MolochDropHash_t *moloch_drophash_init (int num, char isIp4)
{
MolochDropHash_t *hash;
hash = MOLOCH_TYPE_ALLOC(MolochDropHash_t);
hash->num = num;
hash->isIp4 = isIp4;
hash->heads = MOLOCH_SIZE_ALLOC0("heads", num * sizeof(MolochDropHashItem_t *));
hash->deleted = NULL;
MOLOCH_LOCK_INIT(hash->lock);
return hash;
}
void writer_simple_init(char *UNUSED(name))
{
moloch_writer_queue_length = writer_simple_queue_length;
moloch_writer_exit = writer_simple_exit;
moloch_writer_write = writer_simple_write;
char *mode = moloch_config_str(NULL, "simpleEncoding", NULL);
simpleKEKId = moloch_config_str(NULL, "simpleKEKId", NULL);
if (simpleKEKId) {
char *key = moloch_config_section_str(NULL, "keks", simpleKEKId, NULL);
if (!key) {
LOGEXIT("No kek with id '%s' found in keks config section", simpleKEKId);
}
simpleKEKLen = EVP_BytesToKey(EVP_aes_192_cbc(), EVP_md5(), NULL, (uint8_t *)key, strlen(key), 1, simpleKEK, simpleIV);
}
if (mode == NULL) {
} else if (strcmp(mode, "aes-256-ctr") == 0) {
if (!simpleKEKId)
LOGEXIT("Must set simpleKEKId");
simpleMode = MOLOCH_SIMPLE_AES256CTR;
cipher = EVP_aes_256_ctr();
} else if (strcmp(mode, "xor-2048") == 0) {
if (!simpleKEKId)
LOGEXIT("Must set simpleKEKId");
LOG("WARNING - simpleEncoding of xor-2048 is not actually secure");
simpleMode = MOLOCH_SIMPLE_XOR2048;
} else {
LOGEXIT("Unknown simpleEncoding '%s'", mode);
}
pageSize = getpagesize();
if (config.pcapWriteSize % pageSize != 0) {
config.pcapWriteSize = ((config.pcapWriteSize + pageSize - 1) / pageSize) * pageSize;
LOG ("INFO: Reseting pcapWriteSize to %u since it must be a multiple of %u", config.pcapWriteSize, pageSize);
}
DLL_INIT(simple_, &simpleQ);
int thread;
for (thread = 0; thread < config.packetThreads; thread++) {
DLL_INIT(simple_, &freeList[thread]);
MOLOCH_LOCK_INIT(freeList[thread].lock);
}
g_thread_new("moloch-simple", &writer_simple_thread, NULL);
}
void *moloch_http_create_server(const char *hostnames, int maxConns, int maxOutstandingRequests, int compress)
{
MolochHttpServer_t *server = MOLOCH_TYPE_ALLOC0(MolochHttpServer_t);
server->names = g_strsplit(hostnames, ",", 0);
uint32_t i;
for (i = 0; server->names[i]; i++) {
// Count entries
}
server->namesCnt = i;
server->maxConns = maxConns;
server->maxOutstandingRequests = maxOutstandingRequests;
server->compress = compress;
server->snames = malloc(server->namesCnt * sizeof(MolochHttpServer_t));
server->maxRetries = 3;
for (i = 0; server->names[i]; i++) {
server->snames[i].server = server;
server->snames[i].name = server->names[i];
server->snames[i].allowedAtSeconds = 0;
}
server->multi = curl_multi_init();
curl_multi_setopt(server->multi, CURLMOPT_SOCKETFUNCTION, moloch_http_curlm_socket_callback);
curl_multi_setopt(server->multi, CURLMOPT_SOCKETDATA, server);
curl_multi_setopt(server->multi, CURLMOPT_TIMERFUNCTION, moloch_http_curlm_timeout_callback);
curl_multi_setopt(server->multi, CURLMOPT_TIMERDATA, server);
curl_multi_setopt(server->multi, CURLMOPT_MAX_TOTAL_CONNECTIONS, server->maxConns);
curl_multi_setopt(server->multi, CURLMOPT_MAXCONNECTS, server->maxConns);
server->multiTimer = g_timeout_add(50, moloch_http_timer_callback, server);
server->fd2ev = g_hash_table_new(NULL, NULL);
MOLOCH_LOCK_INIT(server->syncRequest);
return server;
}
void moloch_session_init()
{
uint32_t primes[] = {10007, 49999, 99991, 199799, 400009, 500009, 732209, 1092757, 1299827, 1500007, 1987411, 2999999};
int p;
for (p = 0; p < 12; p++) {
if (primes[p] >= config.maxStreams/2)
break;
}
if (p == 12) p = 11;
protocolField = moloch_field_define("general", "termfield",
"protocols", "Protocols", "prot-term",
"Protocols set for session",
MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_COUNT | MOLOCH_FIELD_FLAG_LINKED_SESSIONS,
NULL);
if (config.debug)
LOG("session hash size %d", primes[p]);
int t;
for (t = 0; t < config.packetThreads; t++) {
HASHP_INIT(h_, sessions[t][SESSION_UDP], primes[p], moloch_session_hash, moloch_session_cmp);
HASHP_INIT(h_, sessions[t][SESSION_TCP], primes[p], moloch_session_hash, moloch_session_cmp);
HASHP_INIT(h_, sessions[t][SESSION_ICMP], primes[p], moloch_session_hash, moloch_session_cmp);
DLL_INIT(q_, &sessionsQ[t][SESSION_UDP]);
DLL_INIT(q_, &sessionsQ[t][SESSION_TCP]);
DLL_INIT(q_, &sessionsQ[t][SESSION_ICMP]);
DLL_INIT(tcp_, &tcpWriteQ[t]);
DLL_INIT(q_, &closingQ[t]);
DLL_INIT(cmd_, &sessionCmds[t]);
MOLOCH_LOCK_INIT(sessionCmds[t].lock);
}
moloch_add_can_quit(moloch_session_cmd_outstanding, "session commands outstanding");
moloch_add_can_quit(moloch_session_close_outstanding, "session close outstanding");
moloch_add_can_quit(moloch_session_need_save_outstanding, "session save outstanding");
}
LOCAL void suricata_alerts_init()
{
alerts.num = SURICATA_HASH_SIZE;
MOLOCH_LOCK_INIT(alerts.lock);
}
void reader_tpacketv3_init(char *UNUSED(name))
{
int i;
int blocksize = moloch_config_int(NULL, "tpacketv3BlockSize", 1<<21, 1<<16, 1<<31);
numThreads = moloch_config_int(NULL, "tpacketv3NumThreads", 2, 1, 6);
if (blocksize % getpagesize() != 0) {
LOGEXIT("block size %d not divisible by pagesize %d", blocksize, getpagesize());
}
if (blocksize % config.snapLen != 0) {
LOGEXIT("block size %d not divisible by %d", blocksize, config.snapLen);
}
moloch_packet_set_linksnap(1, config.snapLen);
pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
if (config.bpf) {
if (pcap_compile(dpcap, &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOGEXIT("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(dpcap));
}
}
for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
MOLOCH_LOCK_INIT(infos[i].lock);
int ifindex = if_nametoindex(config.interface[i]);
infos[i].fd = socket(AF_PACKET, SOCK_RAW, 0);
int version = TPACKET_V3;
if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_VERSION, &version, sizeof(version)) < 0)
LOGEXIT("Error setting TPACKET_V3, might need a newer kernel: %s", strerror(errno));
memset(&infos[i].req, 0, sizeof(infos[i].req));
infos[i].req.tp_block_size = blocksize;
infos[i].req.tp_block_nr = numThreads*64;
infos[i].req.tp_frame_size = config.snapLen;
infos[i].req.tp_frame_nr = (blocksize * infos[i].req.tp_block_nr) / infos[i].req.tp_frame_size;
infos[i].req.tp_retire_blk_tov = 60;
infos[i].req.tp_feature_req_word = 0;
if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_RX_RING, &infos[i].req, sizeof(infos[i].req)) < 0)
LOGEXIT("Error setting PACKET_RX_RING: %s", strerror(errno));
struct packet_mreq mreq;
memset(&mreq, 0, sizeof(mreq));
mreq.mr_ifindex = ifindex;
mreq.mr_type = PACKET_MR_PROMISC;
if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
LOGEXIT("Error setting PROMISC: %s", strerror(errno));
if (config.bpf) {
struct sock_fprog fcode;
fcode.len = bpf.bf_len;
fcode.filter = (struct sock_filter *)bpf.bf_insns;
if (setsockopt(infos[i].fd, SOL_SOCKET, SO_ATTACH_FILTER, &fcode, sizeof(fcode)) < 0)
LOGEXIT("Error setting SO_ATTACH_FILTER: %s", strerror(errno));
}
infos[i].map = mmap64(NULL, infos[i].req.tp_block_size * infos[i].req.tp_block_nr,
PROT_READ | PROT_WRITE, MAP_SHARED | MAP_LOCKED, infos[i].fd, 0);
if (unlikely(infos[i].map == MAP_FAILED)) {
LOGEXIT("ERROR - MMap64 failure in reader_tpacketv3_init, %d: %s",errno, strerror(errno));
}
infos[i].rd = malloc(infos[i].req.tp_block_nr * sizeof(struct iovec));
uint16_t j;
for (j = 0; j < infos[i].req.tp_block_nr; j++) {
infos[i].rd[j].iov_base = infos[i].map + (j * infos[i].req.tp_block_size);
infos[i].rd[j].iov_len = infos[i].req.tp_block_size;
}
struct sockaddr_ll ll;
memset(&ll, 0, sizeof(ll));
ll.sll_family = PF_PACKET;
ll.sll_protocol = htons(ETH_P_ALL);
ll.sll_ifindex = ifindex;
if (bind(infos[i].fd, (struct sockaddr *) &ll, sizeof(ll)) < 0)
LOGEXIT("Error binding %s: %s", config.interface[i], strerror(errno));
}
if (i == MAX_INTERFACES) {
LOGEXIT("Only support up to %d interfaces", MAX_INTERFACES);
}
moloch_reader_start = reader_tpacketv3_start;
moloch_reader_stop = reader_tpacketv3_stop;
moloch_reader_stats = reader_tpacketv3_stats;
}
