static int analyzer_rtp_stream_event_cleanup(struct event *evt) {
struct data *evt_data = event_get_data(evt);
if (data_is_set(evt_data[analyzer_rtp_stream_src_addr]))
ptype_cleanup(evt_data[analyzer_rtp_stream_src_addr].value);
if (data_is_set(evt_data[analyzer_rtp_stream_dst_addr]))
ptype_cleanup(evt_data[analyzer_rtp_stream_dst_addr].value);
return POM_OK;
}
int output_log_xml_process(struct event *evt, void *obj) {
struct output_log_xml_priv *priv = obj;
struct event_reg_info *evt_info = event_get_info(evt);
xmlBufferPtr buff = xmlBufferCreate();
if (!buff) {
pomlog(POMLOG_ERR "Error while creating the xml buffer");
return POM_ERR;
}
xmlTextWriterPtr writer = xmlNewTextWriterMemory(buff, 0);
if (!writer) {
pomlog(POMLOG_ERR "Error while creating the xmlTextWriter");
xmlBufferFree(buff);
return POM_ERR;
}
// <event name="event_name">
char timestamp[21] = { 0 };
snprintf(timestamp, 20, "%"PRIu64, (uint64_t) event_get_timestamp(evt));
if (xmlTextWriterWriteString(writer, BAD_CAST "\n") < 0 ||
xmlTextWriterStartElement(writer, BAD_CAST "event") < 0 ||
xmlTextWriterWriteAttribute(writer, BAD_CAST "name", BAD_CAST evt_info->name) < 0 ||
xmlTextWriterWriteAttribute(writer, BAD_CAST "timestamp", BAD_CAST timestamp) < 0)
goto err;
struct data *evt_data = event_get_data(evt);
int i;
for (i = 0; i < evt_info->data_reg->data_count; i++) {
if (evt_info->data_reg->items[i].flags & DATA_REG_FLAG_LIST) {
// Got a data_list
if (!evt_data[i].items)
continue;
// <data_list name="data_name">
if (xmlTextWriterWriteString(writer, BAD_CAST "\n\t") < 0 ||
xmlTextWriterStartElement(writer, BAD_CAST "data_list") < 0 ||
xmlTextWriterWriteAttribute(writer, BAD_CAST "name", BAD_CAST evt_info->data_reg->items[i].name) < 0)
goto err;
// <value key="key1">
struct data_item *itm = evt_data[i].items;
for (; itm; itm = itm->next) {
if (xmlTextWriterWriteString(writer, BAD_CAST "\n\t\t") < 0 ||
xmlTextWriterStartElement(writer, BAD_CAST "value") < 0 ||
xmlTextWriterWriteAttribute(writer, BAD_CAST "key", BAD_CAST itm->key) < 0)
goto err;
char *value = ptype_print_val_alloc(itm->value, NULL);
if (!value)
goto err;
if (xmlTextWriterWriteString(writer, BAD_CAST value) < 0) {
free(value);
goto err;
}
free(value);
// </value>
if (xmlTextWriterEndElement(writer) < 0)
goto err;
}
// </data_list>
if (xmlTextWriterWriteString(writer, BAD_CAST "\n\t") < 0 ||
xmlTextWriterEndElement(writer) < 0)
goto err;
} else {
// Got a single data
if (!data_is_set(evt_data[i]))
continue;
// <data name="data_name">
if (xmlTextWriterWriteString(writer, BAD_CAST "\n\t") < 0 ||
xmlTextWriterStartElement(writer, BAD_CAST "data") < 0 ||
xmlTextWriterWriteAttribute(writer, BAD_CAST "name", BAD_CAST evt_info->data_reg->items[i].name) < 0)
goto err;
if (evt_data[i].value) {
char *value = ptype_print_val_alloc(evt_data[i].value, NULL);
if (!value)
goto err;
if (xmlTextWriterWriteString(writer, BAD_CAST value) < 0) {
free(value);
goto err;
}
free(value);
}
// </data>
if (xmlTextWriterEndElement(writer) < 0)
goto err;
}
}
// </event>
if (xmlTextWriterWriteString(writer, BAD_CAST "\n") < 0 ||
xmlTextWriterEndElement(writer) < 0 ||
xmlTextWriterWriteString(writer, BAD_CAST "\n") < 0)
goto err;
xmlFreeTextWriter(writer);
if (pom_write(priv->fd, buff->content, buff->use) != POM_OK) {
pomlog(POMLOG_ERR "Error while writing to the log file");
xmlBufferFree(buff);
return POM_ERR;
}
xmlBufferFree(buff);
if (priv->perf_events)
registry_perf_inc(priv->perf_events, 1);
return POM_OK;
err:
pomlog(POMLOG_ERR "An error occured while processing the event");
xmlFreeTextWriter(writer);
xmlBufferFree(buff);
return POM_ERR;
}
static int analyzer_rtp_pload_process(void *obj, struct packet *p, struct proto_process_stack *stack, unsigned int stack_index) {
struct analyzer *analyzer = obj;
struct analyzer_rtp_priv *priv = analyzer->priv;
struct proto_process_stack *pload_stack = &stack[stack_index];
struct proto_process_stack *s = &stack[stack_index - 1];
if (!s->ce)
return POM_ERR;
struct analyzer_rtp_ce_priv *cp = conntrack_get_priv(s->ce, obj);
if (!cp) {
cp = malloc(sizeof(struct analyzer_rtp_ce_priv));
if (!cp) {
pom_oom(sizeof(struct analyzer_rtp_ce_priv));
return POM_ERR;
}
memset(cp, 0, sizeof(struct analyzer_rtp_ce_priv));
if (conntrack_add_priv(s->ce, obj, cp, analyzer_rtp_ce_cleanup) != POM_OK)
return POM_ERR;
}
int dir = s->direction;
if (!cp->evt[dir]) {
cp->evt[dir] = event_alloc(priv->evt_rtp_stream);
if (!cp->evt[dir])
return POM_ERR;
struct data *evt_data = event_get_data(cp->evt[dir]);
ptype_copy(evt_data[analyzer_rtp_stream_ssrc].value, s->pkt_info->fields_value[proto_rtp_field_ssrc]);
data_set(evt_data[analyzer_rtp_stream_ssrc]);
// For now we always assume RTP is over UDP or TCP
if (stack_index > 2) {
struct proto_process_stack *l4_stack = &stack[stack_index - 2];
unsigned int i;
for (i = 0; !data_is_set(evt_data[analyzer_rtp_stream_src_port]) || !data_is_set(evt_data[analyzer_rtp_stream_dst_port]); i++) {
struct proto_reg_info *l4_info = proto_get_info(l4_stack->proto);
char *name = l4_info->pkt_fields[i].name;
if (!name)
break;
if (!data_is_set(evt_data[analyzer_rtp_stream_src_port]) && !strcmp(name, "sport")) {
ptype_copy(evt_data[analyzer_rtp_stream_src_port].value, l4_stack->pkt_info->fields_value[i]);
data_set(evt_data[analyzer_rtp_stream_src_port]);
} else if (!data_is_set(evt_data[analyzer_rtp_stream_dst_port]) && !strcmp(name, "dport")) {
ptype_copy(evt_data[analyzer_rtp_stream_dst_port].value, l4_stack->pkt_info->fields_value[i]);
data_set(evt_data[analyzer_rtp_stream_dst_port]);
}
}
}
if (stack_index > 3) {
struct proto_process_stack *l3_stack = &stack[stack_index - 3];
unsigned int i;
for (i = 0; !data_is_set(evt_data[analyzer_rtp_stream_src_addr]) || !data_is_set(evt_data[analyzer_rtp_stream_dst_addr]); i++) {
struct proto_reg_info *l3_info = proto_get_info(l3_stack->proto);
char *name = l3_info->pkt_fields[i].name;
if (!name)
break;
if (!data_is_set(evt_data[analyzer_rtp_stream_src_addr]) && !strcmp(name, "src")) {
evt_data[analyzer_rtp_stream_src_addr].value = ptype_alloc_from(l3_stack->pkt_info->fields_value[i]);
if (evt_data[analyzer_rtp_stream_src_addr].value)
data_set(evt_data[analyzer_rtp_stream_src_addr]);
} else if (!data_is_set(evt_data[analyzer_rtp_stream_dst_addr]) && !strcmp(name, "dst")) {
evt_data[analyzer_rtp_stream_dst_addr].value = ptype_alloc_from(l3_stack->pkt_info->fields_value[i]);
if (evt_data[analyzer_rtp_stream_dst_addr].value)
data_set(evt_data[analyzer_rtp_stream_dst_addr]);
}
}
}
struct proto *sess_proto = telephony_stream_info_get_sess_proto(s->ce);
if (sess_proto) {
struct proto_reg_info *proto_reg = proto_get_info(sess_proto);
PTYPE_STRING_SETVAL(evt_data[analyzer_rtp_stream_sess_proto].value, proto_reg->name);
data_set(evt_data[analyzer_rtp_stream_sess_proto]);
}
char *call_id = telephony_stream_info_get_call_id(s->ce);
if (call_id) {
PTYPE_STRING_SETVAL_P(evt_data[analyzer_rtp_stream_call_id].value, call_id);
data_set(evt_data[analyzer_rtp_stream_call_id]);
}
if (event_process_begin(cp->evt[dir], stack, stack_index, p->ts) != POM_OK)
return POM_ERR;
}
if (!cp->pload[dir]) {
cp->pload[dir] = pload_alloc(cp->evt[dir], 0);
if (!cp->pload[dir])
return POM_ERR;
struct telephony_codec_info info = { 0 };
if (telephony_stream_info_get_codec(&info, stack, stack_index - 1) == POM_OK) {
char *pload_type = telephony_codec_info_get_pload_type(&info);
if (pload_type)
pload_set_type(cp->pload[dir], pload_type);
}
}
if (pload_append(cp->pload[dir], pload_stack->pload, pload_stack->plen) != POM_OK)
return POM_ERR;
return POM_OK;
}
int analyzer_eap_finalize(struct analyzer_eap_priv *apriv, struct analyzer_eap_ce_priv *cpriv) {
if (!cpriv->evt_request || !cpriv->evt_response)
return POM_OK;
struct event *evt = NULL;
struct data *evt_data = NULL;
struct data *evt_req_data = event_get_data(cpriv->evt_request);
struct data *evt_rsp_data = event_get_data(cpriv->evt_response);
if (!data_is_set(evt_rsp_data[evt_eap_md5_challenge_value]))
return POM_OK;
if (!data_is_set(evt_req_data[evt_eap_md5_challenge_value]))
return POM_OK;
evt = event_alloc(apriv->evt_md5_auth);
if (!evt)
return POM_ERR;
evt_data = event_get_data(evt);
if (ptype_copy(evt_data[analyzer_eap_md5_challenge].value, evt_req_data[evt_eap_md5_challenge_value].value) != POM_OK)
return POM_ERR;
data_set(evt_data[analyzer_eap_md5_challenge]);
if (ptype_copy(evt_data[analyzer_eap_md5_response].value, evt_rsp_data[evt_eap_md5_challenge_value].value) != POM_OK)
return POM_ERR;
data_set(evt_data[analyzer_eap_md5_response]);
if (cpriv->client) {
evt_data[analyzer_eap_common_client].value = cpriv->client;
data_set(evt_data[analyzer_eap_common_client]);
data_do_clean(evt_data[analyzer_eap_common_client]);
cpriv->client = NULL;
}
if (cpriv->server) {
evt_data[analyzer_eap_common_server].value = cpriv->server;
data_set(evt_data[analyzer_eap_common_server]);
data_do_clean(evt_data[analyzer_eap_common_server]);
cpriv->server = NULL;
}
if (cpriv->vlan) {
evt_data[analyzer_eap_common_vlan].value = cpriv->vlan;
data_set(evt_data[analyzer_eap_common_vlan]);
data_do_clean(evt_data[analyzer_eap_common_vlan]);
cpriv->vlan = NULL;
}
if (cpriv->top_proto) {
PTYPE_STRING_SETVAL(evt_data[analyzer_eap_common_top_proto].value, cpriv->top_proto);
data_set(evt_data[analyzer_eap_common_top_proto]);
}
if (ptype_copy(evt_data[analyzer_eap_common_identifier].value, evt_req_data[evt_eap_common_identifier].value) != POM_OK)
return POM_ERR;
data_set(evt_data[analyzer_eap_common_identifier]);
if (!data_is_set(evt_rsp_data[evt_eap_md5_challenge_name]))
return POM_OK;
if (ptype_copy(evt_data[analyzer_eap_common_username].value, evt_rsp_data[evt_eap_md5_challenge_name].value) != POM_OK)
return POM_ERR;
data_set(evt_data[analyzer_eap_common_username]);
if (cpriv->evt_result) {
struct data *evt_res_data = event_get_data(cpriv->evt_result);
ptype_copy(evt_data[analyzer_eap_common_success].value, evt_res_data[evt_eap_success_failure_success].value);
data_set(evt_data[analyzer_eap_common_success]);
event_refcount_dec(cpriv->evt_result);
cpriv->evt_result = NULL;
}
ptime ts = event_get_timestamp(cpriv->evt_response);
event_refcount_dec(cpriv->evt_request);
cpriv->evt_request = NULL;
event_refcount_dec(cpriv->evt_response);
cpriv->evt_response = NULL;
return event_process(evt, NULL, 0, ts);
}
