static void session_download_new(struct incident *i, char *url)
{
g_debug("%s incident %p", __PRETTY_FUNCTION__, i);
struct session *session = session_new();
session->type = session_type_download;
session->url = g_strdup(url);
struct connection *con = NULL;
if( incident_value_con_get(i, "con", &con) )
{
session->laddr = g_strdup(con->local.ip_string);
curl_easy_setopt(session->easy, CURLOPT_INTERFACE, session->laddr);
connection_ref(con);
}
curl_easy_setopt(session->easy, CURLOPT_URL, session->url);
curl_easy_setopt(session->easy, CURLOPT_WRITEFUNCTION, curl_writefunction_cb);
curl_easy_setopt(session->easy, CURLOPT_WRITEDATA, session);
curl_easy_setopt(session->easy, CURLOPT_DEBUGFUNCTION, curl_debugfunction_cb);
curl_easy_setopt(session->easy, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(session->easy, CURLOPT_ERRORBUFFER, session->error);
curl_easy_setopt(session->easy, CURLOPT_PRIVATE, session);
curl_easy_setopt(session->easy, CURLOPT_NOPROGRESS, 0L);
curl_easy_setopt(session->easy, CURLOPT_FOLLOWLOCATION, 10);
curl_easy_setopt(session->easy, CURLOPT_PROGRESSFUNCTION, curl_progressfunction_cb);
curl_easy_setopt(session->easy, CURLOPT_PROGRESSDATA, session);
curl_easy_setopt(session->easy, CURLOPT_LOW_SPEED_TIME, 3L);
curl_easy_setopt(session->easy, CURLOPT_LOW_SPEED_LIMIT, 10L);
curl_easy_setopt(session->easy, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
session->action.download.file = tempfile_new(curl_runtime.download_dir, "http-");
session->action.download.ctxcon = con;
g_debug("session %p file %i path %s", session, session->action.download.file->fd, session->action.download.file->path);
g_debug("Adding easy %p to multi %p (%s)", session->easy, curl_runtime.multi, url);
curl_multi_add_handle(curl_runtime.multi, session->easy);
curl_runtime.queued++;
check_run_count();
}
static void nl_ihandler_cb(struct incident *i, void *ctx)
{
g_debug("%s i %p ctx %p", __PRETTY_FUNCTION__, i, ctx);
struct connection *con;
incident_value_con_get(i, "con", &con);
char *remote = con->remote.ip_string;
char *local = con->local.ip_string;
char *prefix = "::ffff:";
if( strncmp(local, prefix, strlen(prefix)) == 0)
local += strlen(prefix);
if( strncmp(remote, prefix, strlen(prefix)) == 0)
remote += strlen(prefix);
int ifindex;
int err;
{
g_debug("local addr %s remote addr %s", local, remote);
struct rtnl_addr *addr = rtnl_addr_alloc();
struct nl_addr *a;
if ( ( err = nl_addr_parse(local, AF_UNSPEC, &a)) != 0 )
g_critical("could not parse addr %s (%s)", local, nl_geterror(err));
rtnl_addr_set_local(addr, a);
nl_addr_put(a);
struct rtnl_addr *res = NULL;
nl_cache_foreach_filter(nl_runtime.addr_cache, OBJ_CAST(addr), cache_lookup_cb, &res);
g_critical("LOCAL RTNL_ADDR %p", res);
/* struct nl_dump_params params = {
.dp_type = NL_DUMP_LINE,
.dp_fd = stdout,
};
nl_cache_dump_filter(nl_runtime.addr_cache, ¶ms, OBJ_CAST(addr));
*/
ifindex = rtnl_addr_get_ifindex(res);
}
struct rtnl_neigh *res = NULL;
{
struct rtnl_neigh *neigh = rtnl_neigh_alloc();
rtnl_neigh_set_ifindex(neigh, ifindex);
struct nl_addr *a;
if ( ( err = nl_addr_parse(remote, AF_UNSPEC, &a)) != 0 )
g_critical("could not parse addr %s (%s)", remote, nl_geterror(err));
rtnl_neigh_set_dst(neigh, a);
nl_addr_put(a);
nl_cache_foreach_filter(nl_runtime.neigh_cache, OBJ_CAST(neigh), cache_lookup_cb, &res);
}
if( res )
{
g_critical("GOT NEIGH %p", res);
struct nl_addr *lladdr = rtnl_neigh_get_lladdr(res);
char buf[123];
nl_addr2str(lladdr, buf, sizeof(buf));
g_critical("GOT NEIGH %s", buf);
struct incident *i = incident_new("dionaea.module.nl.connection.info.mac");
incident_value_string_set(i, "mac", g_string_new(buf));
incident_value_con_set(i, "con", con);
incident_report(i);
incident_free(i);
}
}
