Exemplo n.º 1
0
void moloch_session_mark_for_close (MolochSession_t *session, int ses)
{
    session->closingQ = 1;
    session->saveTime = session->lastPacket.tv_sec + 5;
    DLL_REMOVE(q_, &sessionsQ[session->thread][ses], session);
    DLL_PUSH_TAIL(q_, &closingQ[session->thread], session);

    if (session->tcp_next) {
        DLL_REMOVE(tcp_, &tcpWriteQ[session->thread], session);
    }
}
Exemplo n.º 2
0
    DLL_FOREACH_REMOVABLE(td_, tcpData, ftd, next) {
        const int which = ftd->packet->direction;
        const uint32_t tcpSeq = session->tcpSeq[which];

        if (tcpSeq >= ftd->seq && tcpSeq < (ftd->seq + ftd->len)) {
            const int offset = tcpSeq - ftd->seq;
            const uint8_t *data = ftd->packet->pkt + ftd->dataOffset + offset;
            const int len = ftd->len - offset;

            if (session->firstBytesLen[which] < 8) {
                int copy = MIN(8 - session->firstBytesLen[which], len);
                memcpy(session->firstBytes[which] + session->firstBytesLen[which], data, copy);
                session->firstBytesLen[which] += copy;
            }

            if (session->totalDatabytes[which] == session->consumed[which])  {
                moloch_parsers_classify_tcp(session, data, len, which);
            }

            moloch_packet_process_data(session, data, len, which);
            session->tcpSeq[which] += len;
            session->databytes[which] += len;
            session->totalDatabytes[which] += len;

            if (config.yara) {
                moloch_yara_execute(session, data, len, 0);
            }

            DLL_REMOVE(td_, tcpData, ftd);
            moloch_packet_free(ftd->packet);
            MOLOCH_TYPE_FREE(MolochTcpData_t, ftd);
        } else {
            return;
        }
    }
Exemplo n.º 3
0
Arquivo: http.c Projeto: Amelos/moloch 
void moloch_http_free_conn(MolochConn_t *conn, gboolean process)
{
    DEBUGCONN("AAA free %s %p read: %d write: %d", conn->server->names[0], conn, conn->readWatch, conn->writeWatch);

    if (conn->readWatch)
        g_source_remove(conn->readWatch);
    if (conn->writeWatch)
        g_source_remove(conn->writeWatch);

    MolochHttp_t *server = conn->server;
    if (conn->conn) {
        g_object_unref (conn->conn);
        conn->conn = 0;
    }
    conn->request = 0;
    conn->server->numConns--;

    if (conn->h_next) {
        HASH_REMOVE(h_, connections, conn);
    }

    if (conn->e_next) {
        DLL_REMOVE(e_, &conn->server->connQ, conn);
    }

    MOLOCH_TYPE_FREE(MolochConn_t, conn);
    if (process)
        moloch_http_do_requests(server);
}
Exemplo n.º 4
0
LOCAL void moloch_session_free (MolochSession_t *session)
{
    if (session->tcp_next) {
        DLL_REMOVE(tcp_, &tcpWriteQ[session->thread], session);
    }

    g_array_free(session->filePosArray, TRUE);
    g_array_free(session->fileLenArray, TRUE);
    g_array_free(session->fileNumArray, TRUE);

    if (session->rootId && session->rootId[0] != 'R')
        g_free(session->rootId);

    if (session->parserInfo) {
        int i;
        for (i = 0; i < session->parserNum; i++) {
            if (session->parserInfo[i].parserFreeFunc)
                session->parserInfo[i].parserFreeFunc(session, session->parserInfo[i].uw);
        }
        free(session->parserInfo);
    }

    if (session->pluginData)
        MOLOCH_SIZE_FREE(pluginData, session->pluginData);
    moloch_field_free(session);

    moloch_packet_tcp_free(session);

    MOLOCH_TYPE_FREE(MolochSession_t, session);
}
Exemplo n.º 5
0
LOCAL void moloch_session_save(MolochSession_t *session)
{
    if (session->h_next) {
        HASH_REMOVE(h_, sessions[session->thread][session->ses], session);
    }

    if (session->closingQ) {
        DLL_REMOVE(q_, &closingQ[session->thread], session);
    } else
        DLL_REMOVE(q_, &sessionsQ[session->thread][session->ses], session);

    moloch_packet_tcp_free(session);

    if (session->parserInfo) {
        int i;
        for (i = 0; i < session->parserNum; i++) {
            if (session->parserInfo[i].parserSaveFunc)
                session->parserInfo[i].parserSaveFunc(session, session->parserInfo[i].uw, TRUE);
        }
    }

    if (pluginsCbs & MOLOCH_PLUGIN_PRE_SAVE)
        moloch_plugins_cb_pre_save(session, TRUE);

    moloch_rules_run_before_save(session, 1);

    if (session->tcp_next) {
        DLL_REMOVE(tcp_, &tcpWriteQ[session->thread], session);
    }

    if (session->outstandingQueries > 0) {
        session->needSave = 1;
        needSave[session->thread]++;
        return;
    }

    moloch_db_save_session(session, TRUE);
    moloch_session_free(session);
}
Exemplo n.º 6
0
Arquivo: wise.c Projeto: Amelos/moloch 
void wise_lookup(MolochSession_t *session, WiseRequest_t *request, char *value, int type)
{
    static int lookups = 0;

    if (*value == 0)
        return;

    if (request->numItems >= 256)
        return;

    lookups++;
    if ((lookups % 10000) == 0)
        wise_print_stats();

    stats[type][INTEL_STAT_LOOKUP]++;

    WiseItem_t *wi;
    HASH_FIND(wih_, itemHash[type], value, wi);

    if (wi) {
        // Already being looked up
        if (wi->sessions) {
            if (wi->numSessions < wi->sessionsSize) {
                wi->sessions[wi->numSessions++] = session;
                moloch_nids_incr_outstanding(session);
            }
            stats[type][INTEL_STAT_INPROGRESS]++;
            return;
        }

        struct timeval currentTime;
        gettimeofday(&currentTime, NULL);

        if (wi->loadTime + cacheSecs > currentTime.tv_sec) {
            wise_process_ops(session, wi);
            stats[type][INTEL_STAT_CACHE]++;
            return;
        }

        /* Had it in cache, but it is too old */
        DLL_REMOVE(wil_, &itemList[type], wi);
        wise_free_ops(wi);
    } else {
        // Know nothing about it
        wi = MOLOCH_TYPE_ALLOC0(WiseItem_t);
        wi->key          = g_strdup(value);
        wi->type         = type;
        wi->sessionsSize = 20;
        HASH_ADD(wih_, itemHash[type], wi->key, wi);
    }

    wi->sessions = malloc(sizeof(MolochSession_t *) * wi->sessionsSize);
    wi->sessions[wi->numSessions++] = session;
    moloch_nids_incr_outstanding(session);

    stats[type][INTEL_STAT_REQUEST]++;

    BSB_EXPORT_u08(request->bsb, type);
    int len = strlen(value);
    BSB_EXPORT_u16(request->bsb, len);
    BSB_EXPORT_ptr(request->bsb, value, len);

    request->items[request->numItems++] = wi;
}