func (d *EndpointPayloadDetector) detectByFlow(payload []byte, flow gopacket.Flow) (layer gopacket.LayerType, err error) { var ok bool if layer, ok = d.srcEndpointMap[flow.Src()]; ok { return } if layer, ok = d.dstEndpointMap[flow.Dst()]; ok { return } return gopacket.LayerTypeZero, EndpointPayloadDetectorFailedError }
func (http MySql) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) { destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst())) // if isSupport(destPort) { return NewMySqlStream() } // return nil }
func (http Http) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) { destPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Dst())) srcPort, _ := strconv.Atoi(fmt.Sprintf("%v", tcpFlow.Src())) // // var key string = "" var isUp bool if isSupport(destPort) { isUp = true key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Src(), tcpFlow.Src(), netFlow.Dst(), tcpFlow.Dst()) } else if isSupport(srcPort) { isUp = false key = fmt.Sprintf("%v:%v-%v:%v", netFlow.Dst(), tcpFlow.Dst(), netFlow.Src(), tcpFlow.Src()) } // if key != "" { logH.Debug("%v", netFlow) httpData, ok := dataMap[key] if !ok { httpData = NewHttpData() dataMap[key] = httpData } //請求 if isUp { stream := NewHttpRequestStream(httpData.wg) httpData.requestStream = stream return &stream.reader //响应 } else if httpData.requestStream != nil { stream := NewHttpResponseStream(httpData.requestStream, httpData.wg) httpData.responseStream = stream // delete(dataMap, key) return &stream.reader } } // return nil }
func (assembler *TcpAssembler) assemble(flow gopacket.Flow, tcp *layers.TCP, timestamp time.Time) { src := EndPoint{ip: flow.Src().String(), port: uint16(tcp.SrcPort)} dst := EndPoint{ip: flow.Dst().String(), port: uint16(tcp.DstPort)} dropped := false if assembler.filterIp != "" { if src.ip != assembler.filterIp && dst.ip != assembler.filterIp { dropped = true } } if assembler.filterPort != 0 { if src.port != assembler.filterPort && dst.port != assembler.filterPort { dropped = true } } if dropped { return } srcString := src.String() dstString := dst.String() var key string if srcString < dstString { key = srcString + "-" + dstString } else { key = dstString + "-" + srcString } var createNewConn = tcp.SYN && !tcp.ACK || isHttpRequestData(tcp.Payload) connection := assembler.retrieveConnection(src, dst, key, createNewConn) if connection == nil { return } connection.onReceive(src, dst, tcp, timestamp) if connection.closed() { assembler.deleteConnection(key) connection.finish() } }
func (f HttpStreamFactory) New(netFlow, tcpFlow gopacket.Flow) (ret tcpassembly.Stream) { revkey := fmt.Sprintf("%v:%v->%v:%v", netFlow.Dst(), tcpFlow.Dst(), netFlow.Src(), tcpFlow.Src()) streamPair, ok := (*f.uniStreams)[revkey] src := make(PacketSource) if ok { if streamPair.upStream == nil { panic("unbelievable!?") } delete(*f.uniStreams, revkey) s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, DownDirection) streamPair.downStream = &s ret = s go s.Process() } else { streamPair = new(HttpStreamPair) streamPair.connSeq = *f.seq streamPair.sem = make(chan byte, 1) key := fmt.Sprintf("%v:%v->%v:%v", netFlow.Src(), tcpFlow.Src(), netFlow.Dst(), tcpFlow.Dst()) s := NewHttpStream(src, "", streamPair.connSeq, f.wg, *f.eventChan, streamPair.sem, UpDirection) streamPair.upStream = &s (*f.uniStreams)[key] = streamPair *f.seq++ go s.Process() ret = s } f.wg.Add(1) return }