session, magicField, "http:content", at, length);
        http->inBody |= (1 << http->which);
    }

    g_checksum_update(http->checksum[http->which], (guchar *)at, length);

    if (pluginsCbs & MOLOCH_PLUGIN_HP_OB)
        moloch_plugins_cb_hp_ob(session, parser, at, length);

    return 0;
}
コード例 #3
0
ファイル: irc.c プロジェクト: ameimi/moloch 
void irc_classify(MolochSession_t *session, const unsigned char *data, int len, int which)
{
    if (data[0] == ':' && !moloch_memstr((char *)data, len, " NOTICE ", 8))
        return;

    //If a USER packet must have NICK with it so we don't pickup FTP
    if (data[0] == 'U' && !moloch_memstr((char *)data, len, "\nNICK ", 6)) {
        return;
    }

    if (moloch_nids_has_protocol(session, "irc"))
        return;

    moloch_nids_add_protocol(session, "irc");

    IRCInfo_t            *irc          = MOLOCH_TYPE_ALLOC0(IRCInfo_t);

    moloch_parsers_register(session, irc_parser, irc, irc_free);
    irc_parser(session, irc, data, len, which);
}