Ejemplo n.º 1
0
func (d *EndpointPayloadDetector) detectByFlow(payload []byte, flow gopacket.Flow) (layer gopacket.LayerType, err error) {
	var ok bool
	if layer, ok = d.srcEndpointMap[flow.Src()]; ok {
		return
	}
	if layer, ok = d.dstEndpointMap[flow.Dst()]; ok {
		return
	}
	return gopacket.LayerTypeZero, EndpointPayloadDetectorFailedError
}
Ejemplo n.º 2
0
func (http MySql) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst()))

	//
	if isSupport(destPort) {
		return NewMySqlStream()
	}

	//
	return nil
}
Ejemplo n.º 3
0
func (http Http) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst()))
	srcPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Src()))

	//

	//
	var key string = ""
	var isUp bool
	if isSupport(destPort) {
		isUp = true
		key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Src(), tcpFlow.Src(), netFlow.Dst(), tcpFlow.Dst())
	} else if isSupport(srcPort) {
		isUp = false
		key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Dst(), tcpFlow.Dst(), netFlow.Src(), tcpFlow.Src())
	}

	//
	if key != "" {
		logH.Debug("%v", netFlow)
		httpData, ok := dataMap[key]
		if !ok {
			httpData = NewHttpData()
			dataMap[key] = httpData
		}

		//請求
		if isUp {
			stream := NewHttpRequestStream(httpData.wg)
			httpData.requestStream = stream
			return &stream.reader

			//响应
		} else if httpData.requestStream != nil {
			stream := NewHttpResponseStream(httpData.requestStream, httpData.wg)
			httpData.responseStream = stream

			//
			delete(dataMap, key)
			return &stream.reader
		}
	}

	//
	return nil
}
Ejemplo n.º 4
0
func (assembler *TcpAssembler) assemble(flow gopacket.Flow, tcp *layers.TCP, timestamp time.Time) {
	src := EndPoint{ip: flow.Src().String(), port: uint16(tcp.SrcPort)}
	dst := EndPoint{ip: flow.Dst().String(), port: uint16(tcp.DstPort)}
	dropped := false
	if assembler.filterIp != "" {
		if src.ip != assembler.filterIp && dst.ip != assembler.filterIp {
			dropped = true
		}
	}
	if assembler.filterPort != 0 {
		if src.port != assembler.filterPort && dst.port != assembler.filterPort {
			dropped = true
		}
	}
	if dropped {
		return
	}

	srcString := src.String()
	dstString := dst.String()
	var key string
	if srcString < dstString {
		key = srcString + "-" + dstString
	} else {
		key = dstString + "-" + srcString
	}

	var createNewConn = tcp.SYN && !tcp.ACK || isHttpRequestData(tcp.Payload)
	connection := assembler.retrieveConnection(src, dst, key, createNewConn)
	if connection == nil {
		return
	}

	connection.onReceive(src, dst, tcp, timestamp)

	if connection.closed() {
		assembler.deleteConnection(key)
		connection.finish()
	}
}
Ejemplo n.º 5
0
func (f HttpStreamFactory) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) {
	revkey := fmt.Sprintf("%v:%v->%v:%v",
		netFlow.Dst(),
		tcpFlow.Dst(),
		netFlow.Src(),
		tcpFlow.Src())
	streamPair, ok := (*f.uniStreams)[revkey]
	src := make(PacketSource)
	if ok {
		if streamPair.upStream == nil {
			panic("unbelievable!?")
		}
		delete(*f.uniStreams, revkey)
		s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, DownDirection)
		streamPair.downStream = &s
		ret = s
		go s.Process()
	} else {
		streamPair = new(HttpStreamPair)
		streamPair.connSeq = *f.seq
		streamPair.sem = make(chan byte, 1)
		key := fmt.Sprintf("%v:%v->%v:%v",
			netFlow.Src(),
			tcpFlow.Src(),
			netFlow.Dst(),
			tcpFlow.Dst())
		s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, UpDirection)
		streamPair.upStream = &s
		(*f.uniStreams)[key] = streamPair
		*f.seq++
		go s.Process()
		ret = s
	}
	f.wg.Add(1)
	return
}