int
moloch_hp_cb_on_message_complete (http_parser *parser)
{
HTTPInfo_t *http = parser->data;
MolochSession_t *session = http->session;
#ifdef HTTPDEBUG
LOG("HTTPDEBUG: which: %d", http->which);
#endif
if (pluginsCbs & MOLOCH_PLUGIN_HP_OMC)
moloch_plugins_cb_hp_omc(session, parser);
if (http->inBody & (1 << http->which)) {
const char *md5 = g_checksum_get_string(http->checksum[http->which]);
moloch_field_string_add(md5Field, session, (char*)md5, 32, TRUE);
}
return 0;
}
int
moloch_hp_cb_on_message_complete (http_parser *parser)
{
HTTPInfo_t *http = parser->data;
MolochSession_t *session = http->session;
#ifdef HTTPDEBUG
LOG("HTTPDEBUG: which: %d", session->which);
#endif
if (pluginsCbs & MOLOCH_PLUGIN_HP_OMC)
moloch_plugins_cb_hp_omc(session, parser);
http->header[0][0] = http->header[1][0] = 0;
if (http->urlString) {
char *ch = http->urlString->str;
while (*ch) {
if (*ch < 32) {
moloch_nids_add_tag(session, "http:control-char");
break;
}
ch++;
}
}
if (http->hostString) {
g_string_ascii_down(http->hostString);
}
if (http->urlString && http->hostString) {
char *colon = strchr(http->hostString->str+2, ':');
if (colon) {
moloch_field_string_add(hostField, session, http->hostString->str+2, colon - http->hostString->str-2, TRUE);
} else {
moloch_field_string_add(hostField, session, http->hostString->str+2, http->hostString->len-2, TRUE);
}
char *question = strchr(http->urlString->str, '?');
if (question) {
moloch_field_string_add(pathField, session, http->urlString->str, question - http->urlString->str, TRUE);
char *start = question+1;
char *ch;
int field = keyField;
for (ch = start; *ch; ch++) {
if (*ch == '&') {
if (ch != start && (config.parseQSValue || field == keyField)) {
char *str = g_uri_unescape_segment(start, ch, NULL);
if (!str) {
moloch_field_string_add(field, session, start, ch-start, TRUE);
} else if (!moloch_field_string_add(field, session, str, strlen(str), FALSE)) {
g_free(str);
}
}
start = ch+1;
field = keyField;
continue;
} else if (*ch == '=') {
if (ch != start && (config.parseQSValue || field == keyField)) {
char *str = g_uri_unescape_segment(start, ch, NULL);
if (!str) {
moloch_field_string_add(field, session, start, ch-start, TRUE);
} else if (!moloch_field_string_add(field, session, str, strlen(str), FALSE)) {
g_free(str);
}
}
start = ch+1;
field = valueField;
}
}
if (config.parseQSValue && field == valueField && ch > start) {
char *str = g_uri_unescape_segment(start, ch, NULL);
if (!str) {
moloch_field_string_add(field, session, start, ch-start, TRUE);
} else if (!moloch_field_string_add(field, session, str, strlen(str), FALSE)) {
g_free(str);
}
}
} else {
moloch_field_string_add(pathField, session, http->urlString->str, http->urlString->len, TRUE);
}
if (http->urlString->str[0] != '/') {
char *result = strstr(http->urlString->str, http->hostString->str+2);
/* If the host header is in the first 8 bytes of url then just use the url */
if (result && result - http->urlString->str <= 8) {
moloch_field_string_add(urlsField, session, http->urlString->str, http->urlString->len, FALSE);
g_string_free(http->urlString, FALSE);
g_string_free(http->hostString, TRUE);
} else {
/* Host header doesn't match the url */
g_string_append(http->hostString, ";");
g_string_append(http->hostString, http->urlString->str);
moloch_field_string_add(urlsField, session, http->hostString->str, http->hostString->len, FALSE);
g_string_free(http->urlString, TRUE);
g_string_free(http->hostString, FALSE);
}
} else {
/* Normal case, url starts with /, so no extra host in url */
g_string_append(http->hostString, http->urlString->str);
moloch_field_string_add(urlsField, session, http->hostString->str, http->hostString->len, FALSE);
g_string_free(http->urlString, TRUE);
g_string_free(http->hostString, FALSE);
}
moloch_nids_add_tag(session, "protocol:http");
moloch_nids_add_protocol(session, "http");
http->urlString = NULL;
http->hostString = NULL;
} else if (http->urlString) {
moloch_field_string_add(urlsField, session, http->urlString->str, http->urlString->len, FALSE);
g_string_free(http->urlString, FALSE);
moloch_nids_add_tag(session, "protocol:http");
moloch_nids_add_protocol(session, "http");
http->urlString = NULL;
} else if (http->hostString) {
char *colon = strchr(http->hostString->str+2, ':');
if (colon) {
moloch_field_string_add(hostField, session, http->hostString->str+2, colon - http->hostString->str-2, TRUE);
} else {
moloch_field_string_add(hostField, session, http->hostString->str+2, http->hostString->len-2, TRUE);
}
g_string_free(http->hostString, TRUE);
http->hostString = NULL;
}
if (http->inBody & (1 << session->which)) {
const char *md5 = g_checksum_get_string(http->checksum[session->which]);
moloch_field_string_add(md5Field, session, (char*)md5, 32, TRUE);
}
return 0;
}
