static void session_download_new(struct incident *i, char *url) { g_debug("%s incident %p", __PRETTY_FUNCTION__, i); struct session *session = session_new(); session->type = session_type_download; session->url = g_strdup(url); struct connection *con = NULL; if( incident_value_con_get(i, "con", &con) ) { session->laddr = g_strdup(con->local.ip_string); curl_easy_setopt(session->easy, CURLOPT_INTERFACE, session->laddr); connection_ref(con); } curl_easy_setopt(session->easy, CURLOPT_URL, session->url); curl_easy_setopt(session->easy, CURLOPT_WRITEFUNCTION, curl_writefunction_cb); curl_easy_setopt(session->easy, CURLOPT_WRITEDATA, session); curl_easy_setopt(session->easy, CURLOPT_DEBUGFUNCTION, curl_debugfunction_cb); curl_easy_setopt(session->easy, CURLOPT_VERBOSE, 1L); curl_easy_setopt(session->easy, CURLOPT_ERRORBUFFER, session->error); curl_easy_setopt(session->easy, CURLOPT_PRIVATE, session); curl_easy_setopt(session->easy, CURLOPT_NOPROGRESS, 0L); curl_easy_setopt(session->easy, CURLOPT_FOLLOWLOCATION, 10); curl_easy_setopt(session->easy, CURLOPT_PROGRESSFUNCTION, curl_progressfunction_cb); curl_easy_setopt(session->easy, CURLOPT_PROGRESSDATA, session); curl_easy_setopt(session->easy, CURLOPT_LOW_SPEED_TIME, 3L); curl_easy_setopt(session->easy, CURLOPT_LOW_SPEED_LIMIT, 10L); curl_easy_setopt(session->easy, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"); session->action.download.file = tempfile_new(curl_runtime.download_dir, "http-"); session->action.download.ctxcon = con; g_debug("session %p file %i path %s", session, session->action.download.file->fd, session->action.download.file->path); g_debug("Adding easy %p to multi %p (%s)", session->easy, curl_runtime.multi, url); curl_multi_add_handle(curl_runtime.multi, session->easy); curl_runtime.queued++; check_run_count(); }
static void nl_ihandler_cb(struct incident *i, void *ctx) { g_debug("%s i %p ctx %p", __PRETTY_FUNCTION__, i, ctx); struct connection *con; incident_value_con_get(i, "con", &con); char *remote = con->remote.ip_string; char *local = con->local.ip_string; char *prefix = "::ffff:"; if( strncmp(local, prefix, strlen(prefix)) == 0) local += strlen(prefix); if( strncmp(remote, prefix, strlen(prefix)) == 0) remote += strlen(prefix); int ifindex; int err; { g_debug("local addr %s remote addr %s", local, remote); struct rtnl_addr *addr = rtnl_addr_alloc(); struct nl_addr *a; if ( ( err = nl_addr_parse(local, AF_UNSPEC, &a)) != 0 ) g_critical("could not parse addr %s (%s)", local, nl_geterror(err)); rtnl_addr_set_local(addr, a); nl_addr_put(a); struct rtnl_addr *res = NULL; nl_cache_foreach_filter(nl_runtime.addr_cache, OBJ_CAST(addr), cache_lookup_cb, &res); g_critical("LOCAL RTNL_ADDR %p", res); /* struct nl_dump_params params = { .dp_type = NL_DUMP_LINE, .dp_fd = stdout, }; nl_cache_dump_filter(nl_runtime.addr_cache, ¶ms, OBJ_CAST(addr)); */ ifindex = rtnl_addr_get_ifindex(res); } struct rtnl_neigh *res = NULL; { struct rtnl_neigh *neigh = rtnl_neigh_alloc(); rtnl_neigh_set_ifindex(neigh, ifindex); struct nl_addr *a; if ( ( err = nl_addr_parse(remote, AF_UNSPEC, &a)) != 0 ) g_critical("could not parse addr %s (%s)", remote, nl_geterror(err)); rtnl_neigh_set_dst(neigh, a); nl_addr_put(a); nl_cache_foreach_filter(nl_runtime.neigh_cache, OBJ_CAST(neigh), cache_lookup_cb, &res); } if( res ) { g_critical("GOT NEIGH %p", res); struct nl_addr *lladdr = rtnl_neigh_get_lladdr(res); char buf[123]; nl_addr2str(lladdr, buf, sizeof(buf)); g_critical("GOT NEIGH %s", buf); struct incident *i = incident_new("dionaea.module.nl.connection.info.mac"); incident_value_string_set(i, "mac", g_string_new(buf)); incident_value_con_set(i, "con", con); incident_report(i); incident_free(i); } }