func (http *HTTP) handleHTTP( conn *httpConnectionData, m *message, tcptuple *common.TcpTuple, dir uint8, ) { m.TCPTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) http.hideHeaders(m) if m.IsRequest { if isDebug { debugf("Received request with tuple: %s", m.TCPTuple) } conn.requests.append(m) } else { if isDebug { debugf("Received response with tuple: %s", m.TCPTuple) } conn.responses.append(m) http.correlate(conn) } }
func (dns *Dns) handleDns(m *DnsMessage, tcpTuple *common.TcpTuple, dir uint8, data []byte, decodedData *layers.DNS) { dnsTuple := DnsTupleFromIpPort(&m.Tuple, TransportTcp, decodedData.ID) m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcpTuple.IpPort()) m.Data = decodedData m.Length = len(data) if decodedData.QR == Query { dns.receivedDnsRequest(&dnsTuple, m) } else /* Response */ { dns.receivedDnsResponse(&dnsTuple, m) } }
func handleMysql(mysql *Mysql, m *MysqlMessage, tcptuple *common.TcpTuple, dir uint8, raw_msg []byte) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) m.Raw = raw_msg if m.IsRequest { mysql.receivedMysqlRequest(m) } else { mysql.receivedMysqlResponse(m) } }
func (http *HTTP) handleHTTP(m *message, tcptuple *common.TcpTuple, dir uint8, rawMsg []byte) { m.TCPTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) m.Raw = rawMsg if m.IsRequest { http.receivedHTTPRequest(m) } else { http.receivedHTTPResponse(m) } }
func (dns *Dns) handleDns(conn *dnsConnectionData, tcpTuple *common.TcpTuple, decodedData *mkdns.Msg, dir uint8) { message := conn.Data[dir].message dnsTuple := DnsTupleFromIpPort(&message.Tuple, TransportTcp, decodedData.Id) message.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcpTuple.IpPort()) message.Data = decodedData message.Length += DecodeOffset if decodedData.Response { dns.receivedDnsResponse(&dnsTuple, message) conn.prevRequest = nil } else /* Query */ { dns.receivedDnsRequest(&dnsTuple, message) conn.prevRequest = message } }
func (redis *Redis) handleRedis( conn *redisConnectionData, m *redisMessage, tcptuple *common.TcpTuple, dir uint8, ) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsRequest { conn.requests.append(m) // wait for response } else { conn.responses.append(m) redis.correlate(conn) } }
func (mongodb *Mongodb) handleMongodb( conn *mongodbConnectionData, m *mongodbMessage, tcptuple *common.TcpTuple, dir uint8, ) { m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.IsResponse { debugf("MongoDB response message") mongodb.onResponse(conn, m) } else { debugf("MongoDB request message") mongodb.onRequest(conn, m) } }
func (amqp *Amqp) handleAmqp(m *AmqpMessage, tcptuple *common.TcpTuple, dir uint8) { if amqp.mustHideCloseMethod(m) { return } debugf("A message is ready to be handled") m.TcpTuple = *tcptuple m.Direction = dir m.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if m.Method == "basic.publish" { amqp.handlePublishing(m) } else if m.Method == "basic.deliver" || m.Method == "basic.return" || m.Method == "basic.get-ok" { amqp.handleDelivering(m) } else if m.IsRequest == true { amqp.handleAmqpRequest(m) } else if m.IsRequest == false { amqp.handleAmqpResponse(m) } }
func (thrift *Thrift) messageComplete(tcptuple *common.TcpTuple, dir uint8, stream *ThriftStream, priv *thriftPrivateData) { var flush bool = false if stream.message.IsRequest { logp.Debug("thrift", "Thrift request message: %s", stream.message.Method) if !thrift.CaptureReply { // enable the stream in the other direction to get the reply stream_rev := priv.Data[1-dir] if stream_rev != nil { stream_rev.skipInput = false } } } else { logp.Debug("thrift", "Thrift response message: %s", stream.message.Method) if !thrift.CaptureReply { // disable stream in this direction stream.skipInput = true // and flush current data flush = true } } // all ok, go to next level stream.message.TcpTuple = *tcptuple stream.message.Direction = dir stream.message.CmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IpPort()) if stream.message.FrameSize == 0 { stream.message.FrameSize = uint32(stream.parseOffset - stream.message.start) } thrift.handleThrift(stream.message) // and reset message stream.PrepareForNewMessage(flush) }
// Parse processes a TCP packet. Return nil if connection // state shall be dropped (e.g. parser not in sync with tcp stream) func (cassandra *cassandra) Parse( pkt *protos.Packet, tcptuple *common.TcpTuple, dir uint8, private protos.ProtocolData, ) protos.ProtocolData { defer logp.Recover("Parse cassandra exception") conn := cassandra.ensureConnection(private) st := conn.streams[dir] if st == nil { st = &stream{} st.parser.init(&cassandra.parserConfig, func(msg *message) error { return conn.trans.onMessage(tcptuple.IpPort(), dir, msg) }) conn.streams[dir] = st } if err := st.parser.feed(pkt.Ts, pkt.Payload); err != nil { debugf("%v, dropping TCP stream for error in direction %v.", err, dir) cassandra.onDropConnection(conn) return nil } return conn }
func (mc *Memcache) memcacheParseTCP( tcpConn *tcpConnectionData, pkt *protos.Packet, tcptuple *common.TcpTuple, dir uint8, ) *tcpConnectionData { // assume we are in sync stream := tcpConn.Streams[dir] if stream == nil { stream = mc.newStream(tcptuple) tcpConn.Streams[dir] = stream } debug("add payload to stream(%p): %v", stream, dir) if err := stream.Append(pkt.Payload); err != nil { debug("%v, dropping TCP streams", err) mc.pushAllTCPTrans(tcpConn.connection) tcpConn.drop(dir) return nil } if tcpConn.connection == nil { tcpConn.connection = &connection{} } else { stopped := tcpConn.connection.timer.Stop() if !stopped { // timer was stopped by someone else, create new connection tcpConn.connection = &connection{} } } conn := tcpConn.connection for stream.Buf.Total() > 0 { debug("stream(%p) try to content", stream) msg, err := stream.parse(pkt.Ts) if err != nil { // parsing error, drop tcp stream and retry with next segement debug("Ignore Memcache message, drop tcp stream: %v", err) mc.pushAllTCPTrans(conn) tcpConn.drop(dir) return nil } if msg == nil { // wait for more data break } stream.reset() tuple := tcptuple.IpPort() err = mc.onTCPMessage(conn, tuple, dir, msg) if err != nil { logp.Warn("error processing memcache message: %s", err) } } conn.timer = time.AfterFunc(mc.tcpTransTimeout, func() { debug("connection=%p timed out", conn) mc.pushAllTCPTrans(conn) }) return tcpConn }