MkTransition* mk_transition_lookup(GHashTable* table,
const gchar* src_state,
const gchar* signal,
gchar** output)
{
if (output != NULL)
*output = NULL;
// Find all transitions that start from the source state
GPtrArray* array = g_hash_table_lookup(table, src_state);
if (array == NULL)
return NULL;
// Find the first transition that corresponds to the signal. A transition
// corresponds to the signal if the signal's regular expression matches
// the signal received.
gint i;
for (i = 0; i < array->len; ++i) {
MkTransition* t = g_ptr_array_index(array, i);
GError* error = NULL;
GRegex* regex = g_regex_new(t->signal, 0, 0, &error);
if (error != NULL)
g_critical("regular expression error: %s", error->message);
GMatchInfo* match_info;
gboolean matches = g_regex_match(regex, signal, 0, &match_info);
if (matches) {
if (output != NULL && t->output != NULL) {
*output = g_match_info_expand_references(match_info,
t->output,
&error);
if (error != NULL)
g_critical("error expanding output string: %s",
error->message);
}
}
if (match_info != NULL)
g_match_info_free(match_info);
g_regex_unref(regex);
if (matches)
return t;
}
return NULL;
}
static VALUE
rg_expand_references(VALUE self, VALUE rb_string)
{
const gchar *string = RVAL2CSTR(rb_string);
gchar *expanded_string = NULL;
GError *error = NULL;
expanded_string = g_match_info_expand_references(_SELF(self),
string,
&error);
if (error)
RAISE_GERROR(error);
return CSTR2RVAL_FREE(expanded_string);
}
LOCAL void reader_libpcapfile_opened()
{
int dlt_to_linktype(int dlt);
if (config.flushBetween)
moloch_session_flush();
moloch_packet_set_linksnap(dlt_to_linktype(pcap_datalink(pcap)) | pcap_datalink_ext(pcap), pcap_snapshot(pcap));
offlineFile = pcap_file(pcap);
if (config.bpf && pcapFileHeader.linktype != 239) {
struct bpf_program bpf;
if (pcap_compile(pcap, &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOGEXIT("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(pcap));
}
if (pcap_setfilter(pcap, &bpf) == -1) {
LOGEXIT("ERROR - Couldn't set filter: '%s' with %s", config.bpf, pcap_geterr(pcap));
}
}
readerPos++;
if (readerFileName[readerPos])
moloch_free_later(readerFileName[readerPos], g_free);
readerFileName[readerPos] = g_strdup(offlinePcapFilename);
int fd = pcap_fileno(pcap);
if (fd == -1) {
g_timeout_add(0, reader_libpcapfile_read, NULL);
} else {
moloch_watch_fd(fd, MOLOCH_GIO_READ_COND, reader_libpcapfile_read, NULL);
}
if (filenameOpsNum > 0) {
// Free any previously allocated
if (readerFieldOps[readerPos].size > 0)
moloch_field_ops_free(&readerFieldOps[readerPos]);
moloch_field_ops_init(&readerFieldOps[readerPos], filenameOpsNum, MOLOCH_FIELD_OPS_FLAGS_COPY);
// Go thru all the filename ops looking for matches and then expand the value string
int i;
for (i = 0; i < filenameOpsNum; i++) {
GMatchInfo *match_info = 0;
g_regex_match(filenameOps[i].regex, offlinePcapFilename, 0, &match_info);
if (g_match_info_matches(match_info)) {
GError *error = 0;
char *expand = g_match_info_expand_references(match_info, filenameOps[i].expand, &error);
if (error) {
LOG("Error expanding '%s' with '%s' - %s", offlinePcapFilename, filenameOps[i].expand, error->message);
g_error_free(error);
}
if (expand) {
moloch_field_ops_add(&readerFieldOps[readerPos], filenameOps[i].field, expand, -1);
g_free(expand);
}
}
g_match_info_free(match_info);
}
}
}
static GList *snr3_replace_pcre(Tsnr3run *s3run, gchar *buffer, gchar **replacedbuffer) {
gchar *newbuf;
gchar *bufferpos, *newbufpos;
gsize buflen;
gsize alloced;
Tlineinbuffer lib = {0,1};
GList *results=NULL;
GMatchInfo *match_info;
gsize prevpos=0;
DEBUG_MSG("snr3_replace_pcre, search for %s, replace with %s\n",s3run->query, s3run->replace);
buflen = strlen(buffer);
alloced = MAX(buflen*2,4096);
newbuf = g_malloc0(alloced);
bufferpos = buffer;
newbufpos = newbuf;
g_regex_match(s3run->regex, buffer, 0, &match_info);
while(g_match_info_matches(match_info)) {
gint so, eo;
guint line, replacelen;
gchar *replacestring;
GError *gerror=NULL;
g_match_info_fetch_pos(match_info,0,&so,&eo);
memcpy(newbufpos, bufferpos, so-prevpos);
newbufpos += (so-prevpos);
bufferpos = buffer+eo;
prevpos = eo;
line = calculate_line_in_buffer(&lib, newbuf, (newbufpos-newbuf));
results = g_list_prepend(results, new_result(line, newbuf, (newbufpos-newbuf)));
replacestring = g_match_info_expand_references(match_info, s3run->replace, &gerror);
if (gerror) {
g_print("replace error %s\n",gerror->message);
g_error_free(gerror);
}
replacelen = strlen(replacestring);
/* now check if we have enough memory */
if (alloced < (1+ newbufpos-newbuf + replacelen + buflen-prevpos)) {
gchar *tmp;
alloced += MAX(buflen, 4096);
tmp = g_realloc(newbuf, alloced);
newbufpos = tmp + (newbufpos-newbuf);
newbuf=tmp;
}
memcpy(newbufpos, replacestring, replacelen);
newbufpos += replacelen;
g_free(replacestring);
g_match_info_next(match_info, NULL);
}
g_match_info_free(match_info);
memcpy(newbufpos, buffer+prevpos, buflen-prevpos+1);
*replacedbuffer = newbuf;
return results;
}
