void wise_session_cmd_cb(MolochSession_t *session, gpointer uw1, gpointer UNUSED(uw2))
{
WiseItem_t *wi = uw1;
if (wi) {
wise_process_ops(session, wi);
}
moloch_session_decr_outstanding(session);
}
void wise_lookup(MolochSession_t *session, WiseRequest_t *request, char *value, int type)
{
static int lookups = 0;
if (*value == 0)
return;
if (request->numItems >= 256)
return;
lookups++;
if ((lookups % 10000) == 0)
wise_print_stats();
stats[type][INTEL_STAT_LOOKUP]++;
WiseItem_t *wi;
HASH_FIND(wih_, itemHash[type], value, wi);
if (wi) {
// Already being looked up
if (wi->sessions) {
if (wi->numSessions < wi->sessionsSize) {
wi->sessions[wi->numSessions++] = session;
moloch_nids_incr_outstanding(session);
}
stats[type][INTEL_STAT_INPROGRESS]++;
return;
}
struct timeval currentTime;
gettimeofday(¤tTime, NULL);
if (wi->loadTime + cacheSecs > currentTime.tv_sec) {
wise_process_ops(session, wi);
stats[type][INTEL_STAT_CACHE]++;
return;
}
/* Had it in cache, but it is too old */
DLL_REMOVE(wil_, &itemList[type], wi);
wise_free_ops(wi);
} else {
// Know nothing about it
wi = MOLOCH_TYPE_ALLOC0(WiseItem_t);
wi->key = g_strdup(value);
wi->type = type;
wi->sessionsSize = 20;
HASH_ADD(wih_, itemHash[type], wi->key, wi);
}
wi->sessions = malloc(sizeof(MolochSession_t *) * wi->sessionsSize);
wi->sessions[wi->numSessions++] = session;
moloch_nids_incr_outstanding(session);
stats[type][INTEL_STAT_REQUEST]++;
BSB_EXPORT_u08(request->bsb, type);
int len = strlen(value);
BSB_EXPORT_u16(request->bsb, len);
BSB_EXPORT_ptr(request->bsb, value, len);
request->items[request->numItems++] = wi;
}
void wise_cb(unsigned char *data, int data_len, gpointer uw)
{
BSB bsb;
WiseRequest_t *request = uw;
int i;
inflight -= request->numItems;
BSB_INIT(bsb, data, data_len);
uint32_t fts = 0, ver = 0;
BSB_IMPORT_u32(bsb, fts);
BSB_IMPORT_u32(bsb, ver);
if (BSB_IS_ERROR(bsb) || ver != 0) {
for (i = 0; i < request->numItems; i++) {
wise_free_item(request->items[i]);
}
MOLOCH_TYPE_FREE(WiseRequest_t, request);
return;
}
if (fts != fieldsTS)
wise_load_fields();
struct timeval currentTime;
gettimeofday(¤tTime, NULL);
for (i = 0; i < request->numItems; i++) {
WiseItem_t *wi = request->items[i];
BSB_IMPORT_u08(bsb, wi->numOps);
if (wi->numOps > 0) {
wi->ops = malloc(wi->numOps * sizeof(WiseOp_t));
int i;
for (i = 0; i < wi->numOps; i++) {
WiseOp_t *op = &(wi->ops[i]);
int rfield = 0;
BSB_IMPORT_u08(bsb, rfield);
op->fieldPos = fieldsMap[rfield];
int len = 0;
BSB_IMPORT_u08(bsb, len);
char *str = (char*)BSB_WORK_PTR(bsb);
BSB_IMPORT_skip(bsb, len);
switch (config.fields[op->fieldPos]->type) {
case MOLOCH_FIELD_TYPE_INT_HASH:
if (op->fieldPos == tagsField) {
moloch_db_get_tag(NULL, tagsField, str, NULL); // Preload the tagname -> tag mapping
op->str = g_strdup(str);
op->strLenOrInt = len - 1;
continue;
}
// Fall thru
case MOLOCH_FIELD_TYPE_INT:
case MOLOCH_FIELD_TYPE_INT_ARRAY:
op->str = 0;
op->strLenOrInt = atoi(str);
break;
case MOLOCH_FIELD_TYPE_STR:
case MOLOCH_FIELD_TYPE_STR_ARRAY:
case MOLOCH_FIELD_TYPE_STR_HASH:
op->str = g_strdup(str);
op->strLenOrInt = len - 1;
break;
case MOLOCH_FIELD_TYPE_IP:
case MOLOCH_FIELD_TYPE_IP_HASH:
op->str = 0;
op->strLenOrInt = inet_addr(str);
break;
default:
LOG("WARNING - Unsupported expression type for %s", str);
continue;
}
}
}
wi->loadTime = currentTime.tv_sec;
int s;
for (s = 0; s < wi->numSessions; s++) {
wise_process_ops(wi->sessions[s], wi);
moloch_nids_decr_outstanding(wi->sessions[s]);
}
g_free(wi->sessions);
wi->sessions = 0;
wi->numSessions = 0;
DLL_PUSH_HEAD(wil_, &itemList[(int)wi->type], wi);
// Cache needs to be reduced
if (itemList[(int)wi->type].wil_count > maxCache) {
DLL_POP_TAIL(wil_, &itemList[(int)wi->type], wi);
wise_free_item(wi);
}
}
MOLOCH_TYPE_FREE(WiseRequest_t, request);
}
