unsigned char *moloch_http_send_sync(void *serverV, char *method, char *key, uint32_t key_len, char *data, uint32_t data_len, size_t *return_len)
{
MolochRequest_t *request;
gboolean sent = FALSE;
MolochHttp_t *server = serverV;
request = MOLOCH_TYPE_ALLOC(MolochRequest_t);
memcpy(request->key, key, MIN(key_len, sizeof(request->key)));
strncpy(request->method, method, sizeof(request->method));
request->method[sizeof(request->method)-1] = 0;
request->key_len = key_len;
request->data_len = data_len;
request->data = data;
request->func = 0;
request->uw = 0;
request->compress = 0;
if (return_len)
*return_len = 0;
server->syncConn->request = request;
sent = moloch_http_process_send(server->syncConn, TRUE);
if (sent) {
if (return_len)
*return_len = server->syncConn->hp_len;
return (unsigned char*)server->syncConn->hp_data;
}
return 0;
}
int moloch_drophash_add (MolochDropHash_t *hash, const void *key, uint32_t value)
{
MolochDropHashItem_t *item;
uint32_t h;
if (hash->isIp4)
h = (*(uint32_t *)key) % hash->num;
else
h = moloch_drophash_hash6(key) % hash->num;
MOLOCH_LOCK(hash->lock);
if (hash->heads[h]) {
for (item = hash->heads[h]; item; item = item->next) {
if (memcmp(key, item->key, hash->isIp4?4:16) == 0) {
MOLOCH_UNLOCK(hash->lock);
return 0;
}
}
}
item = MOLOCH_TYPE_ALLOC(MolochDropHashItem_t);
item->next = hash->heads[h];
item->dnext = NULL;
memcpy(item->key, key, hash->isIp4?4:16);
item->value = value;
hash->heads[h] = item;
MOLOCH_UNLOCK(hash->lock);
return 1;
}
LOCAL void krb5_tcp_classify(MolochSession_t *session, const unsigned char *data, int UNUSED(len), int UNUSED(which), void *UNUSED(uw))
{
if (which !=0 || data[0] != 0 || data[1] != 0)
return;
KRB5Info_t *krb5 = MOLOCH_TYPE_ALLOC(KRB5Info_t);
krb5->pos[0] = krb5->pos[1] = 0;
moloch_parsers_register(session, krb5_tcp_parser, krb5, krb5_free);
}
gboolean moloch_http_send(void *serverV, char *method, char *key, uint32_t key_len, char *data, uint32_t data_len, char *headers, gboolean dropable, MolochResponse_cb func, gpointer uw)
{
MolochRequest_t *request;
MolochHttp_t *server = serverV;
if (!config.exiting && dropable && server->requestQ.r_count > server->maxOutstandingRequests) {
LOG("ERROR - Dropping request %.*s of size %d queue %d is too big", key_len, key, data_len, server->requestQ.r_count);
if (data) {
MOLOCH_SIZE_FREE(buffer, data);
}
return 1;
}
request = MOLOCH_TYPE_ALLOC(MolochRequest_t);
request->key_len = MIN(key_len, sizeof(request->key)-1);
memcpy(request->key, key, request->key_len);
request->key[request->key_len] = 0;
strncpy(request->method, method, sizeof(request->method));
request->compress = 0;
if (server->compress && data && data_len > 1000) {
char *buf = moloch_http_get_buffer(data_len);
int ret;
z_strm.avail_in = data_len;
z_strm.next_in = (unsigned char *)data;
z_strm.avail_out = data_len;
z_strm.next_out = (unsigned char *)buf;
ret = deflate(&z_strm, Z_FINISH);
if (ret == Z_STREAM_END) {
request->compress = 1;
MOLOCH_SIZE_FREE(buffer, data);
data_len = data_len - z_strm.avail_out;
data = buf;
} else {
MOLOCH_SIZE_FREE(buffer, buf);
}
deflateReset(&z_strm);
}
request->data_len = data_len;
request->data = data;
request->func = func;
request->uw = uw;
if (headers)
strcpy(request->headers, headers);
else
request->headers[0] = 0;
DLL_PUSH_TAIL(r_, &server->requestQ, request);
moloch_http_do_requests(server);
return 0;
}
MolochDropHash_t *moloch_drophash_init (int num, char isIp4)
{
MolochDropHash_t *hash;
hash = MOLOCH_TYPE_ALLOC(MolochDropHash_t);
hash->num = num;
hash->isIp4 = isIp4;
hash->heads = MOLOCH_SIZE_ALLOC0("heads", num * sizeof(MolochDropHashItem_t *));
hash->deleted = NULL;
MOLOCH_LOCK_INIT(hash->lock);
return hash;
}
LOCAL void tds_classify(MolochSession_t *session, const unsigned char *UNUSED(data), int len, int which, void *UNUSED(uw))
{
if (which != 0 || len < 512 || moloch_session_has_protocol(session, "tds"))
return;
moloch_session_add_protocol(session, "tds");
TDSInfo_t *tds = MOLOCH_TYPE_ALLOC(TDSInfo_t);
tds->pos[0] = tds->pos[1] = 0;
moloch_parsers_register(session, tds_parser, tds, tds_free);
}
void moloch_session_add_cmd(MolochSession_t *session, MolochSesCmd icmd, gpointer uw1, gpointer uw2, MolochCmd_func func)
{
MolochSesCmd_t *cmd = MOLOCH_TYPE_ALLOC(MolochSesCmd_t);
cmd->cmd = icmd;
cmd->session = session;
cmd->uw1 = uw1;
cmd->uw2 = uw2;
cmd->func = func;
MOLOCH_LOCK(sessionCmds[session->thread].lock);
DLL_PUSH_TAIL(cmd_, &sessionCmds[session->thread], cmd);
moloch_packet_thread_wake(session->thread);
MOLOCH_UNLOCK(sessionCmds[session->thread].lock);
}
void
tls_certinfo_process(MolochCertInfo_t *ci, BSB *bsb)
{
int apc, atag, alen;
char lastOid[1000];
lastOid[0] = 0;
while (BSB_REMAINING(*bsb)) {
unsigned char *value = moloch_parsers_asn_get_tlv(bsb, &apc, &atag, &alen);
if (!value)
return;
if (apc) {
BSB tbsb;
BSB_INIT(tbsb, value, alen);
tls_certinfo_process(ci, &tbsb);
} else if (atag == 6) {
moloch_parsers_asn_decode_oid(lastOid, sizeof(lastOid), value, alen);
} else if (lastOid[0] && (atag == 20 || atag == 19 || atag == 12)) {
/* 20 == BER_UNI_TAG_TeletexString
* 19 == BER_UNI_TAG_PrintableString
* 12 == BER_UNI_TAG_UTF8String
*/
if (strcmp(lastOid, "2.5.4.3") == 0) {
MolochString_t *element = MOLOCH_TYPE_ALLOC(MolochString_t);
element->utf8 = atag == 12;
if (element->utf8)
element->str = g_utf8_strdown((char*)value, alen);
else
element->str = g_ascii_strdown((char*)value, alen);
DLL_PUSH_TAIL(s_, &ci->commonName, element);
} else if (strcmp(lastOid, "2.5.4.10") == 0) {
if (ci->orgName) {
LOG("Multiple orgName %s => %.*s", ci->orgName, alen, value);
free(ci->orgName);
}
ci->orgUtf8 = atag == 12;
ci->orgName = g_strndup((char*)value, alen);
}
}
}
}
YamlNode_t *moloch_rules_add_node(YamlNode_t *parent, char *key, char *value)
{
YamlNode_t *node = MOLOCH_TYPE_ALLOC(YamlNode_t);
node->key = key;
node->value = value;
if (value) {
node->values = NULL;
} else {
node->values = g_ptr_array_new_with_free_func((GDestroyNotify)moloch_rules_free_node);
}
if (parent) {
if (!key) {
char str[10];
sprintf(str, "%d", parent->values->len);
node->key = g_strdup(str);
}
g_ptr_array_add(parent->values, node);
}
return node;
}
gboolean moloch_http_send(void *serverV, char *method, char *key, uint32_t key_len, char *data, uint32_t data_len, gboolean dropable, MolochResponse_cb func, gpointer uw)
{
MolochRequest_t *request;
MolochConn_t *conn;
MolochHttp_t *server = serverV;
request = MOLOCH_TYPE_ALLOC(MolochRequest_t);
memcpy(request->key, key, MIN(key_len, sizeof(request->key)));
strncpy(request->method, method, sizeof(request->method));
request->key_len = key_len;
request->compress = 0;
if (server->compress && data && data_len > 1000) {
char *buf = moloch_http_get_buffer(data_len);
int ret;
z_strm.avail_in = data_len;
z_strm.next_in = (unsigned char *)data;
z_strm.avail_out = data_len;
z_strm.next_out = (unsigned char *)buf;
ret = deflate(&z_strm, Z_FINISH);
if (ret == Z_STREAM_END) {
request->compress = 1;
MOLOCH_SIZE_FREE(buffer, data);
data_len = data_len - z_strm.avail_out;
data = buf;
} else {
MOLOCH_SIZE_FREE(buffer, buf);
}
deflateReset(&z_strm);
}
request->data_len = data_len;
request->data = data;
request->func = func;
request->uw = uw;
int q = data_len > MOLOCH_HTTP_BUFFER_SIZE?1:0;
// Already have outstanding requests, see if we can process them
if (server->requestQ[q].r_count && server->connQ.e_count && time(0) - server->lastFailedConnect > 0 ) {
while (DLL_POP_HEAD(e_, &server->connQ, conn)) {
DLL_POP_HEAD(r_, &server->requestQ[q], conn->request);
if (conn->request) {
if (!moloch_http_process_send(conn, 0)) {
LOG("ERROR - %p: Couldn't send %.*s", (void*)conn, conn->request->key_len, conn->request->key);
DLL_PUSH_HEAD(r_, &server->requestQ[q], conn->request);
conn->request = 0;
DLL_PUSH_TAIL(e_, &server->connQ, conn);
break;
}
}
else {
DLL_PUSH_TAIL(e_, &server->connQ, conn);
break;
}
}
}
// Now see if we can send something new
if (DLL_POP_HEAD(e_, &server->connQ, conn)) {
conn->request = request;
if (!moloch_http_process_send(conn, FALSE)) {
conn->request = 0;
DLL_PUSH_TAIL(r_, &server->requestQ[q], request);
DLL_PUSH_TAIL(e_, &server->connQ, conn);
}
} else {
request->data = data;
if (!config.exiting && dropable && server->requestQ[q].r_count > server->maxOutstandingRequests) {
LOG("ERROR - Dropping request %.*s of size %d queue[%d] %d is too big", key_len, key, data_len, q, server->requestQ[q].r_count);
if (data) {
MOLOCH_SIZE_FREE(buffer, data);
}
MOLOCH_TYPE_FREE(MolochRequest_t, request);
return 1;
} else {
DLL_PUSH_TAIL(r_, &server->requestQ[q], request);
}
}
return 0;
}
