func (http *httpPlugin) handleHTTP( conn *httpConnectionData, m *message, tcptuple *common.TCPTuple, dir uint8, ) { m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) http.hideHeaders(m) if m.isRequest { if isDebug { debugf("Received request with tuple: %s", m.tcpTuple) } conn.requests.append(m) } else { if isDebug { debugf("Received response with tuple: %s", m.tcpTuple) } conn.responses.append(m) http.correlate(conn) } }
func handleMysql(mysql *mysqlPlugin, m *mysqlMessage, tcptuple *common.TCPTuple, dir uint8, rawMsg []byte) { m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) m.raw = rawMsg if m.isRequest { mysql.receivedMysqlRequest(m) } else { mysql.receivedMysqlResponse(m) } }
func handleMysql(mysql *Mysql, m *MysqlMessage, tcptuple *common.TCPTuple, dir uint8, raw_msg []byte) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) m.Raw = raw_msg if m.IsRequest { mysql.receivedMysqlRequest(m) } else { mysql.receivedMysqlResponse(m) } }
func (dns *dnsPlugin) handleDNS(conn *dnsConnectionData, tcpTuple *common.TCPTuple, decodedData *mkdns.Msg, dir uint8) { message := conn.data[dir].message dnsTuple := dnsTupleFromIPPort(&message.tuple, transportTCP, decodedData.Id) message.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcpTuple.IPPort()) message.data = decodedData message.length += decodeOffset if decodedData.Response { dns.receivedDNSResponse(&dnsTuple, message) conn.prevRequest = nil } else /* Query */ { dns.receivedDNSRequest(&dnsTuple, message) conn.prevRequest = message } }
func (redis *Redis) handleRedis( conn *redisConnectionData, m *redisMessage, tcptuple *common.TCPTuple, dir uint8, ) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) if m.IsRequest { conn.requests.append(m) // wait for response } else { conn.responses.append(m) redis.correlate(conn) } }
func (mongodb *mongodbPlugin) handleMongodb( conn *mongodbConnectionData, m *mongodbMessage, tcptuple *common.TCPTuple, dir uint8, ) { m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) if m.isResponse { debugf("MongoDB response message") mongodb.onResponse(conn, m) } else { debugf("MongoDB request message") mongodb.onRequest(conn, m) } }
func (amqp *amqpPlugin) handleAmqp(m *amqpMessage, tcptuple *common.TCPTuple, dir uint8) { if amqp.mustHideCloseMethod(m) { return } debugf("A message is ready to be handled") m.tcpTuple = *tcptuple m.direction = dir m.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) if m.method == "basic.publish" { amqp.handlePublishing(m) } else if m.method == "basic.deliver" || m.method == "basic.return" || m.method == "basic.get-ok" { amqp.handleDelivering(m) } else if m.isRequest == true { amqp.handleAmqpRequest(m) } else if m.isRequest == false { amqp.handleAmqpResponse(m) } }
func (thrift *thriftPlugin) messageComplete(tcptuple *common.TCPTuple, dir uint8, stream *thriftStream, priv *thriftPrivateData) { flush := false if stream.message.isRequest { logp.Debug("thrift", "Thrift request message: %s", stream.message.method) if !thrift.captureReply { // enable the stream in the other direction to get the reply streamRev := priv.data[1-dir] if streamRev != nil { streamRev.skipInput = false } } } else { logp.Debug("thrift", "Thrift response message: %s", stream.message.method) if !thrift.captureReply { // disable stream in this direction stream.skipInput = true // and flush current data flush = true } } // all ok, go to next level stream.message.tcpTuple = *tcptuple stream.message.direction = dir stream.message.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort()) if stream.message.frameSize == 0 { stream.message.frameSize = uint32(stream.parseOffset - stream.message.start) } thrift.handleThrift(stream.message) // and reset message stream.prepareForNewMessage(flush) }
// Parse processes a TCP packet. Return nil if connection // state shall be dropped (e.g. parser not in sync with tcp stream) func (cassandra *cassandra) Parse( pkt *protos.Packet, tcptuple *common.TCPTuple, dir uint8, private protos.ProtocolData, ) protos.ProtocolData { defer logp.Recover("Parse cassandra exception") conn := cassandra.ensureConnection(private) st := conn.streams[dir] if st == nil { st = &stream{} st.parser.init(&cassandra.parserConfig, func(msg *message) error { return conn.trans.onMessage(tcptuple.IPPort(), dir, msg) }) conn.streams[dir] = st } if err := st.parser.feed(pkt.Ts, pkt.Payload); err != nil { debugf("%v, dropping TCP stream for error in direction %v.", err, dir) cassandra.onDropConnection(conn) return nil } return conn }
func (mc *Memcache) memcacheParseTCP( tcpConn *tcpConnectionData, pkt *protos.Packet, tcptuple *common.TCPTuple, dir uint8, ) *tcpConnectionData { // assume we are in sync stream := tcpConn.Streams[dir] if stream == nil { stream = mc.newStream(tcptuple) tcpConn.Streams[dir] = stream } debug("add payload to stream(%p): %v", stream, dir) if err := stream.Append(pkt.Payload); err != nil { debug("%v, dropping TCP streams", err) mc.pushAllTCPTrans(tcpConn.connection) tcpConn.drop(dir) return nil } if tcpConn.connection == nil { tcpConn.connection = &connection{} } else { stopped := tcpConn.connection.timer.Stop() if !stopped { // timer was stopped by someone else, create new connection tcpConn.connection = &connection{} } } conn := tcpConn.connection for stream.Buf.Total() > 0 { debug("stream(%p) try to content", stream) msg, err := stream.parse(pkt.Ts) if err != nil { // parsing error, drop tcp stream and retry with next segement debug("Ignore Memcache message, drop tcp stream: %v", err) mc.pushAllTCPTrans(conn) tcpConn.drop(dir) return nil } if msg == nil { // wait for more data break } stream.reset() tuple := tcptuple.IPPort() err = mc.onTCPMessage(conn, tuple, dir, msg) if err != nil { logp.Warn("error processing memcache message: %s", err) } } conn.timer = time.AfterFunc(mc.tcpTransTimeout, func() { debug("connection=%p timed out", conn) mc.pushAllTCPTrans(conn) }) return tcpConn }