static gboolean discovery_client_read(GIOChannel* source,
GIOCondition condition,
gpointer user_data)
{
DiscoveryClient* self = DISCOVERY_CLIENT(user_data);
gint length;
GInetAddr *src;
gint port;
const gchar* host;
/* Receive the packet waiting for us */
length = gnet_udp_socket_receive(self->socket, self->buffer,
self->buffer_size, &src);
self->buffer[self->buffer_size - 1] = '\0';
/* Ignore it if it doesn't exactly match our service.
* It will have a 16-bit port number after the service name,
* we ignore that at this point.
*/
if (length != strlen(self->service_name) + 3)
return TRUE;
if (strncmp(self->service_name, self->buffer, self->buffer_size))
return TRUE;
/* Yay, a service responded. Extract the host and port, and
* invoke our owner's callback function.
*/
port = self->buffer[length-1] | (self->buffer[length-2] << 8);
host = gnet_inetaddr_get_canonical_name(src);
self->callback(self, host, port, self->user_data);
return TRUE;
}
void
handle_client(GTcpSocket *client) {
RequestHeader *request_header;
GIOChannel *ioclient;
GInetAddr *addr;
GIOError error;
GPtrArray *request_query;
gchar* name;
gint port;
gchar read_buffer[1024];
gchar write_buffer[1024];
gsize read_buffer_n;
gsize write_buffer_n;
ioclient = gnet_tcp_socket_get_io_channel(client);
g_assert (ioclient);
addr = gnet_tcp_socket_get_remote_inetaddr(client);
g_assert (addr);
name = gnet_inetaddr_get_canonical_name (addr);
g_assert (name);
port = gnet_inetaddr_get_port (addr);
g_print ("Accepted connection from %s:%d\n", name, port);
g_free(name);
request_query = g_ptr_array_new();
while ((error = gnet_io_channel_readline(ioclient,
read_buffer,
sizeof(read_buffer),
&read_buffer_n)) == G_IO_ERROR_NONE && (read_buffer_n > 0))
{
if(g_strcmp0(read_buffer, BLANK_LINE) == 0) {
break;
}else {
g_ptr_array_add(request_query, g_strdup(read_buffer));
}
}
request_header = voy_request_header_initialize();
voy_request_header_create(request_query, request_header);
voy_request_header_print(request_header);
g_stpcpy(write_buffer, "HTTP/1.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\n\r\n<h1>Hello from server!</h1>");
write_buffer_n = strlen(write_buffer);
gnet_io_channel_writen(ioclient, write_buffer, write_buffer_n, &write_buffer_n);
g_ptr_array_free(request_query, TRUE);
gnet_inetaddr_delete (addr);
voy_request_header_free(request_header);
}
/* initialize GNet testing */
static void
gnet_check_init (int *argc, char **argv[])
{
gnet_init ();
/* GST_DEBUG_CATEGORY_INIT (check_debug, "check", 0, "check regression tests"); */
if (g_getenv ("GNET_TEST_DEBUG"))
_gnet_check_debug = TRUE;
if (g_getenv ("SOCKS_SERVER")) {
GInetAddr *ia;
ia = gnet_socks_get_server ();
if (ia) {
gchar *name;
name = gnet_inetaddr_get_canonical_name (ia);
g_print ("\nUsing SOCKS %u proxy: %s\n", gnet_socks_get_version(), name);
g_free (name);
gnet_inetaddr_unref (ia);
gnet_socks_set_enabled (TRUE);
}
}
g_log_set_handler (NULL, G_LOG_LEVEL_MESSAGE, gnet_check_log_message_func,
NULL);
g_log_set_handler (NULL, G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING,
gnet_check_log_critical_func, NULL);
g_log_set_handler ("GNet", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING,
gnet_check_log_critical_func, NULL);
g_log_set_handler ("GLib", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING,
gnet_check_log_critical_func, NULL);
g_log_set_handler ("GLib-GObject", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING,
gnet_check_log_critical_func, NULL);
check_cond = g_cond_new ();
check_mutex = g_mutex_new ();
}
GTcpSocket*
initialize_server(gint server_port) {
GTcpSocket *server;
GInetAddr *addr;
gint port;
gchar *name;
server = gnet_tcp_socket_server_new_with_port(server_port);
addr = gnet_tcp_socket_get_local_inetaddr(server);
g_assert(addr);
name = gnet_inetaddr_get_canonical_name(addr);
g_assert(name);
port = gnet_inetaddr_get_port(addr);
g_print("Voyager1 started at %s:%d\n\n", name, port);
gnet_inetaddr_delete (addr);
g_free(name);
return server;
}
static void ob_server_func (GServer* server, GServerStatus status, struct _GConn* conn, gpointer user_data)
{
switch (status)
{
case GNET_SERVER_STATUS_CONNECT:
{
if (debug) {
LOG(LOG_DEBUG, "New connection from %s", gnet_inetaddr_get_canonical_name(conn->inetaddr));
}
conn->func = ob_client_func;
conn->user_data = calloc(1, sizeof(struct conn_stat));
gnet_conn_write (conn, strdup(hello), strlen(hello), 0);
gnet_conn_readline (conn, NULL, 1024, 30000);
break;
}
case GNET_SERVER_STATUS_ERROR:
{
gnet_server_delete (server);
exit (1);
break;
}
}
}
int
main(int argc, char** argv)
{
gchar* hostname;
gint port;
GInetAddr* addr;
GTcpSocket* socket;
GIOChannel* iochannel;
GIOError error = G_IO_ERROR_NONE;
gchar buffer[1024];
gsize n;
gnet_init ();
/* Parse args */
if (argc != 3)
{
g_print ("usage: %s <server> <port>\n", argv[0]);
exit(EXIT_FAILURE);
}
hostname = argv[1];
port = atoi(argv[2]);
/* Create the address */
addr = gnet_inetaddr_new (hostname, port);
if (!addr)
{
fprintf (stderr, "Error: Name lookup for %s failed\n", hostname);
exit (EXIT_FAILURE);
}
/* Create the socket */
socket = gnet_tcp_socket_new (addr);
gnet_inetaddr_delete (addr);
if (!socket)
{
fprintf (stderr, "Error: Could not connect to %s:%d\n", hostname, port);
exit (EXIT_FAILURE);
}
#if 0
{
gchar* cname;
/* Print local address */
addr = gnet_tcp_socket_get_local_inetaddr (socket);
g_assert (addr);
cname = gnet_inetaddr_get_canonical_name (addr);
g_assert (cname);
g_print ("Local address: %s:%d\n", cname, gnet_inetaddr_get_port(addr));
g_free (cname);
gnet_inetaddr_delete (addr);
/* Print remote address */
addr = gnet_tcp_socket_get_remote_inetaddr (socket);
g_assert (addr);
cname = gnet_inetaddr_get_canonical_name (addr);
g_assert (cname);
g_print ("Remote address: %s:%d\n", cname, gnet_inetaddr_get_port(addr));
g_free (cname);
gnet_inetaddr_delete (addr);
}
#endif
/* Get the IOChannel */
iochannel = gnet_tcp_socket_get_io_channel (socket);
g_assert (iochannel != NULL);
while (fgets(buffer, sizeof(buffer), stdin) != 0)
{
n = strlen(buffer);
error = gnet_io_channel_writen (iochannel, buffer, n, &n);
if (error != G_IO_ERROR_NONE) break;
error = gnet_io_channel_readn (iochannel, buffer, n, &n);
if (error != G_IO_ERROR_NONE) break;
if (fwrite(buffer, n, 1, stdout) != 1) {
fprintf (stderr, "Error: fwrite to stdout failed: %s\n", g_strerror (errno));
}
}
if (error != G_IO_ERROR_NONE)
fprintf (stderr, "Error: IO error (%d)\n", error);
gnet_tcp_socket_delete (socket);
return 0;
}
gpointer
sim_connect_send_alarm(gpointer data)
{
int i;
if (!config)
{
if (data)
{
config = (SimConfig*) data;
}
}
SimEvent* event = NULL;
GTcpSocket* socket = NULL;
GIOChannel* iochannel = NULL;
GIOError error;
GIOCondition conds;
gchar *buffer = NULL;
gchar *aux = NULL;
gsize n;
GList *notifies = NULL;
gint risk;
gchar *ip_src = NULL;
gchar *ip_dst = NULL;
//gchar time[TIMEBUF_SIZE];
gchar *timestamp;
gchar * aux_time;
//timestamp = time;
gchar *hostname;
gint port;
GInetAddr* addr = NULL;
hostname = g_strdup(config->framework.host);
port = config->framework.port;
gint iter = 0;
void* old_action;
for (;;) //Pop events for ever
{
GString *st;
int inx = 0;
event = (SimEvent*) sim_container_pop_ar_event(ossim.container);
if (!event)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: No event", __FUNCTION__);
continue;
}
base64_param base64_params[N_TEXT_FIELDS];
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
base64_params[i].key = g_strdup(sim_text_field_get_name(i));
base64_params[i].base64data = g_strdup(event->textfields[i]);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s:%d %s=\"%s\"",
__FILE__, __LINE__, sim_text_field_get_name(i),
event->textfields[i]);
}
else
{
base64_params[i].key = '\0';
base64_params[i].base64data = '\0';
}
}
// Send max risk
// i.e., to avoid risk=0 when destination is 0.0.0.0
if (event->risk_a > event->risk_c)
{
risk = event->risk_a;
}
else
{
risk = event->risk_c;
}
/* String to be sent */
if (event->time_str)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: event->time_str %s", event->time_str);
aux_time = g_strdup(event->time_str);
timestamp = aux_time;
}
if (event->time)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: event->time %d", event->time);
timestamp = g_new0(gchar, 26);
strftime (timestamp, TIMEBUF_SIZE, "%Y-%m-%d %H:%M:%S", gmtime ((time_t *) &event->time));
}
if (event->src_ia)
{
ip_src = gnet_inetaddr_get_canonical_name(event->src_ia);
}
else
{
ip_src = g_strdup_printf("0.0.0.0");
}
if (event->dst_ia)
{
ip_dst = gnet_inetaddr_get_canonical_name(event->dst_ia);
}
else
{
ip_dst = g_strdup_printf("0.0.0.0");
}
//FIXME? In a future, Policy will substitute this and this won't be neccesary. Also is needed to check
//if this funcionality is really interesting
//
if (event->policy)
{
aux
= g_strdup_printf(
"event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"",
timestamp, event->plugin_id, event->plugin_sid, risk,
event->priority, event->reliability, event->id,
event->backlog_id, ip_src, event->src_port, ip_dst,
event->dst_port, event->protocol, event->sensor,
sim_policy_get_has_actions(event->policy), sim_policy_get_id(
event->policy));
}
else
{ //If there aren't any policy associated, the policy and the action number will be 0
aux
= g_strdup_printf(
"event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"",
timestamp, event->plugin_id, event->plugin_sid, risk,
event->priority, event->reliability, event->id,
event->backlog_id, ip_src, event->src_port, ip_dst,
event->dst_port, event->protocol, event->sensor, 0, 0);
}
g_free(ip_src);
g_free(ip_dst);
g_free(timestamp);
st = g_string_new(aux);
for (inx = 0; inx < G_N_ELEMENTS(base64_params); inx++)
{
if (base64_params[inx].base64data)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: %u:%s %p",
__FUNCTION__, inx, base64_params[inx].base64data,
base64_params[inx].base64data);
g_string_append_printf(
st,
" %s=\"%s\"",
base64_params[inx].key,
base64_params[inx].base64data != NULL ? base64_params[inx].base64data
: "");
g_free(base64_params[inx].base64data); /* we dont't need the data, anymore, so free it*/
}
}//end for nelements
g_string_append(st, "\n");
buffer = g_string_free(st, FALSE);
if (!buffer)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message error");
g_free(aux);
continue;
}
g_free(aux);
aux = NULL;
//old way was creating a new socket and giochannel for each alarm.
//now a persistent giochannel is used.
//iochannel = gnet_tcp_socket_get_io_channel (socket);
if (iochannel)
{
conds = g_io_channel_get_buffer_condition(iochannel);
}
if (!iochannel || sigpipe_received || (conds & G_IO_HUP) || (conds
& G_IO_ERR))
{ //Loop to get a connection
do
{
if (sigpipe_received)
{
if (socket)
{
gnet_tcp_socket_delete(socket);
}
sigpipe_received = FALSE;
iochannel = FALSE;
}
// if not, create socket and iochannel from config and store to get a persistent connection.
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: invalid iochannel.(%d)", iter);
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: trying to create a new iochannel.(%d)",
iter);
if (!hostname)
{
//FIXME: may be that this host hasn't got any frameworkd. If the event is forwarded to other server, it will be sended to the
//other server framework (supposed it has a defined one).
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Hostname error, reconnecting in 3secs (%d)",
iter);
hostname = g_strdup(config->framework.host);
sleep(3);
continue;
}
if (addr)
{
g_free(addr);
}
addr = gnet_inetaddr_new_nonblock(hostname, port);
if (!addr)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating the address, trying in 3secs(%d)",
iter);
sleep(3);
continue;
}
socket = gnet_tcp_socket_new(addr);
if (!socket)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating socket(1), reconnecting in 3 secs..(%d)",
iter);
iochannel = NULL;
socket = NULL;
sleep(3);
continue;
}
else
{
iochannel = gnet_tcp_socket_get_io_channel(socket);
if (!iochannel)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating iochannel, reconnecting in 3 secs..(%d)",
iter);
if (socket)
{
gnet_tcp_socket_delete(socket);
}
socket = NULL;
iochannel = NULL;
sleep(3);
continue;
}
else
{
sigpipe_received = FALSE;
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: new iochannel created. Returning %x (%d)",
iochannel, iter);
}
}
iter++;
}
while (!iochannel);
}
//g_assert (iochannel != NULL);
n = strlen(buffer);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Message to send: %s, (len=%d)", buffer, n);
//signals actually not used
// old_action=signal(SIGPIPE, pipe_handler);
sim_util_block_signal(SIGPIPE);
error = gnet_io_channel_writen(iochannel, buffer, n, &n);
sim_util_unblock_signal(SIGPIPE);
//error = gnet_io_channel_readn (iochannel, buffer, n, &n);
//fwrite(buffer, n, 1, stdout);
if (error != G_IO_ERROR_NONE)
{
//back to the queue so we dont loose the action/response
g_object_ref(event);
sim_container_push_ar_event(ossim.container, event);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message could not be sent.. reseting");
/*
if(buffer)
g_free (buffer);
g_free (aux);
*/
gnet_tcp_socket_delete(socket);
iochannel = NULL;
}
else
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message sent succesfully: %s", buffer);
//Cose conn
if (buffer)
g_free(buffer);
if (aux)
g_free(aux);
buffer = NULL;
aux = NULL;
//gnet_tcp_socket_delete (socket);
//iochannel=NULL;
if (event)
g_object_unref(event);
}
}
int ob_client_func (GConn* conn, GConnStatus status,
gchar* buffer, gint length, gpointer user_data)
{
struct conn_stat *cs = (struct conn_stat *)user_data;
int i = length-1;
while (i > 0 && isspace(buffer[i])) {
buffer[i--] = 0;
}
switch (status) {
case GNET_CONN_STATUS_READ:
{
//fprintf(stderr, "user_data: %d %s %s\n", cs->state, cs->user, cs->pwd);
if (cs->state != STATE_DATA && !strncasecmp(buffer, "QUIT", 4)) {
gnet_conn_write (conn, strdup(bye), strlen(bye), 0);
cs->state = STATE_EXIT;
break;
}
switch (cs->state) {
case STATE_INIT:
cs->state = STATE_USER;
case STATE_USER:
if (strncasecmp(buffer, "USER ", 5)) {
gnet_conn_write (conn, strdup(errhello), strlen(errhello), 0);
} else {
strncpy(cs->user, buffer+5, sizeof(cs->user));
cs->state = STATE_PWD;
gnet_conn_write (conn, strdup(askpwd), strlen(askpwd), 0);
}
break;
case STATE_PWD:
if (strncasecmp(buffer, "PASS ", 5)) {
gnet_conn_write (conn, strdup(erraskpwd), strlen(erraskpwd), 0);
break;
}
strncpy(cs->pwd, buffer+5, sizeof(cs->pwd));
/* check the password first */
if (!uw_password_ok(cs->user, cs->pwd)) {
LOG(LOG_NOTICE, "%s: password failure (%s/%s)", gnet_inetaddr_get_canonical_name(conn->inetaddr), cs->user, cs->pwd);
gnet_conn_write (conn, strdup(errbye), strlen(errbye), 0);
cs->state = STATE_EXIT;
break;
}
cs->state = STATE_DATA;
cs->sp_info = spool_open(OPT_ARG(SPOOLDIR), OPT_ARG(OUTPUT));
if (cs->sp_info == NULL) {
gnet_conn_write (conn, strdup(spoolerr), strlen(spoolerr), 0);
cs->state = STATE_EXIT;
break;
}
gnet_conn_write (conn, strdup(askdata), strlen(askdata), 0);
break;
case STATE_DATA:
if (!strncasecmp(buffer, ".", 1)) {
char *targfilename = strdup(spool_targfilename(cs->sp_info));
if (!spool_close(cs->sp_info, TRUE)) {
gnet_conn_write (conn, strdup(spoolerr), strlen(spoolerr), 0);
} else {
if (debug) LOG(LOG_DEBUG, "spooled to %s", targfilename);
}
free(targfilename);
gnet_conn_write (conn, strdup(bye), strlen(bye), 0);
cs->state = STATE_EXIT;
} else {
if (!spool_printf(cs->sp_info, "%s\n", buffer)) {
spool_close(cs->sp_info, FALSE);
cs->state = STATE_ERROR;
}
}
break;
case STATE_ERROR:
if (!strncasecmp(buffer, ".", 1)) {
gnet_conn_write (conn, strdup(errbye), strlen(errbye), 0);
cs->state = STATE_EXIT;
}
}
break;
}
case GNET_CONN_STATUS_WRITE:
{
g_free (buffer);
if (cs->state == STATE_EXIT) {
if (debug) {
LOG(LOG_DEBUG, "%s closed connection", gnet_inetaddr_get_canonical_name(conn->inetaddr));
}
free(conn->user_data);
gnet_conn_delete (conn, TRUE);
}
break;
}
case GNET_CONN_STATUS_CLOSE:
case GNET_CONN_STATUS_TIMEOUT:
case GNET_CONN_STATUS_ERROR:
{
if (cs->state == STATE_DATA || cs->state == STATE_ERROR) {
spool_close(cs->sp_info, FALSE);
if (debug) {
LOG(LOG_DEBUG, "%s unexpected end of input", gnet_inetaddr_get_canonical_name(conn->inetaddr));
}
} else {
if (debug && cs->state != STATE_DATA) {
LOG(LOG_DEBUG, "%s unexpected close", gnet_inetaddr_get_canonical_name(conn->inetaddr));
}
}
free(conn->user_data);
gnet_conn_delete (conn, TRUE);
break;
}
default:
g_assert_not_reached ();
}
return TRUE; /* TRUE means read more if status was read, otherwise
its ignored */
}
gchar*
sim_event_to_string(SimEvent *event)
{
GString *str;
gchar *ip;
gchar * base64;
gint base64_len;
gchar uuidtext[37];
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
gchar *e_filename = NULL, *e_username = NULL, *e_password = NULL;
gchar *e_userdata1 = NULL, *e_userdata2 = NULL, *e_userdata3 = NULL, *e_userdata4 = NULL;
gchar *e_userdata5 = NULL, *e_userdata6 = NULL, *e_userdata7 = NULL, *e_userdata8 = NULL;
gchar *e_userdata9 = NULL, *e_data = NULL, *e_log = NULL;
str = g_string_new("event ");
g_string_append_printf(str, "id=\"%u\" ", event->id);
g_string_append_printf(str, "alarm=\"%d\" ", event->alarm);
gchar *aux = sim_event_get_str_from_type(event->type);
if (aux)
{
g_string_append_printf(str, "type=\"%s\" ", aux);
g_free(aux);
}
g_string_append_printf(str, "date=\"%u\" ", event->time);
g_string_append_printf(str, "tzone=\"%4.2f\" ", event->tzone);
if (event->time_str)
g_string_append_printf(str, "fdate=\"%s\" ", event->time_str);
if (event->plugin_id)
g_string_append_printf(str, "plugin_id=\"%d\" ", event->plugin_id);
if (event->plugin_sid)
g_string_append_printf(str, "plugin_sid=\"%d\" ", event->plugin_sid);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_string_append_printf(str, "src_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->src_port)
g_string_append_printf(str, "src_port=\"%d\" ", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_string_append_printf(str, "dst_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->dst_port)
g_string_append_printf(str, "dst_port=\"%d\" ", event->dst_port);
if (event->sensor)
g_string_append_printf(str, "sensor=\"%s\" ", event->sensor);
if (event->device)
g_string_append_printf(str, "device=\"%s\" ", event->device);
if (event->interface)
g_string_append_printf(str, "interface=\"%s\" ", event->interface);
if (event->protocol)
{
gchar *value = sim_protocol_get_str_from_type(event->protocol);
g_string_append_printf(str, "protocol=\"%s\" ", value);
g_free(value);
}
if (event->condition)
{
gchar *value = sim_condition_get_str_from_type(event->condition);
g_string_append_printf(str, "condition=\"%s\" ", value);
g_free(value);
}
if (event->value)
g_string_append_printf(str, "value=\"%s\" ", event->value);
if (event->interval)
g_string_append_printf(str, "interval=\"%d\" ", event->interval);
if (event->is_priority_set)
g_string_append_printf(str, "priority=\"%d\" ", event->priority);
if (event->is_reliability_set)
g_string_append_printf(str, "reliability=\"%d\" ", event->reliability);
if (event->asset_src)
g_string_append_printf(str, "asset_src=\"%d\" ", event->asset_src);
if (event->asset_dst)
g_string_append_printf(str, "asset_dst=\"%d\" ", event->asset_dst);
if (event->risk_c)
g_string_append_printf(str, "risk_a=\"%lf\" ", event->risk_a);
if (event->risk_a)
g_string_append_printf(str, "risk_c=\"%lf\" ", event->risk_c);
if (event->snort_sid)
g_string_append_printf(str, "snort_sid=\"%u\" ", event->snort_sid);
if (event->snort_cid)
g_string_append_printf(str, "snort_cid=\"%u\" ", event->snort_cid);
// if (event->data)
// g_string_append_printf(str, "data=\"%s\" ", event->data);
if (event->log && (base64_len = strlen(event->log)))
{
base64 = g_base64_encode(event->log, base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "log=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_prio_src)
g_string_append_printf(str, "rep_prio_src=\"%u\" ", event->rep_prio_src);
if (event->rep_prio_dst)
g_string_append_printf(str, "rep_prio_dst=\"%u\" ", event->rep_prio_dst);
if (event->rep_rel_src)
g_string_append_printf(str, "rep_rel_src=\"%u\" ", event->rep_rel_src);
if (event->rep_rel_dst)
g_string_append_printf(str, "rep_rel_dst=\"%u\" ", event->rep_rel_dst);
if (event->rep_act_src && (base64_len = strlen(event->rep_act_src)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_src, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_src=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_act_dst && (base64_len = strlen(event->rep_act_dst)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_dst, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_dst=\"%s\" ", base64);
g_free(base64);
}
//g_string_append_printf(str, "log=\"%s\" ", event->log);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if ((event->textfields[i] != NULL) && (base64_len = strlen(event->textfields[i])))
{
base64 = g_base64_encode(event->textfields[i], base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "%s=\"%s\" ", sim_text_field_get_name(i), base64);
g_free(base64);
}
}
if (!uuid_is_null(event->uuid))
{
uuid_unparse_upper(event->uuid, uuidtext);
g_string_append_printf(str, "uuid=\"%s\" ", uuidtext);
}
if (event->packet)
if (event->packet->payloadlen > 0)
{
gchar *payload;
payload = sim_bin2hex(event->packet->payload, event->packet->payloadlen);
g_string_append_printf(str, "payload=\"%s\" ", payload);
g_free(payload);
}
g_string_append_printf(str, "\n");
return g_string_free(str, FALSE);
}
void
sim_event_print(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
gchar *ip;
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
g_print("event");
switch (event->type)
{
case SIM_EVENT_TYPE_DETECTOR:
g_print(" type=\"D\"");
break;
case SIM_EVENT_TYPE_MONITOR:
g_print(" type=\"M\"");
break;
case SIM_EVENT_TYPE_NONE:
g_print(" type=\"N\"");
break;
}
g_print(" id=\"%d\"", event->id);
if (event->time_str)
timestamp = event->time_str;
else if (event->time)
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
g_print(" alarm=\"%d\"", event->alarm);
if (event->sensor)
g_print(" sensor=\"%s\"", event->sensor);
if (event->device)
g_print(" device=\"%s\"", event->device);
if (event->interface)
g_print(" interface=\"%s\"", event->interface);
if (event->plugin_id)
g_print(" plugin_id=\"%d\"", event->plugin_id);
if (event->plugin_sid)
g_print(" plugin_sid=\"%d\"", event->plugin_sid);
if (event->protocol)
g_print(" protocol=\"%d\"", event->protocol);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_print(" src_ia=\"%s\"", ip);
g_free(ip);
}
if (event->src_port)
g_print(" src_port=\"%d\"", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_print(" dst_ia=\"%s\"", ip);
g_free(ip);
}
if (event->dst_port)
g_print(" dst_port=\"%d\"", event->dst_port);
if (event->condition)
g_print(" condition=\"%d\"", event->condition);
if (event->value)
g_print(" value=\"%s\"", event->value);
if (event->interval)
g_print(" ineterval=\"%d\"", event->interval);
if (event->priority)
g_print(" priority=\"%d\"", event->priority);
if (event->reliability)
g_print(" reliability=\"%d\"", event->reliability);
if (event->asset_src)
g_print(" asset_src=\"%d\"", event->asset_src);
if (event->asset_dst)
g_print(" asset_dst=\"%d\"", event->asset_dst);
if (event->risk_c)
g_print(" risk_c=\"%lf\"", event->risk_c);
if (event->risk_a)
g_print(" risk_a=\"%lf\"", event->risk_a);
if (event->snort_sid)
g_print(" sid =\"%d\"", event->snort_sid);
if (event->snort_cid)
g_print(" cid =\"%d\"", event->snort_cid);
if (event->data)
g_print(" data=\"%s\"", event->data);
if (event->rep_prio_src)
g_message (" rep_prio_src=\"%u\"", event->rep_prio_src);
if (event->rep_prio_dst)
g_message (" rep_prio_dst=\"%u\"", event->rep_prio_dst);
if (event->rep_rel_src)
g_message (" rep_rel_src=\"%u\"", event->rep_rel_src);
if (event->rep_rel_dst)
g_message (" rep_rel_dst=\"%u\"", event->rep_rel_dst);
if (event->rep_act_src)
g_message (" rep_act_src=\"%s\"", event->rep_act_src);
if (event->rep_act_dst)
g_message (" rep_act_dst=\"%s\"", event->rep_act_dst);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
g_printf(" %s=\"%s\"", sim_text_field_get_name(i),
event->textfields[i]);
}
}
if (!uuid_is_null(event->uuid))
{
gchar uuidtext[37];
uuid_unparse_upper(event->uuid, uuidtext);
g_message(" uuid=\"%s\"", uuidtext);
}
g_print("\n");
}
