示例#1
0
static
void port_insert(port_hash_t hash, port_t *port)
{
	port_t **pport = &hash[port_hash(port->remote)];
	port->next = *pport;
	*pport = port;
}
示例#2
0
文件: analyze.c 项目: 4sp1r3/Honeyd
void
analyze_country_enter_cb(int result, char type, int count, int ttl,
    void *addresses, void *arg)
{
	struct country_state *state = arg;
	struct addr *src = &state->src;
	struct keycount tmpkey, *key;
	char tld[20];

	if (result != DNS_ERR_NONE || count != 1 || type != DNS_PTR) {
		/* Enter into our negative cache */
		if (!state->result_from_cache) {
			tmpkey.key = &src->addr_ip;
			tmpkey.keylen = sizeof(src->addr_ip);
			key = SPLAY_FIND(kctree, &country_cache, &tmpkey);
			if (!key) {
				key = keycount_new(
					&src->addr_ip,
					sizeof(src->addr_ip),
					NULL, NULL);
				SPLAY_INSERT(kctree, &country_cache, key);
			}
			count_increment(key->count, 1);
		}

		strlcpy(tld, "unknown", sizeof(tld));
	} else {
		const char *hostname = *(char **)addresses;
		int i;
		/* Extract the country key */
		for (i = strlen(hostname) - 1; i >= 0; --i) {
			if (hostname[i] == '.') {
				i += 1;
				break;
			}
		}

		strlcpy(tld, hostname + i, sizeof(tld));
		for (i = 0; i < strlen(tld); i++) {
			if (isdigit(tld[i])) {
				strlcpy(tld, "unknown", sizeof(tld));
				break;
			}
			tld[i] = tolower(tld[i]);
		}
	}

	tmpkey.key = tld;
	tmpkey.keylen = strlen(tmpkey.key) + 1;
	if ((key = SPLAY_FIND(kctree, &countries, &tmpkey)) == NULL) {
		key = keycount_new(tld, strlen(tld) + 1, aux_create, aux_free);
		SPLAY_INSERT(kctree, &countries, key);
	}

	/* If the address is new, we are going to resolve it */
	if (aux_enter(key->auxilary, port_hash(&state->src, &state->dst)))
		count_increment(key->count, 1);
	free(state);
}
示例#3
0
static
port_t* port_get(port_hash_t hash, snd_seq_addr_t addr)
{
	port_t **pport = &hash[port_hash(addr)];
	while (*pport) {
		port_t *port = *pport;
		if (port->remote.client == addr.client && port->remote.port == addr.port)
			return port;
		pport = &port->next;
	}
	return NULL;
}
示例#4
0
文件: analyze.c 项目: 4sp1r3/Honeyd
void
analyze_port_enter(uint16_t port,
    const struct addr *src, const struct addr *dst)
{
	struct keycount tmpkey, *key;

	tmpkey.key = &port;
	tmpkey.keylen = sizeof(port);

	if ((key = SPLAY_FIND(kctree, &ports, &tmpkey)) == NULL) {
		key = keycount_new(&port, sizeof(port),
		    aux_create, aux_free);
		SPLAY_INSERT(kctree, &ports, key);
	}

	/* If the address is new, we are going to increase the counter */
	if (aux_enter(key->auxilary, port_hash(src, dst)))
		count_increment(key->count, 1);
}