Initial commit

capture/config.go

@@ -0,0 +1,22 @@
+package capture
+
+import (
+	sd "github.com/zr-hebo/sniffer-agent/session-dealer"
+	log "github.com/sirupsen/logrus"
+)
+
+var (
+	localIPAddr string
+
+	sessionPool = make(map[string]sd.ConnSession)
+)
+
+func init() {
+	var err error
+	localIPAddr, err = getLocalIPAddr()
+	if err != nil {
+		panic(err)
+	}
+
+	log.Infof("parsed local ip address:%s", localIPAddr)
+}

capture/const.go

@@ -0,0 +1 @@
+package capture

capture/network.go

@@ -0,0 +1,180 @@
+package capture
+
+import (
+	"flag"
+	"fmt"
+	log "github.com/sirupsen/logrus"
+	sd "github.com/zr-hebo/sniffer-agent/session-dealer"
+	"github.com/zr-hebo/sniffer-agent/model"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcap"
+)
+
+var (
+	DeviceName  string
+	snifferPort int
+)
+
+func init() {
+	flag.StringVar(&DeviceName, "interface", "eth0", "network device name. Default is eth0")
+	flag.IntVar(&snifferPort, "port", 3306, "sniffer port. Default is 3306")
+}
+
+// networkCard is network device
+type networkCard struct {
+	name string
+	listenPort int
+}
+
+func NewNetworkCard() (nc *networkCard) {
+	// init device
+	return &networkCard{name: DeviceName, listenPort: snifferPort}
+}
+
+// Listen get a connection.
+func (nc *networkCard) Listen() (receiver chan model.QueryPiece) {
+	receiver = make(chan model.QueryPiece, 100)
+
+	go func() {
+		defer func() {
+			close(receiver)
+		}()
+
+		handle, err := pcap.OpenLive(DeviceName, 65535, false, pcap.BlockForever)
+		if err != nil {
+			panic(fmt.Sprintf("cannot open network interface %s <-- %s", nc.name, err.Error()))
+		}
+
+		packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
+		for packet := range packetSource.Packets() {
+			if packet.NetworkLayer() == nil || packet.TransportLayer() == nil {
+				// log.Info("empty network layer")
+				continue
+			}
+
+			if packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
+				// log.Info("packet type is %s, not TCP", packet.TransportLayer().LayerType())
+				continue
+			}
+
+			qp := nc.parseTCPPackage(packet)
+			if qp != nil {
+				receiver <- qp
+			}
+		}
+	}()
+
+	return
+}
+
+func (nc *networkCard) parseTCPPackage(packet gopacket.Packet) (qp model.QueryPiece) {
+	var err error
+	defer func() {
+		if err != nil {
+			log.Error("parse TCP package failed <-- %s", err.Error())
+		}
+	}()
+
+	tcpConn := packet.TransportLayer().(*layers.TCP)
+	if tcpConn.SYN || tcpConn.RST {
+		return
+	}
+
+	if(int(tcpConn.DstPort) != nc.listenPort && int(tcpConn.SrcPort) != nc.listenPort) {
+		return
+	}
+
+	ipLayer := packet.Layer(layers.LayerTypeIPv4)
+	if ipLayer == nil {
+		err = fmt.Errorf("no ip layer found in package")
+		return
+	}
+
+	ipInfo, ok := ipLayer.(*layers.IPv4)
+	if !ok {
+		err = fmt.Errorf("parsed no ip address")
+		return
+	}
+
+	// get IP from ip layer
+	srcIP := ipInfo.SrcIP.String()
+	dstIP := ipInfo.DstIP.String()
+	srcPort := int(tcpConn.SrcPort)
+	dstPort := int(tcpConn.DstPort)
+	if dstIP == localIPAddr && dstPort == nc.listenPort {
+		// deal mysql server response
+		err = readToServerPackage(srcIP, srcPort, tcpConn)
+		if err != nil {
+			return
+		}
+
+	} else if srcIP == localIPAddr && srcPort == nc.listenPort {
+		// deal mysql client request
+		qp, err = readFromServerPackage(dstIP, dstPort, tcpConn)
+		if err != nil {
+			return
+		}
+	}
+
+	return
+}
+
+func readFromServerPackage(srcIP string, srcPort int, tcpConn *layers.TCP) (qp model.QueryPiece, err error) {
+	defer func() {
+		if err != nil {
+			log.Error("read Mysql package send from mysql server to client failed <-- %s", err.Error())
+		}
+	}()
+
+	sessionKey := spliceSessionKey(srcIP, srcPort)
+	if tcpConn.FIN {
+		delete(sessionPool, sessionKey)
+		// log.Debugf("close connection from %s", sessionKey)
+		return
+	}
+
+	tcpPayload := tcpConn.Payload
+	if (len(tcpPayload) < 1) {
+		return
+	}
+
+	session := sessionPool[sessionKey]
+	if session != nil {
+		session.ReadFromServer(tcpPayload)
+		qp = session.GenerateQueryPiece()
+	}
+
+	return
+}
+
+func readToServerPackage(srcIP string, srcPort int, tcpConn *layers.TCP) (err error) {
+	defer func() {
+		if err != nil {
+			log.Error("read package send from client to mysql server failed <-- %s", err.Error())
+		}
+	}()
+
+	sessionKey := spliceSessionKey(srcIP, srcPort)
+	// when client try close connection remove session from session pool
+	if tcpConn.FIN {
+		delete(sessionPool, sessionKey)
+		// log.Debugf("close connection from %s", sessionKey)
+		return
+	}
+
+	tcpPayload := tcpConn.Payload
+	if (len(tcpPayload) < 1) {
+		return
+	}
+
+	session := sessionPool[sessionKey]
+	if session == nil {
+		session = sd.NewSession(sessionKey, srcIP, srcPort, localIPAddr, snifferPort)
+		sessionPool[sessionKey] = session
+	}
+
+	session.ReadFromClient(tcpPayload)
+	return
+}
+

capture/util.go

@@ -0,0 +1,40 @@
+package capture
+
+import (
+	"fmt"
+	"net"
+	"strings"
+)
+
+func getLocalIPAddr() (ipAddr string, err error) {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return
+	}
+
+	for _, addr := range addrs {
+		addrStr := addr.String()
+		if strings.Contains(addrStr, "127.0.0.1") ||
+			strings.Contains(addrStr, "::1") ||
+			strings.Contains(addrStr, "/64") {
+			continue
+		}
+
+		addrStr = strings.TrimRight(addrStr, "1234567890")
+		addrStr = strings.TrimRight(addrStr, "/")
+		if len(addrStr) < 1 {
+			continue
+		}
+
+		ipAddr = addrStr
+		return
+	}
+
+	err = fmt.Errorf("no valid ip address found")
+	return
+}
+
+func spliceSessionKey(srcIP string, srcPort int) (sessionKey string) {
+	sessionKey = fmt.Sprintf("%s:%d", srcIP, srcPort)
+	return
+}