int main (void) {
HASH_TYPE hash_asm[HASH_SIZE];
HASH_TYPE hash_ref[HASH_SIZE];
HASH_INIT (hash_asm);
HASH_INIT (hash_ref);
PROCESS_BLOCKS (hash_ref);
PROCESS_BLOCKS_ASM (hash_asm);
printf ("asm: ");
for (int i = 0; i < HASH_SIZE; i++) {
printf (PRINTF_HASH, hash_asm[i]);
}
printf ("\nref: ");
for (int i = 0; i < HASH_SIZE; i++) {
printf (PRINTF_HASH, hash_ref[i]);
}
bool identical = true;
for (int i = 0; i < HASH_SIZE; i++) {
identical &= (hash_asm[i] == hash_ref[i]);
}
if (identical)
printf ("\nidentical\n");
else
printf ("\ndifferent\n");
return 0;
}
void moloch_field_init()
{
config.maxField = 0;
HASH_INIT(d_, fieldsByDb, moloch_string_hash, moloch_string_cmp);
HASH_INIT(e_, fieldsByExp, moloch_string_hash, moloch_field_exp_cmp);
moloch_field_by_exp_add_special("dontSaveSPI", MOLOCH_FIELD_SPECIAL_STOP_SPI);
moloch_field_by_exp_add_special("_dontSaveSPI", MOLOCH_FIELD_SPECIAL_STOP_SPI);
moloch_field_by_exp_add_special("_maxPacketsToSave", MOLOCH_FIELD_SPECIAL_STOP_PCAP);
moloch_field_by_exp_add_special("_minPacketsBeforeSavingSPI", MOLOCH_FIELD_SPECIAL_MIN_SAVE);
}
void moloch_readers_init()
{
HASH_INIT(s_, readersHash, moloch_string_hash, moloch_string_cmp);
moloch_readers_add("libpcap-file", reader_libpcapfile_init);
moloch_readers_add("libpcap", reader_libpcap_init);
moloch_readers_add("tpacketv3", reader_tpacketv3_init);
}
/*
* Read get result from the remote web server.
* Apply trigger check to this result.
*/
int
http_response_thread(thread_t * thread)
{
SOCK *sock_obj = THREAD_ARG(thread);
/* Handle read timeout */
if (thread->type == THREAD_READ_TIMEOUT)
return epilog(thread);
/* Allocate & clean the get buffer */
sock_obj->buffer = (char *) MALLOC(MAX_BUFFER_LENGTH);
/* Initalize the hash context */
sock_obj->hash = &hashes[req->hash];
HASH_INIT(sock_obj);
/* Register asynchronous http/ssl read thread */
if (req->ssl)
thread_add_read(thread->master, ssl_read_thread, sock_obj,
thread->u.fd, HTTP_CNX_TIMEOUT);
else
thread_add_read(thread->master, http_read_thread, sock_obj,
thread->u.fd, HTTP_CNX_TIMEOUT);
return 0;
}
void moloch_config_init()
{
HASH_INIT(s_, config.dontSaveTags, moloch_string_hash, moloch_string_cmp);
moloch_config_load();
if (config.debug) {
LOG("maxFileSizeB: %" PRIu64, config.maxFileSizeB);
}
if (config.interface && !config.interface[0]) {
printf("interface set in config file, but it is empty\n");
exit (1);
}
if (!config.interface && !config.pcapReadOffline) {
printf("Need to set interface, pcap file (-r) or pcap directory (-R) \n");
exit (1);
}
if (!config.pcapDir) {
printf("Must set a pcapDir to save files to\n");
exit(1);
}
if (!config.dryRun) {
g_timeout_add_seconds( 10, moloch_config_reload_files, 0);
}
}
void moloch_http_init()
{
z_strm.zalloc = Z_NULL;
z_strm.zfree = Z_NULL;
z_strm.opaque = Z_NULL;
deflateInit(&z_strm, Z_DEFAULT_COMPRESSION);
HASH_INIT(h_, connections, moloch_http_conn_hash, moloch_http_conn_cmp);
}
void moloch_plugins_init()
{
HASH_INIT(p_, plugins, moloch_string_hash, moloch_string_cmp);
if (!config.pluginsDir)
return;
if (!config.plugins)
return;
if (!g_module_supported ()) {
LOG("ERROR - glib compiled without module support");
return;
}
int i;
for (i = 0; config.plugins[i]; i++) {
const char *name = config.plugins[i];
int d;
GModule *plugin = 0;
for (d = 0; config.pluginsDir[d]; d++) {
gchar *path = g_build_filename (config.pluginsDir[d], name, NULL);
if (!g_file_test(path, G_FILE_TEST_EXISTS)) {
g_free (path);
continue;
}
plugin = g_module_open (path, 0); /*G_MODULE_BIND_LAZY | G_MODULE_BIND_LOCAL);*/
if (!plugin) {
LOG("ERROR - Couldn't load plugin %s from '%s'\n%s", name, path, g_module_error());
g_free (path);
continue;
}
g_free (path);
break;
}
if (!plugin)
continue;
MolochPluginInitFunc plugin_init;
if (!g_module_symbol(plugin, "moloch_plugin_init", (gpointer *)(char*)&plugin_init) || plugin_init == NULL) {
LOG("ERROR - Module %s doesn't have a moloch_plugin_init", name);
continue;
}
plugin_init();
}
}
void moloch_http_init()
{
z_strm.zalloc = Z_NULL;
z_strm.zfree = Z_NULL;
z_strm.opaque = Z_NULL;
deflateInit(&z_strm, Z_DEFAULT_COMPRESSION);
curl_global_init(CURL_GLOBAL_SSL);
HASH_INIT(h_, connections, moloch_session_hash, moloch_http_conn_cmp);
DLL_INIT(rqt_, &requests);
}
void
HMAC_INIT(HMAC_CONTEXT *ctxt, const void *key, size_t keyLen)
{
HASH_CONTEXT keyCtxt;
unsigned int i;
uint8_t pkey[HASH_BLOCK_SIZE], okey[HASH_BLOCK_SIZE], ikey[HASH_BLOCK_SIZE];
/* Ensure key is zero-padded */
memset(pkey, 0, sizeof(pkey));
if (keyLen > sizeof(pkey)) {
/* Hash key if > HASH_BLOCK_SIZE */
HASH_INIT(&keyCtxt);
HASH_UPDATE(&keyCtxt, key, keyLen);
HASH_FINAL(&keyCtxt, pkey);
}
else {
memcpy(pkey, key, keyLen);
}
/* XOR with opad, ipad */
for (i = 0; i < sizeof(okey); i++) {
okey[i] = pkey[i] ^ 0x5c;
}
for (i = 0; i < sizeof(ikey); i++) {
ikey[i] = pkey[i] ^ 0x36;
}
/* Initialize hash contexts */
HASH_INIT(&ctxt->outer);
HASH_UPDATE(&ctxt->outer, okey, sizeof(okey));
HASH_INIT(&ctxt->inner);
HASH_UPDATE(&ctxt->inner, ikey, sizeof(ikey));
/* Burn the stack */
memset(ikey, 0, sizeof(ikey));
memset(okey, 0, sizeof(okey));
memset(pkey, 0, sizeof(pkey));
memset(&keyCtxt, 0, sizeof(keyCtxt));
}
static void
rte_src_init(void)
{
rte_src_slab = sl_new(rta_pool, sizeof(struct rte_src));
src_id_pos = 0;
src_id_size = SRC_ID_INIT_SIZE;
src_ids = mb_allocz(rta_pool, src_id_size * sizeof(u32));
/* ID 0 is reserved */
src_ids[0] = 1;
src_id_used = 1;
HASH_INIT(src_hash, rta_pool, RSH_INIT_ORDER);
}
void moloch_config_init()
{
HASH_INIT(s_, config.dontSaveTags, moloch_string_hash, moloch_string_cmp);
moloch_config_load();
if (config.debug) {
LOG("maxFileSizeB: %" PRIu64, config.maxFileSizeB);
}
if (!config.interface && !config.pcapReadOffline) {
printf("Need to set interface, pcap file (-r) or pcap directory (-R) \n");
exit (1);
}
if (!config.pcapDir) {
printf("Must set a pcapDir to save files to\n");
exit(1);
}
}
void moloch_config_init()
{
int i;
char *str;
static char *rotates[] = {"hourly", "daily", "weekly", "monthly"};
HASH_INIT(s_, config.dontSaveTags, moloch_string_hash, moloch_string_cmp);
moloch_config_load();
if (config.debug) {
LOG("nodeClass: %s", config.nodeClass);
LOG("elasticsearch: %s", config.elasticsearch);
LOG("prefix: %s", config.prefix);
LOG("interface: %s", config.interface);
if (config.pcapDir) {
str = g_strjoinv(";", config.pcapDir);
LOG("pcapDir: %s", str);
g_free(str);
}
LOG("bpf: %s", config.bpf);
LOG("yara: %s", config.yara);
LOG("geoipFile: %s", config.geoipFile);
LOG("geoipASNFile: %s", config.geoipASNFile);
LOG("rirFile: %s", config.rirFile);
LOG("dropUser: %s", config.dropUser);
LOG("dropGroup: %s", config.dropGroup);
if (config.smtpIpHeaders) {
str = g_strjoinv(";", config.smtpIpHeaders);
LOG("smtpIpHeaders: %s", str);
g_free(str);
}
if (config.pluginsDir) {
str = g_strjoinv(";", config.pluginsDir);
LOG("pluginsDir: %s", str);
g_free(str);
}
if (config.plugins) {
str = g_strjoinv(";", config.plugins);
LOG("plugins: %s", str);
g_free(str);
}
if (config.parsersDir) {
str = g_strjoinv(";", config.parsersDir);
LOG("parsersDir: %s", str);
g_free(str);
}
LOG("maxFileSizeG: %lf", config.maxFileSizeG);
LOG("maxFileSizeB: %ld", config.maxFileSizeB);
LOG("maxFileTimeM: %u", config.maxFileTimeM);
LOG("icmpTimeout: %u", config.icmpTimeout);
LOG("udpTimeout: %u", config.udpTimeout);
LOG("tcpTimeout: %u", config.tcpTimeout);
LOG("tcpSaveTimeout: %u", config.tcpSaveTimeout);
LOG("maxStreams: %u", config.maxStreams);
LOG("maxPackets: %u", config.maxPackets);
LOG("minFreeSpaceG: %u", config.minFreeSpaceG);
LOG("dbBulkSize: %u", config.dbBulkSize);
LOG("dbFlushTimeout: %u", config.dbFlushTimeout);
LOG("maxESConns: %u", config.maxESConns);
LOG("maxESRequests: %u", config.maxESRequests);
LOG("logEveryXPackets: %u", config.logEveryXPackets);
LOG("packetsPerPoll: %u", config.packetsPerPoll);
LOG("pcapBufferSize: %u", config.pcapBufferSize);
LOG("pcapWriteSize: %u", config.pcapWriteSize);
LOG("maxFreeOutputBuffers: %u", config.maxFreeOutputBuffers);
LOG("logUnknownProtocols: %s", (config.logUnknownProtocols?"true":"false"));
LOG("logESRequests: %s", (config.logESRequests?"true":"false"));
LOG("logFileCreation: %s", (config.logFileCreation?"true":"false"));
LOG("parseSMTP: %s", (config.parseSMTP?"true":"false"));
LOG("parseSMB: %s", (config.parseSMB?"true":"false"));
LOG("parseQSValue: %s", (config.parseQSValue?"true":"false"));
LOG("parseCookieValue: %s", (config.parseCookieValue?"true":"false"));
LOG("compressES: %s", (config.compressES?"true":"false"));
LOG("rotateIndex = %s", rotates[config.rotate]);
LOG("offlineFilenameRegex: %s", g_regex_get_pattern(config.offlineRegex));
MolochString_t *tstring;
HASH_FORALL(s_, config.dontSaveTags, tstring,
LOG("dontSaveTags: %s", tstring->str);
);
void moloch_field_init()
{
config.maxField = 0;
HASH_INIT(d_, fieldsByDb, moloch_string_hash, moloch_string_cmp);
HASH_INIT(e_, fieldsByExp, moloch_string_hash, moloch_field_exp_cmp);
}
void moloch_plugins_init()
{
HASH_INIT(p_, plugins, moloch_string_hash, moloch_string_cmp);
}
void moloch_config_init()
{
char *str;
HASH_INIT(s_, config.dontSaveTags, moloch_string_hash, moloch_string_cmp);
moloch_config_load();
if (config.debug) {
LOG("nodeClass: %s", config.nodeClass);
LOG("elasticsearch: %s", config.elasticsearch);
LOG("interface: %s", config.interface);
if (config.pcapDir) {
str = g_strjoinv(";", config.pcapDir);
LOG("pcapDir: %s", str);
g_free(str);
}
LOG("bpf: %s", config.bpf);
LOG("yara: %s", config.yara);
LOG("geoipFile: %s", config.geoipFile);
LOG("geoipASNFile: %s", config.geoipASNFile);
LOG("rirFile: %s", config.rirFile);
LOG("dropUser: %s", config.dropUser);
LOG("dropGroup: %s", config.dropGroup);
if (config.smtpIpHeaders) {
str = g_strjoinv(";", config.smtpIpHeaders);
LOG("smtpIpHeaders: %s", str);
g_free(str);
}
if (config.pluginsDir) {
str = g_strjoinv(";", config.pluginsDir);
LOG("pluginsDir: %s", str);
g_free(str);
}
if (config.plugins) {
str = g_strjoinv(";", config.plugins);
LOG("plugins: %s", str);
g_free(str);
}
if (config.parsersDir) {
str = g_strjoinv(";", config.parsersDir);
LOG("parsersDir: %s", str);
g_free(str);
}
LOG("maxFileSizeG: %u", config.maxFileSizeG);
LOG("maxFileTimeM: %u", config.maxFileTimeM);
LOG("icmpTimeout: %u", config.icmpTimeout);
LOG("udpTimeout: %u", config.udpTimeout);
LOG("tcpTimeout: %u", config.tcpTimeout);
LOG("tcpSaveTimeout: %u", config.tcpSaveTimeout);
LOG("maxStreams: %u", config.maxStreams);
LOG("maxPackets: %u", config.maxPackets);
LOG("minFreeSpaceG: %u", config.minFreeSpaceG);
LOG("dbBulkSize: %u", config.dbBulkSize);
LOG("dbFlushTimeout: %u", config.dbFlushTimeout);
LOG("maxESConns: %u", config.maxESConns);
LOG("maxESRequests: %u", config.maxESRequests);
LOG("logEveryXPackets: %u", config.logEveryXPackets);
LOG("packetsPerPoll: %u", config.packetsPerPoll);
LOG("pcapBufferSize: %u", config.pcapBufferSize);
LOG("pcapWriteSize: %u", config.pcapWriteSize);
LOG("logUnknownProtocols: %s", (config.logUnknownProtocols?"true":"false"));
LOG("logESRequests: %s", (config.logESRequests?"true":"false"));
LOG("logFileCreation: %s", (config.logFileCreation?"true":"false"));
LOG("parseSMTP: %s", (config.parseSMTP?"true":"false"));
LOG("parseSMB: %s", (config.parseSMB?"true":"false"));
LOG("parseQSValue: %s", (config.parseQSValue?"true":"false"));
LOG("compressES: %s", (config.compressES?"true":"false"));
MolochString_t *tstring;
HASH_FORALL(s_, config.dontSaveTags, tstring,
LOG("dontSaveTags: %s", tstring->str);
);
void moloch_config_init()
{
char *str;
static char *rotates[] = {"hourly", "daily", "weekly", "monthly"};
HASH_INIT(s_, config.dontSaveTags, moloch_string_hash, moloch_string_cmp);
moloch_config_load();
if (config.debug) {
LOG("nodeClass: %s", config.nodeClass);
LOG("elasticsearch: %s", config.elasticsearch);
LOG("interface: %s", config.interface);
if (config.pcapDir) {
str = g_strjoinv(";", config.pcapDir);
LOG("pcapDir: %s", str);
g_free(str);
}
LOG("bpf: %s", config.bpf);
LOG("yara: %s", config.yara);
LOG("geoipFile: %s", config.geoipFile);
LOG("geoipASNFile: %s", config.geoipASNFile);
LOG("rirFile: %s", config.rirFile);
LOG("dropUser: %s", config.dropUser);
LOG("dropGroup: %s", config.dropGroup);
if (config.smtpIpHeaders) {
str = g_strjoinv(";", config.smtpIpHeaders);
LOG("smtpIpHeaders: %s", str);
g_free(str);
}
if (config.pluginsDir) {
str = g_strjoinv(";", config.pluginsDir);
LOG("pluginsDir: %s", str);
g_free(str);
}
if (config.plugins) {
str = g_strjoinv(";", config.plugins);
LOG("plugins: %s", str);
g_free(str);
}
if (config.parsersDir) {
str = g_strjoinv(";", config.parsersDir);
LOG("parsersDir: %s", str);
g_free(str);
}
LOG("maxFileSizeG: %u", config.maxFileSizeG);
LOG("maxFileTimeM: %u", config.maxFileTimeM);
LOG("icmpTimeout: %u", config.icmpTimeout);
LOG("udpTimeout: %u", config.udpTimeout);
LOG("tcpTimeout: %u", config.tcpTimeout);
LOG("tcpSaveTimeout: %u", config.tcpSaveTimeout);
LOG("maxStreams: %u", config.maxStreams);
LOG("maxPackets: %u", config.maxPackets);
LOG("minFreeSpaceG: %u", config.minFreeSpaceG);
LOG("dbBulkSize: %u", config.dbBulkSize);
LOG("dbFlushTimeout: %u", config.dbFlushTimeout);
LOG("maxESConns: %u", config.maxESConns);
LOG("maxESRequests: %u", config.maxESRequests);
LOG("logEveryXPackets: %u", config.logEveryXPackets);
LOG("packetsPerPoll: %u", config.packetsPerPoll);
LOG("pcapBufferSize: %u", config.pcapBufferSize);
LOG("pcapWriteSize: %u", config.pcapWriteSize);
LOG("maxFreeOutputBuffers: %u", config.maxFreeOutputBuffers);
LOG("logUnknownProtocols: %s", (config.logUnknownProtocols?"true":"false"));
LOG("logESRequests: %s", (config.logESRequests?"true":"false"));
LOG("logFileCreation: %s", (config.logFileCreation?"true":"false"));
LOG("parseSMTP: %s", (config.parseSMTP?"true":"false"));
LOG("parseSMB: %s", (config.parseSMB?"true":"false"));
LOG("parseQSValue: %s", (config.parseQSValue?"true":"false"));
LOG("compressES: %s", (config.compressES?"true":"false"));
LOG("rotateIndex = %s", rotates[config.rotate]);
switch (config.writeMethod) {
case MOLOCH_WRITE_NORMAL:
LOG("pcapWriteMethod = normal");
break;
case MOLOCH_WRITE_DIRECT:
LOG("pcapWriteMethod = direct");
break;
case MOLOCH_WRITE_THREAD | MOLOCH_WRITE_NORMAL:
LOG("pcapWriteMethod = thread");
break;
case MOLOCH_WRITE_THREAD | MOLOCH_WRITE_DIRECT:
LOG("pcapWriteMethod = thread-direct");
break;
default:
LOG("pcapWriteMethod = config.c needs to be updated");
}
MolochString_t *tstring;
HASH_FORALL(s_, config.dontSaveTags, tstring,
LOG("dontSaveTags: %s", tstring->str);
);