LOCAL void suricata_print(SuricataItem_t *item) { char buf[100]; moloch_session_id_string(item->sessionId, buf); printf("sessionId: %s hash: %u ses: %d timestamp: %ld\n", buf, item->hash, item->ses, item->timestamp); }
static gboolean moloch_http_curl_watch_open_callback(int fd, GIOCondition condition, gpointer serverV) { MolochHttpServer_t *server = serverV; struct sockaddr_in localAddress, remoteAddress; socklen_t addressLength = sizeof(localAddress); int rc = getsockname(fd, (struct sockaddr*)&localAddress, &addressLength); if (rc != 0) return FALSE; addressLength = sizeof(remoteAddress); rc = getpeername(fd, (struct sockaddr*)&remoteAddress, &addressLength); if (rc != 0) return FALSE; char sessionId[MOLOCH_SESSIONID_LEN]; moloch_session_id(sessionId, localAddress.sin_addr.s_addr, localAddress.sin_port, remoteAddress.sin_addr.s_addr, remoteAddress.sin_port); LOG("Connected %d/%d - %s %d->%s:%d - fd:%d", server->outstanding, server->connections, server->names[0], ntohs(localAddress.sin_port), inet_ntoa(remoteAddress.sin_addr), ntohs(remoteAddress.sin_port), fd); MolochHttpConn_t *conn; MOLOCH_LOCK(connections); BIT_SET(fd, connectionsSet); HASH_FIND(h_, connections, sessionId, conn); if (!conn) { conn = MOLOCH_TYPE_ALLOC0(MolochHttpConn_t); HASH_ADD(h_, connections, sessionId, conn); memcpy(&conn->sessionId, sessionId, sessionId[0]); server->connections++; } else { char buf[1000]; LOG("ERROR - Already added %x %s", condition, moloch_session_id_string(sessionId, buf)); } MOLOCH_UNLOCK(connections); moloch_http_curlm_check_multi_info(server); return FALSE; }
// Should only be used by packet, lots of side effects MolochSession_t *moloch_session_find_or_create(int ses, uint32_t hash, char *sessionId, int *isNew) { MolochSession_t *session; if (hash == 0) { hash = moloch_session_hash(sessionId); } int thread = hash % config.packetThreads; HASH_FIND_HASH(h_, sessions[thread][ses], hash, sessionId, session); if (session) { if (!session->closingQ) { DLL_MOVE_TAIL(q_, &sessionsQ[thread][ses], session); } *isNew = 0; return session; } *isNew = 1; session = MOLOCH_TYPE_ALLOC0(MolochSession_t); session->ses = ses; memcpy(session->sessionId, sessionId, sessionId[0]); HASH_ADD_HASH(h_, sessions[thread][ses], hash, sessionId, session); DLL_PUSH_TAIL(q_, &sessionsQ[thread][ses], session); if (HASH_BUCKET_COUNT(h_, sessions[thread][ses], hash) > 10) { char buf[100]; LOG("Large number of chains: %s %u %u %u %u", moloch_session_id_string(sessionId, buf), hash, hash % sessions[thread][ses].size, thread, HASH_BUCKET_COUNT(h_, sessions[thread][ses], hash)); } session->filePosArray = g_array_sized_new(FALSE, FALSE, sizeof(uint64_t), 100); session->fileLenArray = g_array_sized_new(FALSE, FALSE, sizeof(uint16_t), 100); session->fileNumArray = g_array_new(FALSE, FALSE, 4); session->fields = MOLOCH_SIZE_ALLOC0(fields, sizeof(MolochField_t *)*config.maxField); session->maxFields = config.maxField; session->thread = thread; DLL_INIT(td_, &session->tcpData); if (config.numPlugins > 0) session->pluginData = MOLOCH_SIZE_ALLOC0(pluginData, sizeof(void *)*config.numPlugins); return session; }
LOCAL gboolean moloch_http_curl_watch_open_callback(int fd, GIOCondition condition, gpointer snameV) { MolochHttpServerName_t *sname = snameV; MolochHttpServer_t *server = sname->server; struct sockaddr_storage localAddressStorage, remoteAddressStorage; socklen_t addressLength = sizeof(localAddressStorage); int rc = getsockname(fd, (struct sockaddr*)&localAddressStorage, &addressLength); if (rc != 0) return CURLE_OK; addressLength = sizeof(remoteAddressStorage); rc = getpeername(fd, (struct sockaddr*)&remoteAddressStorage, &addressLength); if (rc != 0) return CURLE_OK; char sessionId[MOLOCH_SESSIONID_LEN]; int localPort, remotePort; char remoteIp[INET6_ADDRSTRLEN+2]; if (localAddressStorage.ss_family == AF_INET) { struct sockaddr_in *localAddress = (struct sockaddr_in *)&localAddressStorage; struct sockaddr_in *remoteAddress = (struct sockaddr_in *)&remoteAddressStorage; moloch_session_id(sessionId, localAddress->sin_addr.s_addr, localAddress->sin_port, remoteAddress->sin_addr.s_addr, remoteAddress->sin_port); localPort = ntohs(localAddress->sin_port); remotePort = ntohs(remoteAddress->sin_port); inet_ntop(AF_INET, &remoteAddress->sin_addr, remoteIp, sizeof(remoteIp)); } else { struct sockaddr_in6 *localAddress = (struct sockaddr_in6 *)&localAddressStorage; struct sockaddr_in6 *remoteAddress = (struct sockaddr_in6 *)&remoteAddressStorage; moloch_session_id6(sessionId, localAddress->sin6_addr.s6_addr, localAddress->sin6_port, remoteAddress->sin6_addr.s6_addr, remoteAddress->sin6_port); localPort = ntohs(localAddress->sin6_port); remotePort = ntohs(remoteAddress->sin6_port); inet_ntop(AF_INET6, &remoteAddress->sin6_addr, remoteIp+1, sizeof(remoteIp)-2); remoteIp[0] = '['; strcat(remoteIp, "]"); } if (config.logHTTPConnections) { LOG("Connected %d/%d - %s %d->%s:%d - fd:%d", server->outstanding, server->connections, sname->name, localPort, remoteIp, remotePort, fd); } MolochHttpConn_t *conn; MOLOCH_LOCK(connections); BIT_SET(fd, connectionsSet); HASH_FIND(h_, connections, sessionId, conn); if (!conn) { conn = MOLOCH_TYPE_ALLOC0(MolochHttpConn_t); HASH_ADD(h_, connections, sessionId, conn); memcpy(&conn->sessionId, sessionId, sessionId[0]); server->connections++; } else { char buf[1000]; LOG("ERROR - Already added %x %s", condition, moloch_session_id_string(sessionId, buf)); } MOLOCH_UNLOCK(connections); moloch_http_curlm_check_multi_info(server); return CURLE_OK; }