basic process event message handling

author: Laurent Ghigonis <laurent@p1sec.com> 2012-11-29 18:59:48 +0100
committer: Laurent Ghigonis <laurent@p1sec.com> 2012-11-29 18:59:48 +0100
commit: 6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74 (patch)
tree: 3f803fc77abf3ebf18b54312bf3c2ea36d385295 /libglouglou/libglouglou.c
parent: remove TODO, in README.txt now (diff)
download: glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.tar.xz
glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.zip
1 files changed, 34 insertions, 3 deletions
diff --git a/libglouglou/libglouglou.c b/libglouglou/libglouglou.c
index ca777dc..8d4a300 100644
--- a/libglouglou/libglouglou.c
+++ b/libglouglou/libglouglou.c
@@ -370,11 +370,34 @@ pkt_decode(char **buf, int *buf_len)
       if (strnlen((char *)pkt->name_fqdn, len) != pkt->name_len)
         goto invalid;
       newpkt->name_addr = ntohl(pkt->name_addr);
-      newpkt->name_len = pkt->name_len;
+      newpkt->name_len = ntohs(pkt->name_len);
       strncpy((char *)newpkt->name_fqdn, (char *)pkt->name_fqdn,
               pkt->name_len);
       break;
-    goto invalid;
+    case PACKET_PROC_FORK:
+      packet_len = PACKET_PROC_FORK_SIZE;
+      if (len < packet_len)
+        goto invalid;
+      newpkt->proc_pid = ntohl(pkt->proc_pid);
+      newpkt->proc_fork_ppid = ntohl(pkt->proc_fork_ppid);
+      newpkt->proc_fork_cpid = ntohl(pkt->proc_fork_cpid);
+      newpkt->proc_fork_tgid = ntohl(pkt->proc_fork_tgid);
+      break;
+    case PACKET_PROC_EXEC:
+      packet_len = PACKET_PROC_EXEC_SIZE;
+      if (len < packet_len)
+        goto invalid;
+      if (len < packet_len + pkt->proc_exec_cmdlen)
+        goto invalid;
+      if (strnlen((char *)pkt->proc_exec_cmd, len) != pkt->proc_exec_cmdlen)
+        goto invalid;
+      newpkt->proc_pid = ntohl(pkt->proc_pid);
+      newpkt->proc_exec_cmdlen = ntohs(pkt->proc_exec_cmdlen);
+      strncpy((char *)newpkt->proc_exec_cmd, (char *)pkt->proc_exec_cmd,
+              pkt->proc_exec_cmdlen);
+      break;
+    default:
+      goto invalid;
   }
 
   *buf = *buf + packet_len;
@@ -416,7 +439,15 @@ pkt_getsize(struct gg_packet *pkt)
       size = PACKET_DATA_SIZE;
       break;
     case PACKET_NAME:
-      size = PACKET_NAME_SIZE + strnlen((char *)pkt->name_fqdn, DNSNAME_MAX);
+      size = PACKET_NAME_SIZE +
+        strnlen((char *)pkt->name_fqdn, GG_PKTARG_MAX);
+      break;
+    case PACKET_PROC_FORK:
+      size = PACKET_PROC_FORK_SIZE;
+      break;
+    case PACKET_PROC_EXEC:
+      size = PACKET_PROC_EXEC_SIZE  +
+        strnlen((char *)pkt->proc_exec_cmd, GG_PKTARG_MAX);
       break;
     default:
       size = 0;
author	Laurent Ghigonis <laurent@p1sec.com>	2012-11-29 18:59:48 +0100
committer	Laurent Ghigonis <laurent@p1sec.com>	2012-11-29 18:59:48 +0100
commit	6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74 (patch)
tree	3f803fc77abf3ebf18b54312bf3c2ea36d385295 /libglouglou/libglouglou.c
parent	remove TODO, in README.txt now (diff)
download	glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.tar.xz glouglou-6f78c1e2c1fa7a824606fffb3aca05e16c7b9c74.zip