|
(gdb) thread 2
|
|
[Switching to thread 2 (Thread 0x7ffff2d7c700 (LWP 9607))]#0 0x0000000000000000 in ?? ()
|
|
(gdb) frame 4
|
|
#4 0x000000000048185f in SigMatchSignatures (th_v=0x5b39d70, de_ctx=0x196ae10, det_ctx=0x7fffe8014930, p=0x14a2480) at detect.c:1553
|
|
1553 DeStateUpdateInspectTransactionId(pflow, flags);
|
|
(gdb) print *p
|
|
$6 = {src = {family = 2 '\002', address = {address_un_data32 = {242815148, 0, 0, 0}, address_un_data16 = {4268, 3705, 0, 0, 0, 0, 0, 0},
|
|
address_un_data8 = "\254\020y\016", '\000' <repeats 11 times>}}, dst = {family = 2 '\002', address = {address_un_data32 = {511027392, 0, 0, 0},
|
|
address_un_data16 = {43200, 7797, 0, 0, 0, 0, 0, 0}, address_un_data8 = "\300\250u\036", '\000' <repeats 11 times>}}, {sp = 7091, type = 179 '\263'},
|
|
{dp = 61391, code = 207 '\317'}, proto = 6 '\006', recursion_level = 0 '\000', vlan_id = {0, 0}, vlan_idx = 0 '\000', flowflags = 54 '6', flags = 65984,
|
|
flow = 0x7fffdc2bae00, ts = {tv_sec = 1391795473, tv_usec = 747429}, {afp_v = {relptr = 0x7fffd34cdcd0, copy_mode = 0, peer = 0x0,
|
|
mpeer = 0x7fffe8000b30}, pcap_v = {<No data fields>}}, ReleasePacket = 0x589b0d <AFPReleasePacket>, pktvar = 0x0, ethh = 0x7fffd34cdd12,
|
|
level3_comp_csum = -1, level4_comp_csum = 48580, ip4h = 0x7fffd34cdd20, ip6h = 0x0, {ip4vars = {comp_csum = 0, ip_src_u32 = 0, ip_dst_u32 = 0, ip_opts = {
|
|
{type = 148 '\224', len = 4 '\004', data = 0x7fffd64e8cc6 "\033Z \344\317\006\326\375\264&P\020\200"}, {type = 0 '\000', len = 0 '\000',
|
|
data = 0x0} <repeats 39 times>}, ip_opt_cnt = 0 '\000', o_rr = 0x0, o_qs = 0x0, o_ts = 0x0, o_sec = 0x0, o_lsrr = 0x0, o_cipso = 0x0,
|
|
o_sid = 0x0, o_ssrr = 0x0, o_rtralt = 0x0}, {ip6vars = {ip_opts_len = 0 '\000', l4proto = 0 '\000'}, ip6eh = {ip6fh = 0x0, fh_offset = 1172,
|
|
ip6rh = 0x7fffd64e8cc6, ip6ah = 0x0, ip6eh = 0x0, ip6dh1 = 0x0, ip6dh2 = 0x0, ip6hh = 0x0, ip6hh_opt_hao = {ip6hao_type = 0 '\000',
|
|
ip6hao_len = 0 '\000', ip6hao_hoa = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,
|
|
0, 0, 0}}}}, ip6hh_opt_ra = {ip6ra_type = 0 '\000', ip6ra_len = 0 '\000', ip6ra_value = 0}, ip6hh_opt_jumbo = {ip6j_type = 0 '\000',
|
|
ip6j_len = 0 '\000', ip6j_payload_len = 0}, ip6dh1_opt_hao = {ip6hao_type = 0 '\000', ip6hao_len = 0 '\000', ip6hao_hoa = {__in6_u = {
|
|
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh1_opt_ra = {
|
|
ip6ra_type = 0 '\000', ip6ra_len = 0 '\000', ip6ra_value = 0}, ip6dh1_opt_jumbo = {ip6j_type = 0 '\000', ip6j_len = 0 '\000',
|
|
ip6j_payload_len = 0}, ip6dh2_opt_hao = {ip6hao_type = 0 '\000', ip6hao_len = 0 '\000', ip6hao_hoa = {__in6_u = {
|
|
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh2_opt_ra = {
|
|
ip6ra_type = 0 '\000', ip6ra_len = 0 '\000', ip6ra_value = 0}, ip6dh2_opt_jumbo = {ip6j_type = 0 '\000', ip6j_len = 0 '\000',
|
|
ip6j_payload_len = 0}, ip6_exthdrs = {{type = 0 '\000', next = 0 '\000', len = 0 '\000', data = 0x0} <repeats 40 times>},
|
|
ip6_exthdrs_cnt = 0 '\000'}}}, {tcpvars = {tcp_opt_cnt = 0 '\000', tcp_opts = {{type = 8 '\b', len = 10 '\n',
|
|
data = 0x7fffd346b82c "ios\004emsa\005local\004emsa\005local"}, {type = 4 '\004', len = 2 '\002',
|
|
data = 0x7fffc7addd50 "msa\005local\004emsa\005local"}, {type = 3 '\003', len = 3 '\003', data = 0x7fffc7addd53 "\005local\004emsa\005local"}, {
|
|
type = 3 '\003', len = 3 '\003',
|
|
data = 0x7fffcc31be6b "A_j\220r\236\246\241\b\255*\230/t\036B+\201\202\263\203E\351\035\202\324\030h.=\377\321\301\267\251F\331P\312\b+6\004\071pI\315\375\270\065\351\021\360!\355NFF\317\t\375\237\001\355\243\336\061N\b\226qp5\215&\366\f\342oW\300\235v\342\240\344O\323\061\205J\373a\241\353(ptja\221\223\247Kj\352\a\220\206'\356F\350\310A\344m@\350:\006\tY\272\027\240\365ZTJ\024\245mC\270\302\006;&b@t\003\205\035\034\210g;\032\r~\367\003\f\276\062\356E\017ŭN\\\266\344(\020)8\362\230Pl\253\316\nڳ\202\374\b8\237\356a\200:\222\303\310$\024\322\345\214\065\302\222\240"...}, {type = 0 '\000', len = 0 '\000',
|
|
data = 0x0} <repeats 16 times>}, ts = 0x0, sack = 0x0, sackok = 0x0, ws = 0x0, mss = 0x0}, udpvars = {<No data fields>}, icmpv4vars = {id = 0,
|
|
seq = 0, mtu = 0, error_ptr = 2568, emb_ipv4h = 0x7fffd346b82c, emb_tcph = 0x204, emb_udph = 0x7fffc7addd50, emb_icmpv4h = 0x303, emb_ip4_src = {
|
|
s_addr = 3350060371}, emb_ip4_dst = {s_addr = 32767}, emb_ip4_hlen = 3 '\003', emb_ip4_proto = 3 '\003', emb_sport = 0, emb_dport = 0},
|
|
icmpv6vars = {id = 0, seq = 0, mtu = 0, error_ptr = 2568, emb_ipv6h = 0x7fffd346b82c, emb_tcph = 0x204, emb_udph = 0x7fffc7addd50, emb_icmpv6h = 0x303,
|
|
emb_ip6_src = {3350060371, 32767, 771, 0}, emb_ip6_dst = {3425812075, 32767, 0, 0}, emb_ip6_proto_next = 0 '\000', emb_sport = 0, emb_dport = 0}},
|
|
tcph = 0x7fffd34cdd34, udph = 0x0, sctph = 0x0, icmpv4h = 0x0, icmpv6h = 0x0, ppph = 0x0, pppoesh = 0x0, pppoedh = 0x0, greh = 0x0, vlanh = {0x0, 0x0},
|
|
payload = 0x7fffd34cdd48 "oveManualDetention = function(detention){\n\tinitDetentionForm(detention);\n};\n\n/**\n * get detention from inspection and manipulate page elements according detention type\n * @param inspection - the inspe"..., payload_len = 1460, action = 0 '\000', pkt_src = 1 '\001',
|
|
pktlen = 1514, ext_pkt = 0x7fffd34cdd12 "", livedev = 0x3a85f80, alerts = {cnt = 0, alerts = {{num = 0, order_id = 0, action = 0 '\000',
|
|
flags = 0 '\000', s = 0x0, tx_id = 0} <repeats 15 times>}}, host_src = 0x0, host_dst = 0x0, pcap_cnt = 0, events = {cnt = 0 '\000',
|
|
events = "\177nu", '\000' <repeats 11 times>}, app_layer_events = 0x7fffda181d50, next = 0x0, prev = 0x0, datalink = 1,
|
|
debuglog_flowbits_names_len = 0, debuglog_flowbits_names = 0x0, root = 0x0, tunnel_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
|
|
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, tunnel_rtv_cnt = 0,
|
|
tunnel_tpr_cnt = 0}
|
|
(gdb) print *p->flow
|
|
$7 = {src = {address = {address_un_data32 = {511027392, 0, 0, 0}, address_un_data16 = {43200, 7797, 0, 0, 0, 0, 0, 0},
|
|
address_un_data8 = "\300\250u\036", '\000' <repeats 11 times>}}, dst = {address = {address_un_data32 = {242815148, 0, 0, 0}, address_un_data16 = {
|
|
4268, 3705, 0, 0, 0, 0, 0, 0}, address_un_data8 = "\254\020y\016", '\000' <repeats 11 times>}}, {sp = 61391, type = 207 '\317'}, {dp = 7091,
|
|
code = 179 '\263'}, proto = 6 '\006', recursion_level = 0 '\000', vlan_id = {0, 0}, use_cnt_sc_atomic__ = 2, autofp_tmqh_flow_qid_sc_atomic__ = -1,
|
|
probing_parser_toserver_alproto_masks = 0, probing_parser_toclient_alproto_masks = 0, flags = 4144044155, lastts_sec = 1391795473, m = {__data = {
|
|
__lock = 2, __count = 0, __owner = 9607, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
|
|
__size = "\002\000\000\000\000\000\000\000\207%\000\000\001", '\000' <repeats 26 times>, __align = 2}, protoctx = 0x7fffb00900e0, protomap = 0 '\000',
|
|
pad0 = 0 '\000', alproto = 0, alproto_ts = 0, alproto_tc = 0, data_al_so_far = {0, 0}, de_ctx_id = 1, alparser = 0x0, alstate = 0x0, de_state = 0x0,
|
|
sgh_toclient = 0x5b4f140, sgh_toserver = 0x4fe1740, flowvar = 0x0, de_state_m = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
|
|
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, hnext = 0x7fffdce8a070,
|
|
hprev = 0x0, fb = 0x7ffff3bbd750, lnext = 0x0, lprev = 0x0, startts = {tv_sec = 1391795459, tv_usec = 430152}}
|