-
Notifications
You must be signed in to change notification settings - Fork 1
/
http.h
207 lines (197 loc) · 6.6 KB
/
http.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
#ifndef HTTP_H
#define HTTP_H
#include "pcap_queue_block.h"
#include "tcpreassembly.h"
struct HttpDataCache_id {
HttpDataCache_id(vmIP ip_src, vmIP ip_dst,
vmPort port_src, vmPort port_dst) {
this->ip_src = ip_src;
this->ip_dst = ip_dst;
this->port_src = port_src;
this->port_dst = port_dst;
}
vmIP ip_src;
vmIP ip_dst;
vmPort port_src;
vmPort port_dst;
bool operator < (const HttpDataCache_id& other) const {
return((this->ip_src < other.ip_src) ? 1 : (this->ip_src > other.ip_src) ? 0 :
(this->ip_dst < other.ip_dst) ? 1 : (this->ip_dst > other.ip_dst) ? 0 :
(this->port_src < other.port_src) ? 1 : (this->port_src > other.port_src) ? 0 :
this->port_dst < other.port_dst);
}
};
struct HttpDataCache_data {
HttpDataCache_data(const char *url, const char *url_md5,
const char *http, const char *http_md5,
const char *body, const char *body_md5,
const char *callid, const char *sessionid, const char *external_transaction_id) {
if(url) this->url = url;
if(url_md5) this->url_md5 = url_md5; else if(url) this->url_md5 = GetStringMD5(url);
if(http) this->http = http;
if(http_md5) this->http_md5 = http_md5; else if(http) this->http_md5 = GetStringMD5(http);
if(body) this->body = body;
if(body_md5) this->body_md5 = body_md5; else if(body) this->body_md5 = GetStringMD5(body);
if(callid) this->callid = callid;
if(sessionid) this->sessionid = sessionid;
if(external_transaction_id) this->external_transaction_id = external_transaction_id;
}
string url;
string url_md5;
string http;
string http_md5;
string body;
string body_md5;
string callid;
string sessionid;
string external_transaction_id;
};
struct HttpDataCache_relation {
HttpDataCache_relation();
~HttpDataCache_relation();
void addResponse(u_int64_t timestamp,
const char *http, const char *body);
bool checkExistsResponse(const char *http_md5, const char *body_md5);
HttpDataCache_data *request;
map<u_int64_t, HttpDataCache_data*> responses;
u_int64_t last_timestamp_response;
};
struct HttpDataCache_link {
~HttpDataCache_link();
void addRequest(u_int64_t timestamp,
const char *url, const char *http, const char *body,
const char *callid, const char *sessionid, const char *external_transaction_id);
void addResponse(u_int64_t timestamp,
const char *http, const char *body,
const char *url_master, const char *http_master, const char *body_master);
bool checkExistsRequest(const char *url_md5, const char *http_md5, const char *body_md5);
void writeToDb(const HttpDataCache_id *id, bool all, u_int64_t time);
void writeDataToDb(bool response, u_int64_t timestamp, const HttpDataCache_id *id, HttpDataCache_data *data);
void writeQueryInsertToDb();
string getRelationsMapId(const char *url_md5, const char *http_md5, const char *body_md5) {
return(string(url_md5) + '#' + string(http_md5) + '#' + string(body_md5));
}
string getRelationsMapId(string &url_md5, string &http_md5, string &body_md5) {
return(url_md5 + '#' + http_md5 + '#' + body_md5);
}
map<u_int64_t, HttpDataCache_relation*> relations;
map<string, HttpDataCache_relation*> relations_map;
string queryInsert;
string lastRequest_http_md5;
string lastRequest_body_md5;
static u_int32_t writeToDb_counter;
};
struct HttpDataCache {
HttpDataCache();
void addRequest(u_int64_t timestamp,
vmIP ip_src, vmIP ip_dst,
vmPort port_src, vmPort port_dst,
const char *url, const char *http, const char *body,
const char *callid, const char *sessionid, const char *external_transaction_id);
void addResponse(u_int64_t timestamp,
vmIP ip_src, vmIP ip_dst,
vmPort port_src, vmPort port_dst,
const char *http, const char *body,
const char *url_master, const char *http_master, const char *body_master);
void writeToDb(bool all = false, bool ifExpiration = false);
map<HttpDataCache_id, HttpDataCache_link> data;
void lock() {
while(__sync_lock_test_and_set(&this->_sync, 1)) USLEEP(100);
}
void unlock() {
__sync_lock_release(&this->_sync);
}
u_int64_t last_timestamp;
u_int64_t init_at;
u_int64_t last_write_at;
int _sync;
};
class HttpData : public TcpReassemblyProcessData {
public:
HttpData();
virtual ~HttpData();
void processData(vmIP ip_src, vmIP ip_dst,
vmPort port_src, vmPort port_dst,
TcpReassemblyData *data,
u_char *ethHeader, u_int32_t ethHeaderLength,
u_int16_t handle_index, int dlt, int sensor_id, vmIP sensor_ip, sPacketInfoData pid,
void *uData, TcpReassemblyLink *reassemblyLink,
std::ostream *debugStream);
void writeToDb(bool all = false);
string getUri(string &request);
string getUriValue(string &uri, const char *valueName);
string getUriPathValue(string &uri, const char *valueName);
string getTag(string &data, const char *tag);
string getJsonValue(string &data, const char *valueName);
string getXmlValue(string &data, const char *valueName);
void printContentSummary();
private:
unsigned int counterProcessData;
unsigned int counterSaveData;
HttpDataCache cache;
};
class HttpPacketsDumper {
public:
enum eReqResp {
request,
response
};
struct HttpLink_id {
HttpLink_id(vmIP ip1 = 0, vmIP ip2 = 0,
vmPort port1 = 0, vmPort port2 = 0) {
this->ip1 = ip1 > ip2 ? ip1 : ip2;
this->ip2 = ip1 < ip2 ? ip1 : ip2;
this->port1 = port1 > port2 ? port1 : port2;
this->port2 = port1 < port2 ? port1 : port2;
}
vmIP ip1;
vmIP ip2;
vmPort port1;
vmPort port2;
bool operator < (const HttpLink_id& other) const {
return((this->ip1 < other.ip1) ? 1 : (this->ip1 > other.ip1) ? 0 :
(this->ip2 < other.ip2) ? 1 : (this->ip2 > other.ip2) ? 0 :
(this->port1 < other.port1) ? 1 : (this->port1 > other.port1) ? 0 :
(this->port2 < other.port2));
}
};
class HttpLink {
public:
HttpLink(vmIP ip1 = 0, vmIP ip2 = 0,
vmPort port1 = 0, vmPort port2 = 0) {
this->ip1 = ip1;
this->ip2 = ip2;
this->port1 = port1;
this->port2 = port2;
this->seq[0] = 1;
this->seq[1] = 1;
}
vmIP ip1;
vmIP ip2;
vmPort port1;
vmPort port2;
u_int32_t seq[2];
};
public:
HttpPacketsDumper();
~HttpPacketsDumper();
void setPcapName(const char *pcapName);
void setTemplatePcapName();
void setPcapDumper(PcapDumper *pcapDumper);
void dumpData(const char *timestamp_from, const char *timestamp_to, const char *ids);
void dumpDataItem(eReqResp reqResp, string header, string body,
timeval time,
vmIP ip_src, vmIP ip_dst,
vmPort port_src, vmPort port_dst);
void setUnlinkPcap();
string getPcapName();
void openPcapDumper();
void closePcapDumper(bool force = false);
private:
string pcapName;
bool unlinkPcap;
PcapDumper *pcapDumper;
bool selfOpenPcapDumper;
map<HttpLink_id, HttpLink> links;
};
#endif