static int addr_unmarshal(struct addr* addr, struct evbuffer *evbuf) { uint32_t tmp_int; memset(addr, 0, sizeof(struct addr)); if (evtag_unmarshal_int(evbuf, ADDR_TYPE, &tmp_int) == -1) return (-1); addr->addr_type = tmp_int; if (evtag_unmarshal_int(evbuf, ADDR_BITS, &tmp_int) == -1) return (-1); addr->addr_bits = tmp_int; switch (addr->addr_type) { case ADDR_TYPE_ETH: evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_eth, sizeof(addr->addr_eth)); break; case ADDR_TYPE_IP: evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_ip, sizeof(addr->addr_ip)); break; case ADDR_TYPE_IP6: evtag_unmarshal_fixed(evbuf, ADDR_ADDR, &addr->addr_ip6, sizeof(addr->addr_ip6)); break; default: return (-1); } return (0); }
int kill_unmarshal(struct kill *tmp, struct evbuffer *evbuf) { ev_uint32_t tag; while (evbuffer_get_length(evbuf) > 0) { if (evtag_peek(evbuf, &tag) == -1) return (-1); switch (tag) { case KILL_WEAPON: if (tmp->weapon_set) return (-1); if (evtag_unmarshal_string(evbuf, KILL_WEAPON, &tmp->weapon_data) == -1) { event_warnx("%s: failed to unmarshal weapon", __func__); return (-1); } tmp->weapon_set = 1; break; case KILL_ACTION: if (tmp->action_set) return (-1); if (evtag_unmarshal_string(evbuf, KILL_ACTION, &tmp->action_data) == -1) { event_warnx("%s: failed to unmarshal action", __func__); return (-1); } tmp->action_set = 1; break; case KILL_HOW_OFTEN: if (tmp->how_often_length >= tmp->how_often_num_allocated && kill_how_often_expand_to_hold_more(tmp) < 0) { puts("HEY NOW"); return (-1); } if (evtag_unmarshal_int(evbuf, KILL_HOW_OFTEN, &tmp->how_often_data[tmp->how_often_length]) == -1) { event_warnx("%s: failed to unmarshal how_often", __func__); return (-1); } ++tmp->how_often_length; tmp->how_often_set = 1; break; default: return -1; } } if (kill_complete(tmp) == -1) return (-1); return (0); }
int kill_unmarshal(struct kill *tmp, struct evbuffer *evbuf) { ev_uint32_t tag; while (EVBUFFER_LENGTH(evbuf) > 0) { if (evtag_peek(evbuf, &tag) == -1) return (-1); switch (tag) { case KILL_WEAPON: if (tmp->weapon_set) return (-1); if (evtag_unmarshal_string(evbuf, KILL_WEAPON, &tmp->weapon_data) == -1) { event_warnx("%s: failed to unmarshal weapon", __func__); return (-1); } tmp->weapon_set = 1; break; case KILL_ACTION: if (tmp->action_set) return (-1); if (evtag_unmarshal_string(evbuf, KILL_ACTION, &tmp->action_data) == -1) { event_warnx("%s: failed to unmarshal action", __func__); return (-1); } tmp->action_set = 1; break; case KILL_HOW_OFTEN: if (tmp->how_often_set) return (-1); if (evtag_unmarshal_int(evbuf, KILL_HOW_OFTEN, &tmp->how_often_data) == -1) { event_warnx("%s: failed to unmarshal how_often", __func__); return (-1); } tmp->how_often_set = 1; break; default: return -1; } } if (kill_complete(tmp) == -1) return (-1); return (0); }
int run_unmarshal(struct run *tmp, struct evbuffer *evbuf) { ev_uint32_t tag; while (evbuffer_get_length(evbuf) > 0) { if (evtag_peek(evbuf, &tag) == -1) return (-1); switch (tag) { case RUN_HOW: if (tmp->how_set) return (-1); if (evtag_unmarshal_string(evbuf, RUN_HOW, &tmp->how_data) == -1) { event_warnx("%s: failed to unmarshal how", __func__); return (-1); } tmp->how_set = 1; break; case RUN_SOME_BYTES: if (tmp->some_bytes_set) return (-1); if (evtag_payload_length(evbuf, &tmp->some_bytes_length) == -1) return (-1); if (tmp->some_bytes_length > evbuffer_get_length(evbuf)) return (-1); if ((tmp->some_bytes_data = malloc(tmp->some_bytes_length)) == NULL) return (-1); if (evtag_unmarshal_fixed(evbuf, RUN_SOME_BYTES, tmp->some_bytes_data, tmp->some_bytes_length) == -1) { event_warnx("%s: failed to unmarshal some_bytes", __func__); return (-1); } tmp->some_bytes_set = 1; break; case RUN_FIXED_BYTES: if (tmp->fixed_bytes_set) return (-1); if (evtag_unmarshal_fixed(evbuf, RUN_FIXED_BYTES, tmp->fixed_bytes_data, (24)) == -1) { event_warnx("%s: failed to unmarshal fixed_bytes", __func__); return (-1); } tmp->fixed_bytes_set = 1; break; case RUN_NOTES: if (tmp->notes_length >= tmp->notes_num_allocated && run_notes_expand_to_hold_more(tmp) < 0) { puts("HEY NOW"); return (-1); } if (evtag_unmarshal_string(evbuf, RUN_NOTES, &tmp->notes_data[tmp->notes_length]) == -1) { event_warnx("%s: failed to unmarshal notes", __func__); return (-1); } ++tmp->notes_length; tmp->notes_set = 1; break; case RUN_LARGE_NUMBER: if (tmp->large_number_set) return (-1); if (evtag_unmarshal_int64(evbuf, RUN_LARGE_NUMBER, &tmp->large_number_data) == -1) { event_warnx("%s: failed to unmarshal large_number", __func__); return (-1); } tmp->large_number_set = 1; break; case RUN_OTHER_NUMBERS: if (tmp->other_numbers_length >= tmp->other_numbers_num_allocated && run_other_numbers_expand_to_hold_more(tmp) < 0) { puts("HEY NOW"); return (-1); } if (evtag_unmarshal_int(evbuf, RUN_OTHER_NUMBERS, &tmp->other_numbers_data[tmp->other_numbers_length]) == -1) { event_warnx("%s: failed to unmarshal other_numbers", __func__); return (-1); } ++tmp->other_numbers_length; tmp->other_numbers_set = 1; break; default: return -1; } } if (run_complete(tmp) == -1) return (-1); return (0); }
/* * Functions to un/marshal records. */ static int record_unmarshal(struct record *record, struct evbuffer *evbuf) { struct evbuffer *tmp = evbuffer_new(); uint32_t integer; uint32_t tag; memset(record, 0, sizeof(struct record)); TAILQ_INIT(&record->hashes); /* The timevals are optional, so we need to check their presence */ if (evtag_peek(evbuf, &tag) != -1 && tag == REC_TV_START) { if (evtag_unmarshal_timeval(evbuf, REC_TV_START, &record->tv_start) == -1) goto error; } if (evtag_peek(evbuf, &tag) != -1 && tag == REC_TV_END) { if (evtag_unmarshal_timeval(evbuf, REC_TV_END, &record->tv_end) == -1) goto error; } evbuffer_drain(tmp, evbuffer_get_length(tmp)); if (evtag_unmarshal(evbuf, &tag, tmp) == -1 || tag != REC_SRC) goto error; if (addr_unmarshal(&record->src, tmp) == -1) goto error; evbuffer_drain(tmp, evbuffer_get_length(tmp)); if (evtag_unmarshal(evbuf, &tag, tmp) == -1 || tag != REC_DST) goto error; if (addr_unmarshal(&record->dst, tmp) == -1) goto error; if (evtag_unmarshal_int(evbuf, REC_SRC_PORT, &integer) == -1) goto error; record->src_port = integer; if (evtag_unmarshal_int(evbuf, REC_DST_PORT, &integer) == -1) goto error; record->dst_port = integer; if (evtag_unmarshal_int(evbuf, REC_PROTO, &integer) == -1) goto error; record->proto = integer; if (evtag_unmarshal_int(evbuf, REC_STATE, &integer) == -1) goto error; record->state = integer; while (evtag_peek(evbuf, &tag) != -1) { switch(tag) { case REC_OS_FP: if (evtag_unmarshal_string(evbuf, tag, &record->os_fp) == -1) goto error; break; case REC_HASH: { struct hash *tmp; if ((tmp = calloc(1, sizeof(struct hash))) == NULL) err(1, "%s: calloc", __func__); if (evtag_unmarshal_fixed(evbuf, REC_HASH, tmp->digest, sizeof(tmp->digest)) == -1) { free(tmp); goto error; } TAILQ_INSERT_TAIL(&record->hashes, tmp, next); } break; case REC_BYTES: if (evtag_unmarshal_int(evbuf, tag,&record->bytes) == -1) goto error; break; case REC_FLAGS: if (evtag_unmarshal_int(evbuf, tag,&record->flags) == -1) goto error; break; default: syslog(LOG_DEBUG, "Ignoring unknown record tag %d", tag); evtag_consume(evbuf); break; } } evbuffer_free(tmp); return (0); error: evbuffer_free(tmp); return (-1); }