Beispiel #1
0
func (d *EndpointPayloadDetector) detectByFlow(payload []byte, flow gopacket.Flow) (layer gopacket.LayerType, err error) {
	var ok bool
	if layer, ok = d.srcEndpointMap[flow.Src()]; ok {
		return
	}
	if layer, ok = d.dstEndpointMap[flow.Dst()]; ok {
		return
	}
	return gopacket.LayerTypeZero, EndpointPayloadDetectorFailedError
}
Beispiel #2
0
func (http MySql) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst()))

	//
	if isSupport(destPort) {
		return NewMySqlStream()
	}

	//
	return nil
}
// New is the factory method called by the tcpassembly to generate new tcpassembly.Stream.
func (os *MongoOpStream) New(netFlow, tcpFlow gopacket.Flow) tcpassembly.Stream {
	key := bidiKey{netFlow, tcpFlow}
	rkey := bidiKey{netFlow.Reverse(), tcpFlow.Reverse()}
	if bidi, ok := os.bidiMap[key]; ok {
		atomic.AddInt32(&bidi.openStreamCount, 1)
		delete(os.bidiMap, key)
		return bidi.streams[1]
	}
	bidi := newBidi(netFlow, tcpFlow, os, <-os.connectionCounter)
	os.bidiMap[rkey] = bidi
	atomic.AddInt32(&bidi.openStreamCount, 1)
	go bidi.streamOps()
	return bidi.streams[0]
}
// New handles creating a new tcpassembly.Stream.
func (f *myFactory) New(netFlow, tcpFlow gopacket.Flow) tcpassembly.Stream {
	// Create a new stream.
	s := &myStream{}

	// Find the bidi bidirectional struct for this stream, creating a new one if
	// one doesn't already exist in the map.
	k := key{netFlow, tcpFlow}
	bd := f.bidiMap[k]
	if bd == nil {
		bd = &bidi{a: s, key: k}
		// Register bidirectional with the reverse key, so the matching stream going
		// the other direction will find it.
		f.bidiMap[key{netFlow.Reverse(), tcpFlow.Reverse()}] = bd
	} else {
		bd.b = s
		// Clear out the bidi we're using from the map, just in case.
		delete(f.bidiMap, k)
	}
	s.bidi = bd
	return s
}
func newBidi(netFlow, tcpFlow gopacket.Flow, opStream *MongoOpStream, num int64) *bidi {
	bidi := &bidi{connectionNumber: num}
	bidi.streams[0] = &stream{
		bidi:        bidi,
		reassembled: make(chan []tcpassembly.Reassembly),
		done:        make(chan interface{}),
		op:          &RawOp{},
		netFlow:     netFlow,
		tcpFlow:     tcpFlow,
	}
	bidi.streams[1] = &stream{
		bidi:        bidi,
		reassembled: make(chan []tcpassembly.Reassembly),
		done:        make(chan interface{}),
		op:          &RawOp{},
		netFlow:     netFlow.Reverse(),
		tcpFlow:     tcpFlow.Reverse(),
	}
	bidi.opStream = opStream
	return bidi
}
Beispiel #6
0
func (assembler *TcpAssembler) assemble(flow gopacket.Flow, tcp *layers.TCP, timestamp time.Time) {
	src := EndPoint{ip: flow.Src().String(), port: uint16(tcp.SrcPort)}
	dst := EndPoint{ip: flow.Dst().String(), port: uint16(tcp.DstPort)}
	dropped := false
	if assembler.filterIp != "" {
		if src.ip != assembler.filterIp && dst.ip != assembler.filterIp {
			dropped = true
		}
	}
	if assembler.filterPort != 0 {
		if src.port != assembler.filterPort && dst.port != assembler.filterPort {
			dropped = true
		}
	}
	if dropped {
		return
	}

	srcString := src.String()
	dstString := dst.String()
	var key string
	if srcString < dstString {
		key = srcString + "-" + dstString
	} else {
		key = dstString + "-" + srcString
	}

	var createNewConn = tcp.SYN && !tcp.ACK || isHttpRequestData(tcp.Payload)
	connection := assembler.retrieveConnection(src, dst, key, createNewConn)
	if connection == nil {
		return
	}

	connection.onReceive(src, dst, tcp, timestamp)

	if connection.closed() {
		assembler.deleteConnection(key)
		connection.finish()
	}
}
Beispiel #7
0
func (f HttpStreamFactory) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	revkey := fmt.Sprintf("%v:%v->%v:%v",
		netFlow.Dst(),
		tcpFlow.Dst(),
		netFlow.Src(),
		tcpFlow.Src())
	streamPair, ok := (*f.uniStreams)[revkey]
	src := make(PacketSource)
	if ok {
		if streamPair.upStream == nil {
			panic("unbelievable!?")
		}
		delete(*f.uniStreams, revkey)
		s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, DownDirection)
		streamPair.downStream = &s
		ret = s
		go s.Process()
	} else {
		streamPair = new(HttpStreamPair)
		streamPair.connSeq = *f.seq
		streamPair.sem = make(chan byte, 1)
		key := fmt.Sprintf("%v:%v->%v:%v",
			netFlow.Src(),
			tcpFlow.Src(),
			netFlow.Dst(),
			tcpFlow.Dst())
		s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, UpDirection)
		streamPair.upStream = &s
		(*f.uniStreams)[key] = streamPair
		*f.seq++
		go s.Process()
		ret = s
	}
	f.wg.Add(1)
	return
}
func (s *MongoOpStream) New(a, b gopacket.Flow) tcpassembly.Stream {
	r := tcpreader.NewReaderStream()
	log.Println("starting stream", a, b)
	go s.handleStream(&r, b.String())
	return &r
}
Beispiel #9
0
func (http Http) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst()))
	srcPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Src()))

	//

	//
	var key string = ""
	var isUp bool
	if isSupport(destPort) {
		isUp = true
		key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Src(), tcpFlow.Src(), netFlow.Dst(), tcpFlow.Dst())
	} else if isSupport(srcPort) {
		isUp = false
		key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Dst(), tcpFlow.Dst(), netFlow.Src(), tcpFlow.Src())
	}

	//
	if key != "" {
		logH.Debug("%v", netFlow)
		httpData, ok := dataMap[key]
		if !ok {
			httpData = NewHttpData()
			dataMap[key] = httpData
		}

		//請求
		if isUp {
			stream := NewHttpRequestStream(httpData.wg)
			httpData.requestStream = stream
			return &stream.reader

			//响应
		} else if httpData.requestStream != nil {
			stream := NewHttpResponseStream(httpData.requestStream, httpData.wg)
			httpData.responseStream = stream

			//
			delete(dataMap, key)
			return &stream.reader
		}
	}

	//
	return nil
}