📄 wread_util.c
字号:
} /****************************************************************************//* * HTTP specific */char *_links_buf_alloc(unsigned int len){ char *cp; assert (len != 0); if (len == 0) { fprintf(stderr, "WHOOPS allocating 0 bytes\n"); exit (1); } /* allocate single buffer */ if ((cp = (char *)malloc(len)) == NULL) ERROR("img_chars_buf_alloc malloc()"); return cp;}int _http_alloc_trans(tcp_conn_t *tconnp, int ntrans, int alloc_imgbuf){ int i; http_trans_t **tpp; for (i = 0, tpp = &tconnp->su.http.trans; i < ntrans; i++) { if ((*tpp = (http_trans_t *)malloc(sizeof(http_trans_t))) == NULL) ERROR("http_trans malloc()"); if (alloc_imgbuf == PROVIDE_IMGBUFS) { (*tpp)->links.buf = _links_buf_alloc(LINKS_MAX_BUFS*LINKS_BUFSZ); } else { (*tpp)->links.buf = NULL; } tpp = &((*tpp)->next); } *tpp = NULL; return 0;}/* * Deallocate http transaction chain */int _http_dealloc_trans(tcp_conn_t *tconnp){ http_trans_t *tp = tconnp->su.http.trans; while (tp != NULL) { http_trans_t *tmp = tp; if (tp->links.buf != NULL) free(tp->links.buf); tp = tp->next; free(tmp); } tconnp->su.http.trans = NULL; return 0;}int _http_read_trans(http_trans_t *tp, struct np_file *file, int client_seen, int server_seen, unsigned int addit_fields, int allocflag){ FILE *f = file->file; int tmpi; if (client_seen) { GET_STRUCT(f, &tp->inner.cinf, http_trans_cinf_t); GET_STRUCT(f, &tp->inner.hclient, http_transinf_t); if ((tmpi = tp->inner.cinf.reqlen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->req, tmpi); } tp->req[tmpi] = '\0'; if ((tmpi = tp->inner.cinf.reflen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->ref, tmpi); } tp->ref[tmpi] = '\0'; if ((tmpi = tp->inner.cinf.hostlen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->host, tmpi); } tp->host[tmpi] = '\0'; if ((tmpi = tp->inner.cinf.uagentlen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->uagent, tmpi); } tp->uagent[tmpi] = '\0'; if ((tmpi = tp->inner.cinf.vialen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->cvia, tmpi); } tp->cvia[tmpi] = '\0'; } if (server_seen) { GET_STRUCT(f, &tp->inner.sinf, http_trans_sinf_t); GET_STRUCT(f, &tp->inner.hserver, http_transinf_t);/* * Comment these out for older vC3 logs *//* if (addit_fields) *//* printf("addit %x\n", addit_fields); */ if (addit_fields & AF_FIRST_REP_DATA_TM) GET_INT(f, &tp->inner.first_sdata_pkt_us, unsigned int); if (addit_fields & AF_REP_HDR_LEN) GET_INT(f, &tp->inner.rep_hdr_len, int); if ((tmpi = tp->inner.sinf.serverlen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->server, tmpi); } tp->server[tmpi] = '\0'; if ((tmpi = tp->inner.sinf.vialen)) { assert (tmpi <= HTTP_REQSTR_LEN); GET_MEM(f, &tp->svia, tmpi); } tp->svia[tmpi] = '\0'; GET_INT(f, &tp->links.totchars, unsigned int); /* XXX TMP */ if(tp->links.totchars > LINKS_BUFSZ*LINKS_MAX_BUFS) printf("XXXXXXXXXX links chars too long %d\n", tp->links.totchars); assert (tp->links.totchars <= LINKS_BUFSZ*LINKS_MAX_BUFS); if (tp->links.totchars) { /* some URLs to get here - allocate space if not pre-allocated */ if (allocflag == TRANS_ALLOC_ON_FLY) { if (tp->links.totchars > LINKS_MAX_BUFS*LINKS_BUFSZ) { fprintf (stderr, "WHOOPS - infeasable links.totchars\n"); tp->links.totchars = LINKS_MAX_BUFS*LINKS_BUFSZ; } tp->links.buf = _links_buf_alloc(tp->links.totchars); } GET_MEM(f, tp->links.buf, tp->links.totchars); } } return 0;} /* * Get the transaction chain for an HTTP connection */int _http_get_transchain(struct np_file *file, tcp_conn_t *tconnp){ int i; int client_seen = tconnp->flow_inner.state & TCP_CLIENT_SEEN; int server_seen = tconnp->flow_inner.state & TCP_SERVER_SEEN; http_trans_t *tp; //unsigned int addit_trans_fields; /* allocate transaction chain */ _http_alloc_trans(tconnp, tconnp->su.http.meta.ntrans, NO_IMGBUFS); /* additional transaction fields present? */ if (tconnp->su.http.meta.status & HTTP_ADDITIONAL_FIELDS_PRESENT) GET_INT(file->file, &tconnp->su.http.addit_trans_fields, unsigned int); for (i = 0, tp = tconnp->su.http.trans; i < tconnp->su.http.meta.ntrans; i++, tp = tp->next) _http_read_trans(tp, file, client_seen, server_seen, tconnp->su.http.addit_trans_fields, TRANS_ALLOC_ON_FLY); return 0;}/* * Count the number of link/image URLs contained in a transaction record *//* * NB - since introduction of record types and base URL scoping this does * not work */int _http_get_nurls(char *chars, int len){ char *end = chars + len; int count = 0; while (chars < end) { if (*chars == '\0') { /* end of string */ count++; chars++; /* timestamp? */ if (*chars == '\0') chars += (2 + sizeof(uint)); } else { chars++; } } return count;}/* * Count the number of distinct link/image URLs contained in a transaction * record *//* * NB - since introduction of record types and base URL scoping this does * not work */#define N_HT_SLOTS 111int _http_get_ndist_urls(char *chars, int buflen){ struct lrec { struct lrec *next; char *url; int first_arrtm; int n; }; struct lrec hlist[N_HT_SLOTS]; unsigned int hval; char *end = chars + buflen; char *url; int urlen; int i,j; int ts; int count = 0; memset(&hlist, 0, N_HT_SLOTS*sizeof(struct lrec)); while (chars < end) { int found = 0; struct lrec *lp; url = chars; urlen = strlen(url); chars += urlen + 1; hval = 0; if (*chars == '\0') { /* time stamp */ //printf("+ts "); ts = *((int *)++chars); chars += 2 + sizeof(int); } j = urlen/sizeof(int); for (i = 0; i < j ; i++) hval += ((int *)url)[i]; j = urlen % sizeof(int); for (i = urlen - j; i < urlen; i++) hval += (int)url[i]; hval = hval % N_HT_SLOTS; //printf("%s %u", url, hval); for (lp = &hlist[hval]; lp->next; lp = lp->next) { if (lp->url && !strcmp(url, lp->url)) { found++; break; } } if (found) { lp->n++; //printf(" duplicate\n"); } else { //printf("\n"); count++; lp->url = url; lp->n++; lp->next = (struct lrec *)calloc(1, sizeof(*lp)); lp->first_arrtm = ts; } } return count;}/*****************************************************************************//* * DNS specific */int _read_ns_rec(struct np_file *file, ns_fullrec_t *np, int allocflag){ FILE *f = file->file; GET_STRUCT(f, &np->ns_rec, ns_rec_t); if (np->ns_rec.state & NS_RRS_FOLLOW) /* got some resource records */ { if (allocflag == DATA_ALLOC_ON_FLY) { if ((np->rrbuf = (char *)malloc(NS_MAX_RRBUFSZ)) == NULL) { sprintf(errbuf, "_read_udp_conn() - ns_rr buffer malloc fail"); ERROR(errbuf); } } assert (np->ns_rec.buflen <= NS_MAX_RRBUFSZ); GET_MEM(f, np->rrbuf, np->ns_rec.buflen); } else { if(allocflag == DATA_ALLOC_ON_FLY) np->rrbuf = NULL; } return 0;}int _dealloc_ns_rec(ns_fullrec_t *np){ if (np) { if (np->rrbuf) free(np->rrbuf); free(np); } return 0;}/*****************************************************************************//* * UDP flow specific *//* * Deallocate udp connection record */int _dealloc_udp_conn(udp_conn_t *uconnp){ char errbuf[100]; /* free any supplementary storage */ switch (uconnp->flow_inner.serv_type) { /* these require no storage beyond the basic udp connection record */ case UDP_SERV_OTHER: case UDP_SERV_NFS: assert(uconnp->service_data == NULL); break; case UDP_SERV_DNS: _dealloc_ns_rec((ns_fullrec_t *)uconnp->service_data); break; default: sprintf(errbuf, "_dealloc_udp_conn - unknown service type %d", uconnp->flow_inner.serv_type); ERROR(errbuf); break; } /* end switch serv_type */ /* free the connection record */ free(uconnp); return 0;}int_read_udp_conn(struct np_file *file, udp_conn_t *uconnp, int allocflag, int get_data){ FILE *f = file->file; int server_seen = 0, client_seen = 0; struct ns_fullrec *np; char errbuf[256];#ifdef SWIG uconnp->indx = file->indx - 1;#else uconnp->indx = 0;#endif /* SWIG */ /* get UDP state, ports and addresses */ GET_STRUCT(f, &uconnp->flow_inner, flow_inner_t); client_seen = uconnp->flow_inner.state & UDP_CLIENT_SEEN; server_seen = uconnp->flow_inner.state & UDP_SERVER_SEEN; /* data on udp connection */ if (client_seen) GET_STRUCT(f, &uconnp->udp.client, udp_simplex_flow_t); if (server_seen) GET_STRUCT(f, &uconnp->udp.server, udp_simplex_flow_t); switch (uconnp->flow_inner.serv_type) { case UDP_SERV_NFS: case UDP_SERV_ICQ: case UDP_SERV_OTHER: break; case UDP_SERV_DNS: if (get_data) { if (allocflag == DATA_ALLOC_ON_FLY) { /* Need to allocate space */ if ((np = malloc(sizeof(ns_fullrec_t))) == NULL) { sprintf(errbuf, "_read_udp_conn() - ns_fullrec_t malloc fail"); ERROR(errbuf); } np->rrbuf = NULL; uconnp->service_data = np; } else { np = (struct ns_fullrec *)uconnp->service_data; } _read_ns_rec(file, np, allocflag); } break; default: sprintf(errbuf, "read_uconn - unknown service type %d file %s record %u", uconnp->flow_inner.serv_type, file->fnm, file->indx -1); ERROR(errbuf); break; } /* end switch serv_type */ return 0;}/*****************************************************************************//* * ICMP specific */int _read_icmp(struct np_file *file, struct icmp_rec *ipp){ FILE *f = file->file; GET_STRUCT(f, ipp, struct icmp_rec); return 0;} /*****************************************************************************//* * Skb_buff alloc fail specific */int _read_buf_alloc_fail(struct np_file *file, sk_buff_alloc_fail_rec_t *fail_rec){ FILE *f = file->file;#if 0#ifdef SWIG fail_rec->indx = file->indx - 1;#endif /* SWIG */#endif GET_STRUCT(f, fail_rec, sk_buff_alloc_fail_rec_t); return 0;} /*****************************************************************************//* * Interface card fail/drop specific */int _read_nic_fail(struct np_file *file, net_device_stats_t *fail_rec){⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -