diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..656a0a4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ + diff --git a/core/assembly.go b/core/assembly.go index 90ffba2..07cb409 100644 --- a/core/assembly.go +++ b/core/assembly.go @@ -191,28 +191,28 @@ func (p *StreamPool) connections() []*connection { return conns } - //FlushOlderThan finds any streams waiting for packets older than the given - //time, and pushes through the data they have (IE: tells them to stop waiting - //and skip the data they're waiting for). - // - //Each Stream maintains a list of zero or more sets of bytes it has received - //out-of-order. For example, if it has processed up through sequence number - //10, it might have bytes [15-20), [20-25), [30,50) in its list. Each set of - //bytes also has the timestamp it was originally viewed. A flush call will - //look at the smallest subsequent set of bytes, in this case [15-20), and if - //its timestamp is older than the passed-in time, it will push it and all - //contiguous byte-sets out to the Stream's Reassembled function. In this case, - //it will push [15-20), but also [20-25), since that's contiguous. It will - //only push [30-50) if its timestamp is also older than the passed-in time, - //otherwise it will wait until the next FlushOlderThan to see if bytes [25-30) - //come in. - // - //If it pushes all bytes (or there were no sets of bytes to begin with) AND the - //connection has not received any bytes since the passed-in time, the - //connection will be closed. - // - //Returns the number of connections flushed, and of those, the number closed - //because of the flush. +// FlushOlderThan finds any streams waiting for packets older than the given +// time, and pushes through the data they have (IE: tells them to stop waiting +// and skip the data they're waiting for). +// +// Each Stream maintains a list of zero or more sets of bytes it has received +// out-of-order. For example, if it has processed up through sequence number +// 10, it might have bytes [15-20), [20-25), [30,50) in its list. Each set of +// bytes also has the timestamp it was originally viewed. A flush call will +// look at the smallest subsequent set of bytes, in this case [15-20), and if +// its timestamp is older than the passed-in time, it will push it and all +// contiguous byte-sets out to the Stream's Reassembled function. In this case, +// it will push [15-20), but also [20-25), since that's contiguous. It will +// only push [30-50) if its timestamp is also older than the passed-in time, +// otherwise it will wait until the next FlushOlderThan to see if bytes [25-30) +// come in. +// +// If it pushes all bytes (or there were no sets of bytes to begin with) AND the +// connection has not received any bytes since the passed-in time, the +// connection will be closed. +// +// Returns the number of connections flushed, and of those, the number closed +// because of the flush. func (a *Assembler) FlushOlderThan(t time.Time) (flushed, closed int) { conns := a.connPool.connections() closes := 0 diff --git a/core/cmd.go b/core/cmd.go index 9091cda..03421d0 100644 --- a/core/cmd.go +++ b/core/cmd.go @@ -1,11 +1,11 @@ package core import ( - "os" - "strings" "fmt" "net" + "os" "strconv" + "strings" ) const InternalCmdPrefix = "--" @@ -18,27 +18,27 @@ const ( ) type Cmd struct { - Device string + Device string plugHandle *Plug } func NewCmd(p *Plug) *Cmd { return &Cmd{ - plugHandle:p, + plugHandle: p, } } -//start +// start func (cm *Cmd) Run() { - //print help + // print help if len(os.Args) <= 1 { cm.printHelpMessage() os.Exit(1) } - //parse command + // parse command firstArg := string(os.Args[1]) if strings.HasPrefix(firstArg, InternalCmdPrefix) { cm.parseInternalCmd() @@ -47,35 +47,35 @@ func (cm *Cmd) Run() { } } -//parse internal commend -//like --help, --env, --device +// parse internal commend +// like --help, --env, --device func (cm *Cmd) parseInternalCmd() { arg := string(os.Args[1]) cmd := strings.Trim(arg, InternalCmdPrefix) switch cmd { - case InternalCmdHelp: - cm.printHelpMessage() - break - case InternalCmdEnv: - fmt.Println("External plug-in path : "+cm.plugHandle.dir) - break - case InternalCmdList: - cm.plugHandle.PrintList() - break - case InternalCmdVer: - fmt.Println(cxt.Version) - break - case InternalDevice: - cm.printDevice() - break + case InternalCmdHelp: + cm.printHelpMessage() + break + case InternalCmdEnv: + fmt.Println("External plug-in path : " + cm.plugHandle.dir) + break + case InternalCmdList: + cm.plugHandle.PrintList() + break + case InternalCmdVer: + fmt.Println(cxt.Version) + break + case InternalDevice: + cm.printDevice() + break } os.Exit(1) } -//usage -func (cm *Cmd) printHelpMessage() { +// usage +func (cm *Cmd) printHelpMessage() { fmt.Println("==================================================================================") fmt.Println("[Usage]") @@ -100,33 +100,33 @@ func (cm *Cmd) printHelpMessage() { fmt.Println("==================================================================================") } -//print plug-in list +// print plug-in list func (cm *Cmd) printPlugList() { l := len(cm.plugHandle.InternalPlugList) l += len(cm.plugHandle.ExternalPlugList) - fmt.Println("# Number of plug-ins : "+strconv.Itoa(l)) + fmt.Println("# Number of plug-ins : " + strconv.Itoa(l)) } -//print device +// print device func (cm *Cmd) printDevice() { - ifaces, err:= net.Interfaces() + ifaces, err := net.Interfaces() if err != nil { panic(err) } for _, iface := range ifaces { addrs, _ := iface.Addrs() - for _,a:=range addrs { + for _, a := range addrs { if ipnet, ok := a.(*net.IPNet); ok { if ip4 := ipnet.IP.To4(); ip4 != nil { - fmt.Println("[device] : "+iface.Name+" : "+iface.HardwareAddr.String()+" "+ip4.String()) + fmt.Println("[device] : " + iface.Name + " : " + iface.HardwareAddr.String() + " " + ip4.String()) } } } } } -//Parameters needed for plug-ins -func (cm *Cmd) parsePlugCmd() { +// Parameters needed for plug-ins +func (cm *Cmd) parsePlugCmd() { if len(os.Args) < 3 { fmt.Println("not found [Plug-in name]") @@ -134,12 +134,8 @@ func (cm *Cmd) parsePlugCmd() { os.Exit(1) } - cm.Device = os.Args[1] - plugName := os.Args[2] - plugParams:= os.Args[3:] + cm.Device = os.Args[1] + plugName := os.Args[2] + plugParams := os.Args[3:] cm.plugHandle.SetOption(plugName, plugParams) } - - - - diff --git a/core/core.go b/core/core.go index d3cec8c..1e7d7f4 100644 --- a/core/core.go +++ b/core/core.go @@ -1,6 +1,6 @@ package core -type Core struct{ +type Core struct { Version string } @@ -13,15 +13,15 @@ func New() Core { return cxt } -func (c *Core) Run() { +func (c *Core) Run() { - //new plugin + // new plugin plug := NewPlug() - //parse commend + // parse commend cmd := NewCmd(plug) cmd.Run() - //dispatch + // dispatch NewDispatch(plug, cmd).Capture() -} \ No newline at end of file +} diff --git a/core/dispatch.go b/core/dispatch.go index 4e5a7f1..ea18927 100644 --- a/core/dispatch.go +++ b/core/dispatch.go @@ -2,57 +2,58 @@ package core import ( "fmt" + "log" + "time" + "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "github.com/google/gopacket/tcpassembly" "github.com/google/gopacket/tcpassembly/tcpreader" - "log" - "time" ) type Dispatch struct { - device string + device string payload []byte - Plug *Plug + Plug *Plug } func NewDispatch(plug *Plug, cmd *Cmd) *Dispatch { - return &Dispatch { - Plug: plug, - device:cmd.Device, + return &Dispatch{ + Plug: plug, + device: cmd.Device, } } func (d *Dispatch) Capture() { - //init device + // init device handle, err := pcap.OpenLive(d.device, 65535, false, pcap.BlockForever) if err != nil { log.Fatal(err) return } - //set filter + // set filter fmt.Println(d.Plug.BPF) err = handle.SetBPFFilter(d.Plug.BPF) if err != nil { log.Fatal(err) } - //capture - src := gopacket.NewPacketSource(handle, handle.LinkType()) + // capture + src := gopacket.NewPacketSource(handle, handle.LinkType()) packets := src.Packets() - //set up assembly + // set up assembly streamFactory := &ProtocolStreamFactory{ - dispatch:d, + dispatch: d, } streamPool := NewStreamPool(streamFactory) - assembler := NewAssembler(streamPool) - ticker := time.Tick(time.Minute) + assembler := NewAssembler(streamPool) + ticker := time.Tick(time.Minute) - //loop until ctrl+z + // loop until ctrl+z for { select { case packet := <-packets: @@ -84,18 +85,18 @@ type ProtocolStream struct { func (m *ProtocolStreamFactory) New(net, transport gopacket.Flow) tcpassembly.Stream { - //init stream struct - stm := &ProtocolStream { + // init stream struct + stm := &ProtocolStream{ net: net, transport: transport, r: tcpreader.NewReaderStream(), } - //new stream + // new stream fmt.Println("# Start new stream:", net, transport) - //decode packet + // decode packet go m.dispatch.Plug.ResolveStream(net, transport, &(stm.r)) return &(stm.r) -} \ No newline at end of file +} diff --git a/core/plug.go b/core/plug.go index fe85a80..b372121 100644 --- a/core/plug.go +++ b/core/plug.go @@ -1,24 +1,24 @@ package core import ( - "io/ioutil" - "plugin" - "github.com/google/gopacket" + "fmt" "io" - mysql "github.com/40t/go-sniffer/plugSrc/mysql/build" - redis "github.com/40t/go-sniffer/plugSrc/redis/build" + "io/ioutil" + "path" + "path/filepath" + "plugin" + hp "github.com/40t/go-sniffer/plugSrc/http/build" mongodb "github.com/40t/go-sniffer/plugSrc/mongodb/build" - "path/filepath" - "fmt" - "path" + mysql "github.com/40t/go-sniffer/plugSrc/mysql/build" + redis "github.com/40t/go-sniffer/plugSrc/redis/build" + "github.com/google/gopacket" ) type Plug struct { - - dir string + dir string ResolveStream func(net gopacket.Flow, transport gopacket.Flow, r io.Reader) - BPF string + BPF string InternalPlugList map[string]PlugInterface ExternalPlugList map[string]ExternalPlug @@ -48,7 +48,7 @@ func NewPlug() *Plug { var p Plug - p.dir, _ = filepath.Abs( "./plug/") + p.dir, _ = filepath.Abs("./plug/") p.LoadInternalPlugList() p.LoadExternalPlugList() @@ -59,17 +59,17 @@ func (p *Plug) LoadInternalPlugList() { list := make(map[string]PlugInterface) - //Mysql - list["mysql"] = mysql.NewInstance() + // Mysql + list["mysql"] = mysql.NewInstance() - //Mongodb - list["mongodb"] = mongodb.NewInstance() + // Mongodb + list["mongodb"] = mongodb.NewInstance() - //Redis - list["redis"] = redis.NewInstance() + // Redis + list["redis"] = redis.NewInstance() - //Http - list["http"] = hp.NewInstance() + // Http + list["http"] = hp.NewInstance() p.InternalPlugList = list } @@ -87,7 +87,7 @@ func (p *Plug) LoadExternalPlugList() { continue } - plug, err := plugin.Open(p.dir+"/"+fi.Name()) + plug, err := plugin.Open(p.dir + "/" + fi.Name()) if err != nil { panic(err) } @@ -113,12 +113,12 @@ func (p *Plug) LoadExternalPlugList() { } version := versionFunc.(func() string)() - p.ExternalPlugList[fi.Name()] = ExternalPlug { - ResolvePacket:ResolvePacketFunc.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)), - SetFlag:setFlagFunc.(func([]string)), - BPFFilter:BPFFilterFunc.(func() string), - Version:version, - Name:fi.Name(), + p.ExternalPlugList[fi.Name()] = ExternalPlug{ + ResolvePacket: ResolvePacketFunc.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)), + SetFlag: setFlagFunc.(func([]string)), + BPFFilter: BPFFilterFunc.(func() string), + Version: version, + Name: fi.Name(), } } } @@ -129,34 +129,34 @@ func (p *Plug) ChangePath(dir string) { func (p *Plug) PrintList() { - //Print Internal Plug + // Print Internal Plug for inPlugName, _ := range p.InternalPlugList { - fmt.Println("internal plug : "+inPlugName) + fmt.Println("internal plug : " + inPlugName) } - //split + // split fmt.Println("-- --- --") - //print External Plug + // print External Plug for exPlugName, _ := range p.ExternalPlugList { - fmt.Println("external plug : "+exPlugName) + fmt.Println("external plug : " + exPlugName) } } func (p *Plug) SetOption(plugName string, plugParams []string) { - //Load Internal Plug + // Load Internal Plug if internalPlug, ok := p.InternalPlugList[plugName]; ok { p.ResolveStream = internalPlug.ResolveStream internalPlug.SetFlag(plugParams) - p.BPF = internalPlug.BPFFilter() + p.BPF = internalPlug.BPFFilter() return } - //Load External Plug - plug, err := plugin.Open("./plug/"+ plugName) + // Load External Plug + plug, err := plugin.Open("./plug/" + plugName) if err != nil { panic(err) } @@ -174,5 +174,5 @@ func (p *Plug) SetOption(plugName string, plugParams []string) { } p.ResolveStream = resolvePacket.(func(net gopacket.Flow, transport gopacket.Flow, r io.Reader)) setFlag.(func([]string))(plugParams) - p.BPF = BPFFilter.(func()string)() -} \ No newline at end of file + p.BPF = BPFFilter.(func() string)() +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..a3a5ad0 --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module github.com/40t/go-sniffer + +go 1.12 + +require github.com/google/gopacket v1.1.17 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..3b1095e --- /dev/null +++ b/go.sum @@ -0,0 +1,9 @@ +github.com/google/gopacket v1.1.17 h1:rMrlX2ZY2UbvT+sdz3+6J+pp2z+msCq9MxTU6ymxbBY= +github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67 h1:1Fzlr8kkDLQwqMP8GxrhptBLqZG/EDpiATneiZHY998= +golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/main.go b/main.go index 4dfee3a..a5e0ef9 100644 --- a/main.go +++ b/main.go @@ -7,4 +7,4 @@ import ( func main() { core := core.New() core.Run() -} \ No newline at end of file +} diff --git a/plugSrc/http/build/entry.go b/plugSrc/http/build/entry.go index 7682f04..2264bc8 100644 --- a/plugSrc/http/build/entry.go +++ b/plugSrc/http/build/entry.go @@ -1,28 +1,29 @@ package build import ( - "github.com/google/gopacket" + "bufio" + "fmt" "io" "log" - "strconv" - "fmt" - "os" - "bufio" "net/http" + "os" + "strconv" + + "github.com/google/gopacket" ) const ( - Port = 80 - Version = "0.1" + Port = 80 + Version = "0.1" ) const ( - CmdPort = "-p" + CmdPort = "-p" ) type H struct { - port int - version string + port int + version string } var hp *H @@ -30,8 +31,8 @@ var hp *H func NewInstance() *H { if hp == nil { hp = &H{ - port :Port, - version:Version, + port: Port, + version: Version, } } return hp @@ -66,31 +67,31 @@ func (m *H) ResolveStream(net, transport gopacket.Flow, buf io.Reader) { } func (m *H) BPFFilter() string { - return "tcp and port "+strconv.Itoa(m.port); + return "tcp and port " + strconv.Itoa(m.port) } func (m *H) Version() string { return Version } -func (m *H) SetFlag(flg []string) { +func (m *H) SetFlag(flg []string) { c := len(flg) if c == 0 { return } - if c >> 1 == 0 { + if c>>1 == 0 { fmt.Println("ERR : Http Number of parameters") os.Exit(1) } - for i:=0;i 0 && (data[0] == '{' || data[0] == 'O') { var v struct { - Id json.RawMessage `json:"$oid"` + Id json.RawMessage `json:"$oid"` Func struct { Id json.RawMessage } `json:"$oidFunc"` diff --git a/plugSrc/mongodb/build/bson/decimal.go b/plugSrc/mongodb/build/bson/decimal.go index 3d2f700..a3a28a4 100644 --- a/plugSrc/mongodb/build/bson/decimal.go +++ b/plugSrc/mongodb/build/bson/decimal.go @@ -58,7 +58,7 @@ func (d Decimal128) String() string { // Bits: 1*sign 2*ignored 14*exponent 111*significand. // Implicit 0b100 prefix in significand. e = int(d.h>>47&(1<<14-1)) - 6176 - //h = 4<<47 | d.h&(1<<47-1) + // h = 4<<47 | d.h&(1<<47-1) // Spec says all of these values are out of range. h, l = 0, 0 } else { diff --git a/plugSrc/mongodb/build/bson/json.go b/plugSrc/mongodb/build/bson/json.go index d0162ea..31eda05 100644 --- a/plugSrc/mongodb/build/bson/json.go +++ b/plugSrc/mongodb/build/bson/json.go @@ -4,9 +4,10 @@ import ( "bytes" "encoding/base64" "fmt" - "github.com/40t/go-sniffer/plugSrc/mongodb/build/internal/json" "strconv" "time" + + "github.com/40t/go-sniffer/plugSrc/mongodb/build/internal/json" ) // UnmarshalJSON unmarshals a JSON value that may hold non-standard diff --git a/plugSrc/mongodb/build/const.go b/plugSrc/mongodb/build/const.go index 860f90e..262686e 100644 --- a/plugSrc/mongodb/build/const.go +++ b/plugSrc/mongodb/build/const.go @@ -1,17 +1,17 @@ package build const ( - OP_REPLY = 1 //Reply to a client request. responseTo is set. - OP_UPDATE = 2001 //Update document. - OP_INSERT = 2002 //Insert new document. - RESERVED = 2003 //Formerly used for OP_GET_BY_OID. + OP_REPLY = 1 // Reply to a client request. responseTo is set. + OP_UPDATE = 2001 // Update document. + OP_INSERT = 2002 // Insert new document. + RESERVED = 2003 // Formerly used for OP_GET_BY_OID. - OP_QUERY = 2004 //Query a collection. - OP_GET_MORE = 2005 //Get more data from a query. See Cursors. - OP_DELETE = 2006 //Delete documents. - OP_KILL_CURSORS = 2007 //Notify database that the client has finished with the cursor. + OP_QUERY = 2004 // Query a collection. + OP_GET_MORE = 2005 // Get more data from a query. See Cursors. + OP_DELETE = 2006 // Delete documents. + OP_KILL_CURSORS = 2007 // Notify database that the client has finished with the cursor. - OP_COMMAND = 2010 //Cluster internal protocol representing a command request. - OP_COMMANDREPLY = 2011 //Cluster internal protocol representing a reply to an OP_COMMAND. - OP_MSG = 2013 //Send a message using the format introduced in MongoDB 3.6. -) \ No newline at end of file + OP_COMMAND = 2010 // Cluster internal protocol representing a command request. + OP_COMMANDREPLY = 2011 // Cluster internal protocol representing a reply to an OP_COMMAND. + OP_MSG = 2013 // Send a message using the format introduced in MongoDB 3.6. +) diff --git a/plugSrc/mongodb/build/entry.go b/plugSrc/mongodb/build/entry.go index fbbca15..aec440d 100644 --- a/plugSrc/mongodb/build/entry.go +++ b/plugSrc/mongodb/build/entry.go @@ -4,13 +4,14 @@ import ( "bytes" "encoding/binary" "fmt" - "github.com/google/gopacket" "io" "strconv" + + "github.com/google/gopacket" ) const ( - Port = 27017 + Port = 27017 Version = "0.1" CmdPort = "-p" ) @@ -26,15 +27,14 @@ type stream struct { } type packet struct { - - isClientFlow bool //client->server + isClientFlow bool // client->server messageLength int requestID int responseTo int - opCode int //request type + opCode int // request type - payload io.Reader + payload io.Reader } var mongodbInstance *Mongodb @@ -42,29 +42,29 @@ var mongodbInstance *Mongodb func NewInstance() *Mongodb { if mongodbInstance == nil { mongodbInstance = &Mongodb{ - port :Port, - version:Version, - source: make(map[string]*stream), + port: Port, + version: Version, + source: make(map[string]*stream), } } return mongodbInstance } -func (m *Mongodb) SetFlag(flg []string) { +func (m *Mongodb) SetFlag(flg []string) { c := len(flg) if c == 0 { return } - if c >> 1 != 1 { + if c>>1 != 1 { panic("ERR : Mongodb Number of parameters") } - for i:=0;i client || client -> server + // read bi-directional packet + // server -> client || client -> server for { newPacket := m.newPacket(net, transport, buf) @@ -118,12 +118,12 @@ func (m *Mongodb) ResolveStream(net, transport gopacket.Flow, buf io.Reader) { func (m *Mongodb) newPacket(net, transport gopacket.Flow, r io.Reader) *packet { - //read packet + // read packet var packet *packet var err error packet, err = readStream(r) - //stream close + // stream close if err == io.EOF { fmt.Println(net, transport, " close") return nil @@ -132,10 +132,10 @@ func (m *Mongodb) newPacket(net, transport gopacket.Flow, r io.Reader) *packet { return nil } - //set flow direction + // set flow direction if transport.Src().String() == strconv.Itoa(m.port) { packet.isClientFlow = false - }else{ + } else { packet.isClientFlow = true } @@ -145,7 +145,7 @@ func (m *Mongodb) newPacket(net, transport gopacket.Flow, r io.Reader) *packet { func (stm *stream) resolve() { for { select { - case packet := <- stm.packets: + case packet := <-stm.packets: if packet.isClientFlow { stm.resolveClientPacket(packet) } else { @@ -165,11 +165,11 @@ func (stm *stream) resolveClientPacket(pk *packet) { switch pk.opCode { case OP_UPDATE: - zero := ReadInt32(pk.payload) + zero := ReadInt32(pk.payload) fullCollectionName := ReadString(pk.payload) - flags := ReadInt32(pk.payload) - selector := ReadBson2Json(pk.payload) - update := ReadBson2Json(pk.payload) + flags := ReadInt32(pk.payload) + selector := ReadBson2Json(pk.payload) + update := ReadBson2Json(pk.payload) _ = zero _ = flags @@ -180,9 +180,9 @@ func (stm *stream) resolveClientPacket(pk *packet) { ) case OP_INSERT: - flags := ReadInt32(pk.payload) + flags := ReadInt32(pk.payload) fullCollectionName := ReadString(pk.payload) - command := ReadBson2Json(pk.payload) + command := ReadBson2Json(pk.payload) _ = flags msg = fmt.Sprintf(" [Insert] [coll:%s] %v", @@ -191,16 +191,16 @@ func (stm *stream) resolveClientPacket(pk *packet) { ) case OP_QUERY: - flags := ReadInt32(pk.payload) + flags := ReadInt32(pk.payload) fullCollectionName := ReadString(pk.payload) - numberToSkip := ReadInt32(pk.payload) - numberToReturn := ReadInt32(pk.payload) + numberToSkip := ReadInt32(pk.payload) + numberToReturn := ReadInt32(pk.payload) _ = flags _ = numberToSkip _ = numberToReturn - command := ReadBson2Json(pk.payload) - selector := ReadBson2Json(pk.payload) + command := ReadBson2Json(pk.payload) + selector := ReadBson2Json(pk.payload) msg = fmt.Sprintf(" [Query] [coll:%s] %v %v", fullCollectionName, @@ -209,11 +209,11 @@ func (stm *stream) resolveClientPacket(pk *packet) { ) case OP_COMMAND: - database := ReadString(pk.payload) - commandName := ReadString(pk.payload) - metaData := ReadBson2Json(pk.payload) - commandArgs := ReadBson2Json(pk.payload) - inputDocs := ReadBson2Json(pk.payload) + database := ReadString(pk.payload) + commandName := ReadString(pk.payload) + metaData := ReadBson2Json(pk.payload) + commandArgs := ReadBson2Json(pk.payload) + inputDocs := ReadBson2Json(pk.payload) msg = fmt.Sprintf(" [Commend] [DB:%s] [Cmd:%s] %v %v %v", database, @@ -224,10 +224,10 @@ func (stm *stream) resolveClientPacket(pk *packet) { ) case OP_GET_MORE: - zero := ReadInt32(pk.payload) + zero := ReadInt32(pk.payload) fullCollectionName := ReadString(pk.payload) - numberToReturn := ReadInt32(pk.payload) - cursorId := ReadInt64(pk.payload) + numberToReturn := ReadInt32(pk.payload) + cursorId := ReadInt64(pk.payload) _ = zero msg = fmt.Sprintf(" [Query more] [coll:%s] [num of reply:%v] [cursor:%v]", @@ -237,10 +237,10 @@ func (stm *stream) resolveClientPacket(pk *packet) { ) case OP_DELETE: - zero := ReadInt32(pk.payload) + zero := ReadInt32(pk.payload) fullCollectionName := ReadString(pk.payload) - flags := ReadInt32(pk.payload) - selector := ReadBson2Json(pk.payload) + flags := ReadInt32(pk.payload) + selector := ReadBson2Json(pk.payload) _ = zero _ = flags @@ -263,10 +263,10 @@ func readStream(r io.Reader) (*packet, error) { var buf bytes.Buffer p := &packet{} - //header + // header header := make([]byte, 16) if _, err := io.ReadFull(r, header); err != nil { - return nil,err + return nil, err } // message length diff --git a/plugSrc/mongodb/build/internal/json/decode.go b/plugSrc/mongodb/build/internal/json/decode.go index ce7c7d2..57ac1ff 100644 --- a/plugSrc/mongodb/build/internal/json/decode.go +++ b/plugSrc/mongodb/build/internal/json/decode.go @@ -773,7 +773,7 @@ func (d *decodeState) isNull(off int) bool { // name consumes a const or function from d.data[d.off-1:], decoding into the value v. // the first byte of the function name has been read already. func (d *decodeState) name(v reflect.Value) { - if d.isNull(d.off-1) { + if d.isNull(d.off - 1) { d.literal(v) return } @@ -859,7 +859,7 @@ func (d *decodeState) name(v reflect.Value) { } // TODO Fix case of func field as map. - //topv := v + // topv := v // Figure out field corresponding to function. key := []byte(funcData.key) @@ -1076,9 +1076,9 @@ func (d *decodeState) storeKeyed(v reflect.Value) bool { } var ( - trueBytes = []byte("true") + trueBytes = []byte("true") falseBytes = []byte("false") - nullBytes = []byte("null") + nullBytes = []byte("null") ) func (d *decodeState) storeValue(v reflect.Value, from interface{}) { @@ -1173,7 +1173,7 @@ var numberType = reflect.TypeOf(Number("")) func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { // Check for unmarshaler. if len(item) == 0 { - //Empty string given + // Empty string given d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) return } diff --git a/plugSrc/mongodb/build/util.go b/plugSrc/mongodb/build/util.go index 2b74f73..5efb680 100644 --- a/plugSrc/mongodb/build/util.go +++ b/plugSrc/mongodb/build/util.go @@ -4,8 +4,9 @@ import ( "encoding/binary" "encoding/json" "fmt" - "time" "io" + "time" + "github.com/40t/go-sniffer/plugSrc/mongodb/build/bson" ) @@ -15,7 +16,7 @@ func GetNowStr(isClient bool) string { msg += time.Now().Format(layout) if isClient { msg += "| cli -> ser |" - }else{ + } else { msg += "| ser -> cli |" } return msg @@ -54,33 +55,32 @@ func ReadString(r io.Reader) string { return string(result) } -func ReadBson2Json(r io.Reader) (string) { +func ReadBson2Json(r io.Reader) string { - //read len + // read len docLen := ReadInt32(r) if docLen == 0 { return "" } - //document []byte + // document []byte docBytes := make([]byte, int(docLen)) binary.LittleEndian.PutUint32(docBytes, uint32(docLen)) if _, err := io.ReadFull(r, docBytes[4:]); err != nil { panic(err) } - //resolve document + // resolve document var bsn bson.M err := bson.Unmarshal(docBytes, &bsn) if err != nil { panic(err) } - //format to Json + // format to Json jsonStr, err := json.Marshal(bsn) if err != nil { return fmt.Sprintf("{\"error\":%s}", err.Error()) } return string(jsonStr) } - diff --git a/plugSrc/mysql/build/const.go b/plugSrc/mysql/build/const.go index fabc167..5bbf92c 100644 --- a/plugSrc/mysql/build/const.go +++ b/plugSrc/mysql/build/const.go @@ -1,67 +1,67 @@ package build const ( - ComQueryRequestPacket string = "【Query】" - OkPacket string = "【Ok】" - ErrorPacket string = "【Err】" - PreparePacket string = "【Pretreatment】" + ComQueryRequestPacket string = "【Query】" + OkPacket string = "【Ok】" + ErrorPacket string = "【Err】" + PreparePacket string = "【Pretreatment】" SendClientHandshakePacket string = "【User Auth】" SendServerHandshakePacket string = "【Login】" ) const ( - COM_SLEEP byte = 0 - COM_QUIT = 1 - COM_INIT_DB = 2 - COM_QUERY = 3 - COM_FIELD_LIST = 4 - COM_CREATE_DB = 5 - COM_DROP_DB = 6 - COM_REFRESH = 7 - COM_SHUTDOWN = 8 - COM_STATISTICS = 9 - COM_PROCESS_INFO = 10 - COM_CONNECT = 11 - COM_PROCESS_KILL = 12 - COM_DEBUG = 13 - COM_PING = 14 - COM_TIME = 15 - COM_DELAYED_INSERT = 16 - COM_CHANGE_USER = 17 - COM_BINLOG_DUMP = 18 - COM_TABLE_DUMP = 19 - COM_CONNECT_OUT = 20 - COM_REGISTER_SLAVE = 21 - COM_STMT_PREPARE = 22 - COM_STMT_EXECUTE = 23 - COM_STMT_SEND_LONG_DATA = 24 - COM_STMT_CLOSE = 25 - COM_STMT_RESET = 26 - COM_SET_OPTION = 27 - COM_STMT_FETCH = 28 - COM_DAEMON = 29 - COM_BINLOG_DUMP_GTID = 30 - COM_RESET_CONNECTION = 31 + COM_SLEEP byte = 0 + COM_QUIT = 1 + COM_INIT_DB = 2 + COM_QUERY = 3 + COM_FIELD_LIST = 4 + COM_CREATE_DB = 5 + COM_DROP_DB = 6 + COM_REFRESH = 7 + COM_SHUTDOWN = 8 + COM_STATISTICS = 9 + COM_PROCESS_INFO = 10 + COM_CONNECT = 11 + COM_PROCESS_KILL = 12 + COM_DEBUG = 13 + COM_PING = 14 + COM_TIME = 15 + COM_DELAYED_INSERT = 16 + COM_CHANGE_USER = 17 + COM_BINLOG_DUMP = 18 + COM_TABLE_DUMP = 19 + COM_CONNECT_OUT = 20 + COM_REGISTER_SLAVE = 21 + COM_STMT_PREPARE = 22 + COM_STMT_EXECUTE = 23 + COM_STMT_SEND_LONG_DATA = 24 + COM_STMT_CLOSE = 25 + COM_STMT_RESET = 26 + COM_SET_OPTION = 27 + COM_STMT_FETCH = 28 + COM_DAEMON = 29 + COM_BINLOG_DUMP_GTID = 30 + COM_RESET_CONNECTION = 31 ) const ( - MYSQL_TYPE_DECIMAL byte = 0 - MYSQL_TYPE_TINY = 1 - MYSQL_TYPE_SHORT = 2 - MYSQL_TYPE_LONG = 3 - MYSQL_TYPE_FLOAT = 4 - MYSQL_TYPE_DOUBLE = 5 - MYSQL_TYPE_NULL = 6 - MYSQL_TYPE_TIMESTAMP = 7 - MYSQL_TYPE_LONGLONG = 8 - MYSQL_TYPE_INT24 = 9 - MYSQL_TYPE_DATE = 10 - MYSQL_TYPE_TIME = 11 - MYSQL_TYPE_DATETIME = 12 - MYSQL_TYPE_YEAR = 13 - MYSQL_TYPE_NEWDATE = 14 - MYSQL_TYPE_VARCHAR = 15 - MYSQL_TYPE_BIT = 16 + MYSQL_TYPE_DECIMAL byte = 0 + MYSQL_TYPE_TINY = 1 + MYSQL_TYPE_SHORT = 2 + MYSQL_TYPE_LONG = 3 + MYSQL_TYPE_FLOAT = 4 + MYSQL_TYPE_DOUBLE = 5 + MYSQL_TYPE_NULL = 6 + MYSQL_TYPE_TIMESTAMP = 7 + MYSQL_TYPE_LONGLONG = 8 + MYSQL_TYPE_INT24 = 9 + MYSQL_TYPE_DATE = 10 + MYSQL_TYPE_TIME = 11 + MYSQL_TYPE_DATETIME = 12 + MYSQL_TYPE_YEAR = 13 + MYSQL_TYPE_NEWDATE = 14 + MYSQL_TYPE_VARCHAR = 15 + MYSQL_TYPE_BIT = 16 ) const ( diff --git a/plugSrc/mysql/build/entry.go b/plugSrc/mysql/build/entry.go index 4a1ba39..cb16dcf 100644 --- a/plugSrc/mysql/build/entry.go +++ b/plugSrc/mysql/build/entry.go @@ -1,30 +1,31 @@ package build import ( - "github.com/google/gopacket" - "io" "bytes" + "encoding/binary" "errors" + "fmt" + "io" "log" + "os" "strconv" + "strings" "sync" "time" - "fmt" - "encoding/binary" - "strings" - "os" + + "github.com/google/gopacket" ) const ( - Port = 3306 - Version = "0.1" - CmdPort = "-p" + Port = 3306 + Version = "0.1" + CmdPort = "-p" ) type Mysql struct { - port int - version string - source map[string]*stream + port int + version string + source map[string]*stream } type stream struct { @@ -34,20 +35,21 @@ type stream struct { type packet struct { isClientFlow bool - seq int - length int - payload []byte + seq int + length int + payload []byte } var mysql *Mysql var once sync.Once + func NewInstance() *Mysql { once.Do(func() { mysql = &Mysql{ - port :Port, - version:Version, - source: make(map[string]*stream), + port: Port, + version: Version, + source: make(map[string]*stream), } }) @@ -56,23 +58,23 @@ func NewInstance() *Mysql { func (m *Mysql) ResolveStream(net, transport gopacket.Flow, buf io.Reader) { - //uuid + // uuid uuid := fmt.Sprintf("%v:%v", net.FastHash(), transport.FastHash()) - //generate resolve's stream + // generate resolve's stream if _, ok := m.source[uuid]; !ok { var newStream = stream{ - packets:make(chan *packet, 100), - stmtMap:make(map[uint32]*Stmt), + packets: make(chan *packet, 100), + stmtMap: make(map[uint32]*Stmt), } m.source[uuid] = &newStream go newStream.resolve() } - //read bi-directional packet - //server -> client || client -> server + // read bi-directional packet + // server -> client || client -> server for { newPacket := m.newPacket(net, transport, buf) @@ -86,31 +88,31 @@ func (m *Mysql) ResolveStream(net, transport gopacket.Flow, buf io.Reader) { } func (m *Mysql) BPFFilter() string { - return "tcp and port "+strconv.Itoa(m.port); + return "tcp and port " + strconv.Itoa(m.port) } func (m *Mysql) Version() string { return Version } -func (m *Mysql) SetFlag(flg []string) { +func (m *Mysql) SetFlag(flg []string) { c := len(flg) if c == 0 { return } - if c >> 1 == 0 { + if c>>1 == 0 { fmt.Println("ERR : Mysql Number of parameters") os.Exit(1) } - for i:=0;i 0 { - //(Null-Bitmap,len = (paramsCount + 7) / 8 byte) + // (Null-Bitmap,len = (paramsCount + 7) / 8 byte) step := int((stmt.ParamCount + 7) / 8) nullBitmap := payload[pos : pos+step] pos += step - //Parameter separator + // Parameter separator flag := payload[pos] pos++ - var pTypes []byte + var pTypes []byte var pValues []byte - //if flag == 1 - //n (len = paramsCount * 2 byte) + // if flag == 1 + // n (len = paramsCount * 2 byte) if flag == 1 { pTypes = payload[pos : pos+int(stmt.ParamCount)*2] pos += int(stmt.ParamCount) * 2 pValues = payload[pos:] } - //bind params + // bind params err := stmt.BindArgs(nullBitmap, pTypes, pValues) if err != nil { log.Println("ERR : Could not bind params", err) @@ -353,4 +355,3 @@ func (stm *stream) resolveClientPacket(payload []byte, seq int) { fmt.Println(GetNowStr(true) + msg) } - diff --git a/plugSrc/mysql/build/stmt.go b/plugSrc/mysql/build/stmt.go index 80071a5..64de1a3 100644 --- a/plugSrc/mysql/build/stmt.go +++ b/plugSrc/mysql/build/stmt.go @@ -3,10 +3,10 @@ package build import ( "bytes" "encoding/binary" + "errors" "fmt" "math" "strings" - "errors" ) type Stmt struct { diff --git a/plugSrc/mysql/build/util.go b/plugSrc/mysql/build/util.go index fd26727..6f11c1c 100644 --- a/plugSrc/mysql/build/util.go +++ b/plugSrc/mysql/build/util.go @@ -12,13 +12,13 @@ func GetNowStr(isClient bool) string { msg += time.Now().Format("2006-01-02 15:04:05") if isClient { msg += "| cli -> ser |" - }else{ + } else { msg += "| ser -> cli |" } return msg } -func ReadStringFromByte(b []byte) (string,int) { +func ReadStringFromByte(b []byte) (string, int) { var l int l = bytes.IndexByte(b, 0x00) @@ -35,18 +35,18 @@ func LengthBinary(b []byte) (uint32, int) { return uint32(first), 1 } if first == 251 { - return 0,1 + return 0, 1 } if first == 252 { - return binary.LittleEndian.Uint32(b[1:2]),1 + return binary.LittleEndian.Uint32(b[1:2]), 1 } if first == 253 { - return binary.LittleEndian.Uint32(b[1:4]),3 + return binary.LittleEndian.Uint32(b[1:4]), 3 } if first == 254 { - return binary.LittleEndian.Uint32(b[1:9]),8 + return binary.LittleEndian.Uint32(b[1:9]), 8 } - return 0,0 + return 0, 0 } func LengthEncodedInt(input []byte) (num uint64, isNull bool, n int) { diff --git a/plugSrc/redis/build/entry.go b/plugSrc/redis/build/entry.go index 6116e89..052a950 100644 --- a/plugSrc/redis/build/entry.go +++ b/plugSrc/redis/build/entry.go @@ -1,33 +1,34 @@ package build import ( - "github.com/google/gopacket" - "io" - "strings" - "fmt" - "strconv" "bufio" + "fmt" + "io" + "strconv" + "strings" + + "github.com/google/gopacket" ) type Redis struct { - port int + port int version string - cmd chan string - done chan bool + cmd chan string + done chan bool } const ( - Port int = 6379 + Port int = 6379 Version string = "0.1" CmdPort string = "-p" ) -var redis = &Redis { - port:Port, - version:Version, +var redis = &Redis{ + port: Port, + version: Version, } -func NewInstance() *Redis{ +func NewInstance() *Redis { return redis } @@ -49,23 +50,23 @@ func (red Redis) ResolveStream(net, transport gopacket.Flow, r io.Reader) { } } - //Filtering useless data + // Filtering useless data if !strings.HasPrefix(string(line), "*") { continue } - //Do not display + // Do not display if strings.EqualFold(transport.Src().String(), strconv.Itoa(red.port)) == true { continue } - //run + // run l := string(line[1]) cmdCount, _ = strconv.Atoi(l) cmd = "" - for j := 0; j < cmdCount * 2; j++ { + for j := 0; j < cmdCount*2; j++ { c, _, _ := buf.ReadLine() - if j & 1 == 0 { + if j&1 == 0 { continue } cmd += " " + string(c) @@ -74,24 +75,22 @@ func (red Redis) ResolveStream(net, transport gopacket.Flow, r io.Reader) { } } -/** - SetOption - */ -func (red *Redis) SetFlag(flg []string) { +// SetOption +func (red *Redis) SetFlag(flg []string) { c := len(flg) if c == 0 { return } - if c >> 1 != 1 { + if c>>1 != 1 { panic("ERR : Redis num of params") } - for i:=0;i