MolochDropHash_t *moloch_drophash_init (int num, char isIp4) { MolochDropHash_t *hash; hash = MOLOCH_TYPE_ALLOC(MolochDropHash_t); hash->num = num; hash->isIp4 = isIp4; hash->heads = MOLOCH_SIZE_ALLOC0("heads", num * sizeof(MolochDropHashItem_t *)); hash->deleted = NULL; MOLOCH_LOCK_INIT(hash->lock); return hash; }
void writer_simple_init(char *UNUSED(name)) { moloch_writer_queue_length = writer_simple_queue_length; moloch_writer_exit = writer_simple_exit; moloch_writer_write = writer_simple_write; char *mode = moloch_config_str(NULL, "simpleEncoding", NULL); simpleKEKId = moloch_config_str(NULL, "simpleKEKId", NULL); if (simpleKEKId) { char *key = moloch_config_section_str(NULL, "keks", simpleKEKId, NULL); if (!key) { LOGEXIT("No kek with id '%s' found in keks config section", simpleKEKId); } simpleKEKLen = EVP_BytesToKey(EVP_aes_192_cbc(), EVP_md5(), NULL, (uint8_t *)key, strlen(key), 1, simpleKEK, simpleIV); } if (mode == NULL) { } else if (strcmp(mode, "aes-256-ctr") == 0) { if (!simpleKEKId) LOGEXIT("Must set simpleKEKId"); simpleMode = MOLOCH_SIMPLE_AES256CTR; cipher = EVP_aes_256_ctr(); } else if (strcmp(mode, "xor-2048") == 0) { if (!simpleKEKId) LOGEXIT("Must set simpleKEKId"); LOG("WARNING - simpleEncoding of xor-2048 is not actually secure"); simpleMode = MOLOCH_SIMPLE_XOR2048; } else { LOGEXIT("Unknown simpleEncoding '%s'", mode); } pageSize = getpagesize(); if (config.pcapWriteSize % pageSize != 0) { config.pcapWriteSize = ((config.pcapWriteSize + pageSize - 1) / pageSize) * pageSize; LOG ("INFO: Reseting pcapWriteSize to %u since it must be a multiple of %u", config.pcapWriteSize, pageSize); } DLL_INIT(simple_, &simpleQ); int thread; for (thread = 0; thread < config.packetThreads; thread++) { DLL_INIT(simple_, &freeList[thread]); MOLOCH_LOCK_INIT(freeList[thread].lock); } g_thread_new("moloch-simple", &writer_simple_thread, NULL); }
void *moloch_http_create_server(const char *hostnames, int maxConns, int maxOutstandingRequests, int compress) { MolochHttpServer_t *server = MOLOCH_TYPE_ALLOC0(MolochHttpServer_t); server->names = g_strsplit(hostnames, ",", 0); uint32_t i; for (i = 0; server->names[i]; i++) { // Count entries } server->namesCnt = i; server->maxConns = maxConns; server->maxOutstandingRequests = maxOutstandingRequests; server->compress = compress; server->snames = malloc(server->namesCnt * sizeof(MolochHttpServer_t)); server->maxRetries = 3; for (i = 0; server->names[i]; i++) { server->snames[i].server = server; server->snames[i].name = server->names[i]; server->snames[i].allowedAtSeconds = 0; } server->multi = curl_multi_init(); curl_multi_setopt(server->multi, CURLMOPT_SOCKETFUNCTION, moloch_http_curlm_socket_callback); curl_multi_setopt(server->multi, CURLMOPT_SOCKETDATA, server); curl_multi_setopt(server->multi, CURLMOPT_TIMERFUNCTION, moloch_http_curlm_timeout_callback); curl_multi_setopt(server->multi, CURLMOPT_TIMERDATA, server); curl_multi_setopt(server->multi, CURLMOPT_MAX_TOTAL_CONNECTIONS, server->maxConns); curl_multi_setopt(server->multi, CURLMOPT_MAXCONNECTS, server->maxConns); server->multiTimer = g_timeout_add(50, moloch_http_timer_callback, server); server->fd2ev = g_hash_table_new(NULL, NULL); MOLOCH_LOCK_INIT(server->syncRequest); return server; }
void moloch_session_init() { uint32_t primes[] = {10007, 49999, 99991, 199799, 400009, 500009, 732209, 1092757, 1299827, 1500007, 1987411, 2999999}; int p; for (p = 0; p < 12; p++) { if (primes[p] >= config.maxStreams/2) break; } if (p == 12) p = 11; protocolField = moloch_field_define("general", "termfield", "protocols", "Protocols", "prot-term", "Protocols set for session", MOLOCH_FIELD_TYPE_STR_HASH, MOLOCH_FIELD_FLAG_COUNT | MOLOCH_FIELD_FLAG_LINKED_SESSIONS, NULL); if (config.debug) LOG("session hash size %d", primes[p]); int t; for (t = 0; t < config.packetThreads; t++) { HASHP_INIT(h_, sessions[t][SESSION_UDP], primes[p], moloch_session_hash, moloch_session_cmp); HASHP_INIT(h_, sessions[t][SESSION_TCP], primes[p], moloch_session_hash, moloch_session_cmp); HASHP_INIT(h_, sessions[t][SESSION_ICMP], primes[p], moloch_session_hash, moloch_session_cmp); DLL_INIT(q_, &sessionsQ[t][SESSION_UDP]); DLL_INIT(q_, &sessionsQ[t][SESSION_TCP]); DLL_INIT(q_, &sessionsQ[t][SESSION_ICMP]); DLL_INIT(tcp_, &tcpWriteQ[t]); DLL_INIT(q_, &closingQ[t]); DLL_INIT(cmd_, &sessionCmds[t]); MOLOCH_LOCK_INIT(sessionCmds[t].lock); } moloch_add_can_quit(moloch_session_cmd_outstanding, "session commands outstanding"); moloch_add_can_quit(moloch_session_close_outstanding, "session close outstanding"); moloch_add_can_quit(moloch_session_need_save_outstanding, "session save outstanding"); }
LOCAL void suricata_alerts_init() { alerts.num = SURICATA_HASH_SIZE; MOLOCH_LOCK_INIT(alerts.lock); }
void reader_tpacketv3_init(char *UNUSED(name)) { int i; int blocksize = moloch_config_int(NULL, "tpacketv3BlockSize", 1<<21, 1<<16, 1<<31); numThreads = moloch_config_int(NULL, "tpacketv3NumThreads", 2, 1, 6); if (blocksize % getpagesize() != 0) { LOGEXIT("block size %d not divisible by pagesize %d", blocksize, getpagesize()); } if (blocksize % config.snapLen != 0) { LOGEXIT("block size %d not divisible by %d", blocksize, config.snapLen); } moloch_packet_set_linksnap(1, config.snapLen); pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen); if (config.bpf) { if (pcap_compile(dpcap, &bpf, config.bpf, 1, PCAP_NETMASK_UNKNOWN) == -1) { LOGEXIT("ERROR - Couldn't compile filter: '%s' with %s", config.bpf, pcap_geterr(dpcap)); } } for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) { MOLOCH_LOCK_INIT(infos[i].lock); int ifindex = if_nametoindex(config.interface[i]); infos[i].fd = socket(AF_PACKET, SOCK_RAW, 0); int version = TPACKET_V3; if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_VERSION, &version, sizeof(version)) < 0) LOGEXIT("Error setting TPACKET_V3, might need a newer kernel: %s", strerror(errno)); memset(&infos[i].req, 0, sizeof(infos[i].req)); infos[i].req.tp_block_size = blocksize; infos[i].req.tp_block_nr = numThreads*64; infos[i].req.tp_frame_size = config.snapLen; infos[i].req.tp_frame_nr = (blocksize * infos[i].req.tp_block_nr) / infos[i].req.tp_frame_size; infos[i].req.tp_retire_blk_tov = 60; infos[i].req.tp_feature_req_word = 0; if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_RX_RING, &infos[i].req, sizeof(infos[i].req)) < 0) LOGEXIT("Error setting PACKET_RX_RING: %s", strerror(errno)); struct packet_mreq mreq; memset(&mreq, 0, sizeof(mreq)); mreq.mr_ifindex = ifindex; mreq.mr_type = PACKET_MR_PROMISC; if (setsockopt(infos[i].fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) LOGEXIT("Error setting PROMISC: %s", strerror(errno)); if (config.bpf) { struct sock_fprog fcode; fcode.len = bpf.bf_len; fcode.filter = (struct sock_filter *)bpf.bf_insns; if (setsockopt(infos[i].fd, SOL_SOCKET, SO_ATTACH_FILTER, &fcode, sizeof(fcode)) < 0) LOGEXIT("Error setting SO_ATTACH_FILTER: %s", strerror(errno)); } infos[i].map = mmap64(NULL, infos[i].req.tp_block_size * infos[i].req.tp_block_nr, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_LOCKED, infos[i].fd, 0); if (unlikely(infos[i].map == MAP_FAILED)) { LOGEXIT("ERROR - MMap64 failure in reader_tpacketv3_init, %d: %s",errno, strerror(errno)); } infos[i].rd = malloc(infos[i].req.tp_block_nr * sizeof(struct iovec)); uint16_t j; for (j = 0; j < infos[i].req.tp_block_nr; j++) { infos[i].rd[j].iov_base = infos[i].map + (j * infos[i].req.tp_block_size); infos[i].rd[j].iov_len = infos[i].req.tp_block_size; } struct sockaddr_ll ll; memset(&ll, 0, sizeof(ll)); ll.sll_family = PF_PACKET; ll.sll_protocol = htons(ETH_P_ALL); ll.sll_ifindex = ifindex; if (bind(infos[i].fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) LOGEXIT("Error binding %s: %s", config.interface[i], strerror(errno)); } if (i == MAX_INTERFACES) { LOGEXIT("Only support up to %d interfaces", MAX_INTERFACES); } moloch_reader_start = reader_tpacketv3_start; moloch_reader_stop = reader_tpacketv3_stop; moloch_reader_stats = reader_tpacketv3_stats; }