func handleMysql(mysql *Mysql, m *MysqlMessage, tcptuple *common.TcpTuple, dir uint8, raw_msg []byte) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) m.Raw = raw_msg if m.IsRequest { mysql.receivedMysqlRequest(m) } else { mysql.receivedMysqlResponse(m) } }
func (redis *Redis) handleRedis(m *RedisMessage, tcptuple *common.TcpTuple, dir uint8) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsRequest { redis.receivedRedisRequest(m) } else { redis.receivedRedisResponse(m) } }
func (http *Http) handleHttp(m *HttpMessage, tcptuple *common.TcpTuple, dir uint8, raw_msg []byte) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) m.Raw = raw_msg if m.IsRequest { http.receivedHttpRequest(m) } else { http.receivedHttpResponse(m) } }
func (openFlow *OpenFlow) handleOpenFlow(m *OpenFlowMessage, tcptuple *common.TcpTuple, dir uint8) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) tuple := m.TcpTuple trans := openFlow.transactionsMap[tuple.Hashable()] if trans == nil { trans = &OpenFlowTransaction{Type: "openflow", tuple: tuple} openFlow.transactionsMap[tuple.Hashable()] = trans } trans.BytesIn = m.Size trans.cmdline = m.CmdlineTuple trans.ts = m.Ts trans.Ts = int64(trans.ts.UnixNano() / 1000) // transactions have microseconds resolution trans.JsTs = m.Ts trans.Src = common.Endpoint{ Ip: m.TcpTuple.Src_ip.String(), Port: m.TcpTuple.Src_port, Proc: string(m.CmdlineTuple.Src), } trans.Dst = common.Endpoint{ Ip: m.TcpTuple.Dst_ip.String(), Port: m.TcpTuple.Dst_port, Proc: string(m.CmdlineTuple.Dst), } if m.Direction == tcp.TcpDirectionReverse { trans.Src, trans.Dst = trans.Dst, trans.Src } trans.OpenFlow = common.MapStr{} trans.IsError = m.IsError if m.IsError { trans.OpenFlow["error"] = m.Message } else { trans.OpenFlow["return_value"] = m.Message } trans.BytesOut = m.Size trans.message = *m trans.ResponseTime = int32(m.Ts.Sub(trans.ts).Nanoseconds() / 1e6) // resp_time in milliseconds openFlow.publishTransaction(trans) }
func (mongodb *Mongodb) handleMongodb(m *MongodbMessage, tcptuple *common.TcpTuple, dir uint8) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsResponse { logp.Debug("mongodb", "MongoDB response message") mongodb.receivedMongodbResponse(m) } else { logp.Debug("mongodb", "MongoDB request message") mongodb.receivedMongodbRequest(m) } }
func (redis *Redis) handleRedis( conn *redisConnectionData, m *redisMessage, tcptuple *common.TcpTuple, dir uint8, ) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsRequest { conn.requests.append(m) // wait for response } else { conn.responses.append(m) redis.correlate(conn) } }
func (mongodb *Mongodb) handleMongodb( conn *mongodbConnectionData, m *mongodbMessage, tcptuple *common.TcpTuple, dir uint8, ) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsResponse { debugf("MongoDB response message") mongodb.onResponse(conn, m) } else { debugf("MongoDB request message") mongodb.onRequest(conn, m) } }
func (thrift *Thrift) messageComplete(tcptuple *common.TcpTuple, dir uint8, stream *ThriftStream, priv *thriftPrivateData) { var flush bool = false if stream.message.IsRequest { logp.Debug("thrift", "Thrift request message: %s", stream.message.Method) if !thrift.CaptureReply { // enable the stream in the other direction to get the reply stream_rev := priv.Data[1-dir] if stream_rev != nil { stream_rev.skipInput = false } } } else { logp.Debug("thrift", "Thrift response message: %s", stream.message.Method) if !thrift.CaptureReply { // disable stream in this direction stream.skipInput = true // and flush current data flush = true } } // all ok, go to next level stream.message.TcpTuple = *tcptuple stream.message.Direction = dir stream.message.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if stream.message.FrameSize == 0 { stream.message.FrameSize = uint32(stream.parseOffset - stream.message.start) } thrift.handleThrift(stream.message) // and reset message stream.PrepareForNewMessage(flush) }
func (mc *Memcache) memcacheParseTCP( tcpConn *tcpConnectionData, pkt *protos.Packet, tcptuple *common.TcpTuple, dir uint8, ) *tcpConnectionData { // assume we are in sync stream := tcpConn.Streams[dir] if stream == nil { stream = mc.newStream(tcptuple) tcpConn.Streams[dir] = stream } debug("add payload to stream(%p): %v", stream, dir) if err := stream.Append(pkt.Payload); err != nil { debug("%v, dropping TCP streams", err) mc.pushAllTCPTrans(tcpConn.connection) tcpConn.drop(dir) return nil } if tcpConn.connection == nil { tcpConn.connection = &connection{} } else { stopped := tcpConn.connection.timer.Stop() if !stopped { // timer was stopped by someone else, create new connection tcpConn.connection = &connection{} } } conn := tcpConn.connection for stream.Buf.Total() > 0 { debug("stream(%p) try to content", stream) msg, err := stream.parse(pkt.Ts) if err != nil { // parsing error, drop tcp stream and retry with next segement debug("Ignore Memcache message, drop tcp stream: %v", err) mc.pushAllTCPTrans(conn) tcpConn.drop(dir) return nil } if msg == nil { // wait for more data break } stream.reset() tuple := tcptuple.IpPort() err = mc.onTCPMessage(conn, tuple, dir, msg) if err != nil { logp.Warn("error processing memcache message: %s", err) } } conn.timer = time.AfterFunc(mc.tcpTransTimeout, func() { debug("connection=%p timed out", conn) mc.pushAllTCPTrans(conn) }) return tcpConn }