static gboolean discovery_client_read(GIOChannel* source, GIOCondition condition, gpointer user_data) { DiscoveryClient* self = DISCOVERY_CLIENT(user_data); gint length; GInetAddr *src; gint port; const gchar* host; /* Receive the packet waiting for us */ length = gnet_udp_socket_receive(self->socket, self->buffer, self->buffer_size, &src); self->buffer[self->buffer_size - 1] = '\0'; /* Ignore it if it doesn't exactly match our service. * It will have a 16-bit port number after the service name, * we ignore that at this point. */ if (length != strlen(self->service_name) + 3) return TRUE; if (strncmp(self->service_name, self->buffer, self->buffer_size)) return TRUE; /* Yay, a service responded. Extract the host and port, and * invoke our owner's callback function. */ port = self->buffer[length-1] | (self->buffer[length-2] << 8); host = gnet_inetaddr_get_canonical_name(src); self->callback(self, host, port, self->user_data); return TRUE; }
void handle_client(GTcpSocket *client) { RequestHeader *request_header; GIOChannel *ioclient; GInetAddr *addr; GIOError error; GPtrArray *request_query; gchar* name; gint port; gchar read_buffer[1024]; gchar write_buffer[1024]; gsize read_buffer_n; gsize write_buffer_n; ioclient = gnet_tcp_socket_get_io_channel(client); g_assert (ioclient); addr = gnet_tcp_socket_get_remote_inetaddr(client); g_assert (addr); name = gnet_inetaddr_get_canonical_name (addr); g_assert (name); port = gnet_inetaddr_get_port (addr); g_print ("Accepted connection from %s:%d\n", name, port); g_free(name); request_query = g_ptr_array_new(); while ((error = gnet_io_channel_readline(ioclient, read_buffer, sizeof(read_buffer), &read_buffer_n)) == G_IO_ERROR_NONE && (read_buffer_n > 0)) { if(g_strcmp0(read_buffer, BLANK_LINE) == 0) { break; }else { g_ptr_array_add(request_query, g_strdup(read_buffer)); } } request_header = voy_request_header_initialize(); voy_request_header_create(request_query, request_header); voy_request_header_print(request_header); g_stpcpy(write_buffer, "HTTP/1.0 200 OK\r\nContent-type: text/html; charset=utf-8\r\n\r\n<h1>Hello from server!</h1>"); write_buffer_n = strlen(write_buffer); gnet_io_channel_writen(ioclient, write_buffer, write_buffer_n, &write_buffer_n); g_ptr_array_free(request_query, TRUE); gnet_inetaddr_delete (addr); voy_request_header_free(request_header); }
/* initialize GNet testing */ static void gnet_check_init (int *argc, char **argv[]) { gnet_init (); /* GST_DEBUG_CATEGORY_INIT (check_debug, "check", 0, "check regression tests"); */ if (g_getenv ("GNET_TEST_DEBUG")) _gnet_check_debug = TRUE; if (g_getenv ("SOCKS_SERVER")) { GInetAddr *ia; ia = gnet_socks_get_server (); if (ia) { gchar *name; name = gnet_inetaddr_get_canonical_name (ia); g_print ("\nUsing SOCKS %u proxy: %s\n", gnet_socks_get_version(), name); g_free (name); gnet_inetaddr_unref (ia); gnet_socks_set_enabled (TRUE); } } g_log_set_handler (NULL, G_LOG_LEVEL_MESSAGE, gnet_check_log_message_func, NULL); g_log_set_handler (NULL, G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING, gnet_check_log_critical_func, NULL); g_log_set_handler ("GNet", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING, gnet_check_log_critical_func, NULL); g_log_set_handler ("GLib", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING, gnet_check_log_critical_func, NULL); g_log_set_handler ("GLib-GObject", G_LOG_LEVEL_CRITICAL | G_LOG_LEVEL_WARNING, gnet_check_log_critical_func, NULL); check_cond = g_cond_new (); check_mutex = g_mutex_new (); }
GTcpSocket* initialize_server(gint server_port) { GTcpSocket *server; GInetAddr *addr; gint port; gchar *name; server = gnet_tcp_socket_server_new_with_port(server_port); addr = gnet_tcp_socket_get_local_inetaddr(server); g_assert(addr); name = gnet_inetaddr_get_canonical_name(addr); g_assert(name); port = gnet_inetaddr_get_port(addr); g_print("Voyager1 started at %s:%d\n\n", name, port); gnet_inetaddr_delete (addr); g_free(name); return server; }
static void ob_server_func (GServer* server, GServerStatus status, struct _GConn* conn, gpointer user_data) { switch (status) { case GNET_SERVER_STATUS_CONNECT: { if (debug) { LOG(LOG_DEBUG, "New connection from %s", gnet_inetaddr_get_canonical_name(conn->inetaddr)); } conn->func = ob_client_func; conn->user_data = calloc(1, sizeof(struct conn_stat)); gnet_conn_write (conn, strdup(hello), strlen(hello), 0); gnet_conn_readline (conn, NULL, 1024, 30000); break; } case GNET_SERVER_STATUS_ERROR: { gnet_server_delete (server); exit (1); break; } } }
int main(int argc, char** argv) { gchar* hostname; gint port; GInetAddr* addr; GTcpSocket* socket; GIOChannel* iochannel; GIOError error = G_IO_ERROR_NONE; gchar buffer[1024]; gsize n; gnet_init (); /* Parse args */ if (argc != 3) { g_print ("usage: %s <server> <port>\n", argv[0]); exit(EXIT_FAILURE); } hostname = argv[1]; port = atoi(argv[2]); /* Create the address */ addr = gnet_inetaddr_new (hostname, port); if (!addr) { fprintf (stderr, "Error: Name lookup for %s failed\n", hostname); exit (EXIT_FAILURE); } /* Create the socket */ socket = gnet_tcp_socket_new (addr); gnet_inetaddr_delete (addr); if (!socket) { fprintf (stderr, "Error: Could not connect to %s:%d\n", hostname, port); exit (EXIT_FAILURE); } #if 0 { gchar* cname; /* Print local address */ addr = gnet_tcp_socket_get_local_inetaddr (socket); g_assert (addr); cname = gnet_inetaddr_get_canonical_name (addr); g_assert (cname); g_print ("Local address: %s:%d\n", cname, gnet_inetaddr_get_port(addr)); g_free (cname); gnet_inetaddr_delete (addr); /* Print remote address */ addr = gnet_tcp_socket_get_remote_inetaddr (socket); g_assert (addr); cname = gnet_inetaddr_get_canonical_name (addr); g_assert (cname); g_print ("Remote address: %s:%d\n", cname, gnet_inetaddr_get_port(addr)); g_free (cname); gnet_inetaddr_delete (addr); } #endif /* Get the IOChannel */ iochannel = gnet_tcp_socket_get_io_channel (socket); g_assert (iochannel != NULL); while (fgets(buffer, sizeof(buffer), stdin) != 0) { n = strlen(buffer); error = gnet_io_channel_writen (iochannel, buffer, n, &n); if (error != G_IO_ERROR_NONE) break; error = gnet_io_channel_readn (iochannel, buffer, n, &n); if (error != G_IO_ERROR_NONE) break; if (fwrite(buffer, n, 1, stdout) != 1) { fprintf (stderr, "Error: fwrite to stdout failed: %s\n", g_strerror (errno)); } } if (error != G_IO_ERROR_NONE) fprintf (stderr, "Error: IO error (%d)\n", error); gnet_tcp_socket_delete (socket); return 0; }
gpointer sim_connect_send_alarm(gpointer data) { int i; if (!config) { if (data) { config = (SimConfig*) data; } } SimEvent* event = NULL; GTcpSocket* socket = NULL; GIOChannel* iochannel = NULL; GIOError error; GIOCondition conds; gchar *buffer = NULL; gchar *aux = NULL; gsize n; GList *notifies = NULL; gint risk; gchar *ip_src = NULL; gchar *ip_dst = NULL; //gchar time[TIMEBUF_SIZE]; gchar *timestamp; gchar * aux_time; //timestamp = time; gchar *hostname; gint port; GInetAddr* addr = NULL; hostname = g_strdup(config->framework.host); port = config->framework.port; gint iter = 0; void* old_action; for (;;) //Pop events for ever { GString *st; int inx = 0; event = (SimEvent*) sim_container_pop_ar_event(ossim.container); if (!event) { g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: No event", __FUNCTION__); continue; } base64_param base64_params[N_TEXT_FIELDS]; for (i = 0; i < N_TEXT_FIELDS; i++) { if (event->textfields[i] != NULL) { base64_params[i].key = g_strdup(sim_text_field_get_name(i)); base64_params[i].base64data = g_strdup(event->textfields[i]); g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s:%d %s=\"%s\"", __FILE__, __LINE__, sim_text_field_get_name(i), event->textfields[i]); } else { base64_params[i].key = '\0'; base64_params[i].base64data = '\0'; } } // Send max risk // i.e., to avoid risk=0 when destination is 0.0.0.0 if (event->risk_a > event->risk_c) { risk = event->risk_a; } else { risk = event->risk_c; } /* String to be sent */ if (event->time_str) { g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: event->time_str %s", event->time_str); aux_time = g_strdup(event->time_str); timestamp = aux_time; } if (event->time) { g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: event->time %d", event->time); timestamp = g_new0(gchar, 26); strftime (timestamp, TIMEBUF_SIZE, "%Y-%m-%d %H:%M:%S", gmtime ((time_t *) &event->time)); } if (event->src_ia) { ip_src = gnet_inetaddr_get_canonical_name(event->src_ia); } else { ip_src = g_strdup_printf("0.0.0.0"); } if (event->dst_ia) { ip_dst = gnet_inetaddr_get_canonical_name(event->dst_ia); } else { ip_dst = g_strdup_printf("0.0.0.0"); } //FIXME? In a future, Policy will substitute this and this won't be neccesary. Also is needed to check //if this funcionality is really interesting // if (event->policy) { aux = g_strdup_printf( "event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"", timestamp, event->plugin_id, event->plugin_sid, risk, event->priority, event->reliability, event->id, event->backlog_id, ip_src, event->src_port, ip_dst, event->dst_port, event->protocol, event->sensor, sim_policy_get_has_actions(event->policy), sim_policy_get_id( event->policy)); } else { //If there aren't any policy associated, the policy and the action number will be 0 aux = g_strdup_printf( "event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"", timestamp, event->plugin_id, event->plugin_sid, risk, event->priority, event->reliability, event->id, event->backlog_id, ip_src, event->src_port, ip_dst, event->dst_port, event->protocol, event->sensor, 0, 0); } g_free(ip_src); g_free(ip_dst); g_free(timestamp); st = g_string_new(aux); for (inx = 0; inx < G_N_ELEMENTS(base64_params); inx++) { if (base64_params[inx].base64data) { g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: %u:%s %p", __FUNCTION__, inx, base64_params[inx].base64data, base64_params[inx].base64data); g_string_append_printf( st, " %s=\"%s\"", base64_params[inx].key, base64_params[inx].base64data != NULL ? base64_params[inx].base64data : ""); g_free(base64_params[inx].base64data); /* we dont't need the data, anymore, so free it*/ } }//end for nelements g_string_append(st, "\n"); buffer = g_string_free(st, FALSE); if (!buffer) { g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: message error"); g_free(aux); continue; } g_free(aux); aux = NULL; //old way was creating a new socket and giochannel for each alarm. //now a persistent giochannel is used. //iochannel = gnet_tcp_socket_get_io_channel (socket); if (iochannel) { conds = g_io_channel_get_buffer_condition(iochannel); } if (!iochannel || sigpipe_received || (conds & G_IO_HUP) || (conds & G_IO_ERR)) { //Loop to get a connection do { if (sigpipe_received) { if (socket) { gnet_tcp_socket_delete(socket); } sigpipe_received = FALSE; iochannel = FALSE; } // if not, create socket and iochannel from config and store to get a persistent connection. g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: invalid iochannel.(%d)", iter); g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: trying to create a new iochannel.(%d)", iter); if (!hostname) { //FIXME: may be that this host hasn't got any frameworkd. If the event is forwarded to other server, it will be sended to the //other server framework (supposed it has a defined one). g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: Hostname error, reconnecting in 3secs (%d)", iter); hostname = g_strdup(config->framework.host); sleep(3); continue; } if (addr) { g_free(addr); } addr = gnet_inetaddr_new_nonblock(hostname, port); if (!addr) { g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: Error creating the address, trying in 3secs(%d)", iter); sleep(3); continue; } socket = gnet_tcp_socket_new(addr); if (!socket) { g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: Error creating socket(1), reconnecting in 3 secs..(%d)", iter); iochannel = NULL; socket = NULL; sleep(3); continue; } else { iochannel = gnet_tcp_socket_get_io_channel(socket); if (!iochannel) { g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: Error creating iochannel, reconnecting in 3 secs..(%d)", iter); if (socket) { gnet_tcp_socket_delete(socket); } socket = NULL; iochannel = NULL; sleep(3); continue; } else { sigpipe_received = FALSE; g_log( G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: new iochannel created. Returning %x (%d)", iochannel, iter); } } iter++; } while (!iochannel); } //g_assert (iochannel != NULL); n = strlen(buffer); g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: Message to send: %s, (len=%d)", buffer, n); //signals actually not used // old_action=signal(SIGPIPE, pipe_handler); sim_util_block_signal(SIGPIPE); error = gnet_io_channel_writen(iochannel, buffer, n, &n); sim_util_unblock_signal(SIGPIPE); //error = gnet_io_channel_readn (iochannel, buffer, n, &n); //fwrite(buffer, n, 1, stdout); if (error != G_IO_ERROR_NONE) { //back to the queue so we dont loose the action/response g_object_ref(event); sim_container_push_ar_event(ossim.container, event); g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: message could not be sent.. reseting"); /* if(buffer) g_free (buffer); g_free (aux); */ gnet_tcp_socket_delete(socket); iochannel = NULL; } else g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_connect_send_alarm: message sent succesfully: %s", buffer); //Cose conn if (buffer) g_free(buffer); if (aux) g_free(aux); buffer = NULL; aux = NULL; //gnet_tcp_socket_delete (socket); //iochannel=NULL; if (event) g_object_unref(event); } }
int ob_client_func (GConn* conn, GConnStatus status, gchar* buffer, gint length, gpointer user_data) { struct conn_stat *cs = (struct conn_stat *)user_data; int i = length-1; while (i > 0 && isspace(buffer[i])) { buffer[i--] = 0; } switch (status) { case GNET_CONN_STATUS_READ: { //fprintf(stderr, "user_data: %d %s %s\n", cs->state, cs->user, cs->pwd); if (cs->state != STATE_DATA && !strncasecmp(buffer, "QUIT", 4)) { gnet_conn_write (conn, strdup(bye), strlen(bye), 0); cs->state = STATE_EXIT; break; } switch (cs->state) { case STATE_INIT: cs->state = STATE_USER; case STATE_USER: if (strncasecmp(buffer, "USER ", 5)) { gnet_conn_write (conn, strdup(errhello), strlen(errhello), 0); } else { strncpy(cs->user, buffer+5, sizeof(cs->user)); cs->state = STATE_PWD; gnet_conn_write (conn, strdup(askpwd), strlen(askpwd), 0); } break; case STATE_PWD: if (strncasecmp(buffer, "PASS ", 5)) { gnet_conn_write (conn, strdup(erraskpwd), strlen(erraskpwd), 0); break; } strncpy(cs->pwd, buffer+5, sizeof(cs->pwd)); /* check the password first */ if (!uw_password_ok(cs->user, cs->pwd)) { LOG(LOG_NOTICE, "%s: password failure (%s/%s)", gnet_inetaddr_get_canonical_name(conn->inetaddr), cs->user, cs->pwd); gnet_conn_write (conn, strdup(errbye), strlen(errbye), 0); cs->state = STATE_EXIT; break; } cs->state = STATE_DATA; cs->sp_info = spool_open(OPT_ARG(SPOOLDIR), OPT_ARG(OUTPUT)); if (cs->sp_info == NULL) { gnet_conn_write (conn, strdup(spoolerr), strlen(spoolerr), 0); cs->state = STATE_EXIT; break; } gnet_conn_write (conn, strdup(askdata), strlen(askdata), 0); break; case STATE_DATA: if (!strncasecmp(buffer, ".", 1)) { char *targfilename = strdup(spool_targfilename(cs->sp_info)); if (!spool_close(cs->sp_info, TRUE)) { gnet_conn_write (conn, strdup(spoolerr), strlen(spoolerr), 0); } else { if (debug) LOG(LOG_DEBUG, "spooled to %s", targfilename); } free(targfilename); gnet_conn_write (conn, strdup(bye), strlen(bye), 0); cs->state = STATE_EXIT; } else { if (!spool_printf(cs->sp_info, "%s\n", buffer)) { spool_close(cs->sp_info, FALSE); cs->state = STATE_ERROR; } } break; case STATE_ERROR: if (!strncasecmp(buffer, ".", 1)) { gnet_conn_write (conn, strdup(errbye), strlen(errbye), 0); cs->state = STATE_EXIT; } } break; } case GNET_CONN_STATUS_WRITE: { g_free (buffer); if (cs->state == STATE_EXIT) { if (debug) { LOG(LOG_DEBUG, "%s closed connection", gnet_inetaddr_get_canonical_name(conn->inetaddr)); } free(conn->user_data); gnet_conn_delete (conn, TRUE); } break; } case GNET_CONN_STATUS_CLOSE: case GNET_CONN_STATUS_TIMEOUT: case GNET_CONN_STATUS_ERROR: { if (cs->state == STATE_DATA || cs->state == STATE_ERROR) { spool_close(cs->sp_info, FALSE); if (debug) { LOG(LOG_DEBUG, "%s unexpected end of input", gnet_inetaddr_get_canonical_name(conn->inetaddr)); } } else { if (debug && cs->state != STATE_DATA) { LOG(LOG_DEBUG, "%s unexpected close", gnet_inetaddr_get_canonical_name(conn->inetaddr)); } } free(conn->user_data); gnet_conn_delete (conn, TRUE); break; } default: g_assert_not_reached (); } return TRUE; /* TRUE means read more if status was read, otherwise its ignored */ }
gchar* sim_event_to_string(SimEvent *event) { GString *str; gchar *ip; gchar * base64; gint base64_len; gchar uuidtext[37]; int i; g_return_if_fail(event); g_return_if_fail(SIM_IS_EVENT (event)); gchar *e_filename = NULL, *e_username = NULL, *e_password = NULL; gchar *e_userdata1 = NULL, *e_userdata2 = NULL, *e_userdata3 = NULL, *e_userdata4 = NULL; gchar *e_userdata5 = NULL, *e_userdata6 = NULL, *e_userdata7 = NULL, *e_userdata8 = NULL; gchar *e_userdata9 = NULL, *e_data = NULL, *e_log = NULL; str = g_string_new("event "); g_string_append_printf(str, "id=\"%u\" ", event->id); g_string_append_printf(str, "alarm=\"%d\" ", event->alarm); gchar *aux = sim_event_get_str_from_type(event->type); if (aux) { g_string_append_printf(str, "type=\"%s\" ", aux); g_free(aux); } g_string_append_printf(str, "date=\"%u\" ", event->time); g_string_append_printf(str, "tzone=\"%4.2f\" ", event->tzone); if (event->time_str) g_string_append_printf(str, "fdate=\"%s\" ", event->time_str); if (event->plugin_id) g_string_append_printf(str, "plugin_id=\"%d\" ", event->plugin_id); if (event->plugin_sid) g_string_append_printf(str, "plugin_sid=\"%d\" ", event->plugin_sid); if (event->src_ia) { ip = gnet_inetaddr_get_canonical_name(event->src_ia); g_string_append_printf(str, "src_ip=\"%s\" ", ip); g_free(ip); } if (event->src_port) g_string_append_printf(str, "src_port=\"%d\" ", event->src_port); if (event->dst_ia) { ip = gnet_inetaddr_get_canonical_name(event->dst_ia); g_string_append_printf(str, "dst_ip=\"%s\" ", ip); g_free(ip); } if (event->dst_port) g_string_append_printf(str, "dst_port=\"%d\" ", event->dst_port); if (event->sensor) g_string_append_printf(str, "sensor=\"%s\" ", event->sensor); if (event->device) g_string_append_printf(str, "device=\"%s\" ", event->device); if (event->interface) g_string_append_printf(str, "interface=\"%s\" ", event->interface); if (event->protocol) { gchar *value = sim_protocol_get_str_from_type(event->protocol); g_string_append_printf(str, "protocol=\"%s\" ", value); g_free(value); } if (event->condition) { gchar *value = sim_condition_get_str_from_type(event->condition); g_string_append_printf(str, "condition=\"%s\" ", value); g_free(value); } if (event->value) g_string_append_printf(str, "value=\"%s\" ", event->value); if (event->interval) g_string_append_printf(str, "interval=\"%d\" ", event->interval); if (event->is_priority_set) g_string_append_printf(str, "priority=\"%d\" ", event->priority); if (event->is_reliability_set) g_string_append_printf(str, "reliability=\"%d\" ", event->reliability); if (event->asset_src) g_string_append_printf(str, "asset_src=\"%d\" ", event->asset_src); if (event->asset_dst) g_string_append_printf(str, "asset_dst=\"%d\" ", event->asset_dst); if (event->risk_c) g_string_append_printf(str, "risk_a=\"%lf\" ", event->risk_a); if (event->risk_a) g_string_append_printf(str, "risk_c=\"%lf\" ", event->risk_c); if (event->snort_sid) g_string_append_printf(str, "snort_sid=\"%u\" ", event->snort_sid); if (event->snort_cid) g_string_append_printf(str, "snort_cid=\"%u\" ", event->snort_cid); // if (event->data) // g_string_append_printf(str, "data=\"%s\" ", event->data); if (event->log && (base64_len = strlen(event->log))) { base64 = g_base64_encode(event->log, base64_len); assert(base64!=NULL); g_string_append_printf(str, "log=\"%s\" ", base64); g_free(base64); } if (event->rep_prio_src) g_string_append_printf(str, "rep_prio_src=\"%u\" ", event->rep_prio_src); if (event->rep_prio_dst) g_string_append_printf(str, "rep_prio_dst=\"%u\" ", event->rep_prio_dst); if (event->rep_rel_src) g_string_append_printf(str, "rep_rel_src=\"%u\" ", event->rep_rel_src); if (event->rep_rel_dst) g_string_append_printf(str, "rep_rel_dst=\"%u\" ", event->rep_rel_dst); if (event->rep_act_src && (base64_len = strlen(event->rep_act_src))) { base64 = g_base64_encode( (guchar*)event->rep_act_src, base64_len); assert (base64 != NULL); g_string_append_printf(str, "rep_act_src=\"%s\" ", base64); g_free(base64); } if (event->rep_act_dst && (base64_len = strlen(event->rep_act_dst))) { base64 = g_base64_encode( (guchar*)event->rep_act_dst, base64_len); assert (base64 != NULL); g_string_append_printf(str, "rep_act_dst=\"%s\" ", base64); g_free(base64); } //g_string_append_printf(str, "log=\"%s\" ", event->log); for (i = 0; i < N_TEXT_FIELDS; i++) { if ((event->textfields[i] != NULL) && (base64_len = strlen(event->textfields[i]))) { base64 = g_base64_encode(event->textfields[i], base64_len); assert(base64!=NULL); g_string_append_printf(str, "%s=\"%s\" ", sim_text_field_get_name(i), base64); g_free(base64); } } if (!uuid_is_null(event->uuid)) { uuid_unparse_upper(event->uuid, uuidtext); g_string_append_printf(str, "uuid=\"%s\" ", uuidtext); } if (event->packet) if (event->packet->payloadlen > 0) { gchar *payload; payload = sim_bin2hex(event->packet->payload, event->packet->payloadlen); g_string_append_printf(str, "payload=\"%s\" ", payload); g_free(payload); } g_string_append_printf(str, "\n"); return g_string_free(str, FALSE); }
void sim_event_print(SimEvent *event) { gchar time[TIMEBUF_SIZE]; gchar *timestamp = time; gchar *ip; int i; g_return_if_fail(event); g_return_if_fail(SIM_IS_EVENT (event)); g_print("event"); switch (event->type) { case SIM_EVENT_TYPE_DETECTOR: g_print(" type=\"D\""); break; case SIM_EVENT_TYPE_MONITOR: g_print(" type=\"M\""); break; case SIM_EVENT_TYPE_NONE: g_print(" type=\"N\""); break; } g_print(" id=\"%d\"", event->id); if (event->time_str) timestamp = event->time_str; else if (event->time) strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time)); g_print(" alarm=\"%d\"", event->alarm); if (event->sensor) g_print(" sensor=\"%s\"", event->sensor); if (event->device) g_print(" device=\"%s\"", event->device); if (event->interface) g_print(" interface=\"%s\"", event->interface); if (event->plugin_id) g_print(" plugin_id=\"%d\"", event->plugin_id); if (event->plugin_sid) g_print(" plugin_sid=\"%d\"", event->plugin_sid); if (event->protocol) g_print(" protocol=\"%d\"", event->protocol); if (event->src_ia) { ip = gnet_inetaddr_get_canonical_name(event->src_ia); g_print(" src_ia=\"%s\"", ip); g_free(ip); } if (event->src_port) g_print(" src_port=\"%d\"", event->src_port); if (event->dst_ia) { ip = gnet_inetaddr_get_canonical_name(event->dst_ia); g_print(" dst_ia=\"%s\"", ip); g_free(ip); } if (event->dst_port) g_print(" dst_port=\"%d\"", event->dst_port); if (event->condition) g_print(" condition=\"%d\"", event->condition); if (event->value) g_print(" value=\"%s\"", event->value); if (event->interval) g_print(" ineterval=\"%d\"", event->interval); if (event->priority) g_print(" priority=\"%d\"", event->priority); if (event->reliability) g_print(" reliability=\"%d\"", event->reliability); if (event->asset_src) g_print(" asset_src=\"%d\"", event->asset_src); if (event->asset_dst) g_print(" asset_dst=\"%d\"", event->asset_dst); if (event->risk_c) g_print(" risk_c=\"%lf\"", event->risk_c); if (event->risk_a) g_print(" risk_a=\"%lf\"", event->risk_a); if (event->snort_sid) g_print(" sid =\"%d\"", event->snort_sid); if (event->snort_cid) g_print(" cid =\"%d\"", event->snort_cid); if (event->data) g_print(" data=\"%s\"", event->data); if (event->rep_prio_src) g_message (" rep_prio_src=\"%u\"", event->rep_prio_src); if (event->rep_prio_dst) g_message (" rep_prio_dst=\"%u\"", event->rep_prio_dst); if (event->rep_rel_src) g_message (" rep_rel_src=\"%u\"", event->rep_rel_src); if (event->rep_rel_dst) g_message (" rep_rel_dst=\"%u\"", event->rep_rel_dst); if (event->rep_act_src) g_message (" rep_act_src=\"%s\"", event->rep_act_src); if (event->rep_act_dst) g_message (" rep_act_dst=\"%s\"", event->rep_act_dst); for (i = 0; i < N_TEXT_FIELDS; i++) { if (event->textfields[i] != NULL) { g_printf(" %s=\"%s\"", sim_text_field_get_name(i), event->textfields[i]); } } if (!uuid_is_null(event->uuid)) { gchar uuidtext[37]; uuid_unparse_upper(event->uuid, uuidtext); g_message(" uuid=\"%s\"", uuidtext); } g_print("\n"); }