7x31/sniffer-agent
1
0
Fork 0
mirror of https://github.com/zr-hebo/sniffer-agent.git synced 2025-09-19 02:06:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

从proxy获取client ip地址

Browse Source
This commit is contained in:
hebo
2019-12-05 20:51:43 +08:00
parent 8e4e9a8d62
commit f70a646902
14 changed files with 1024 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
capture/network.go
View File

@@ -1,17 +1,21 @@
package capture
import (
"bufio"
"bytes"
"flag"
"fmt"
"math/rand"
"time"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/zr-hebo/sniffer-agent/communicator"
"golang.org/x/net/bpf"
"math/rand"
"time"
"github.com/google/gopacket/pcapgo"
proto "github.com/pires/go-proxyproto"
log "github.com/sirupsen/logrus"
"github.com/zr-hebo/sniffer-agent/model"
sd "github.com/zr-hebo/sniffer-agent/session-dealer"
@@ -133,12 +137,24 @@ func (nc *networkCard) listenNormal() {
m := packet.Metadata()
m.CaptureInfo = ci
// send FIN tcp packet to avoid not complete session cannot be released
tcpPkt := packet.TransportLayer().(*layers.TCP)
// send FIN tcp packet to avoid not complete session cannot be released
// deal FIN packet
if tcpPkt.FIN {
nc.parseTCPPackage(packet, nil)
continue
}
// deal auth packet
if tcpPkt.FIN || sd.IsAuthPacket(tcpPkt.Payload) {
nc.parseTCPPackage(packet)
if sd.IsAuthPacket(tcpPkt.Payload) {
reader := bufio.NewReader(bytes.NewReader(data))
header, _ := proto.Read(reader)
var clientIP *string
if header != nil {
clientIPContent := header.SourceAddress.String()
clientIP = &clientIPContent
}
nc.parseTCPPackage(packet, clientIP)
continue
}
@@ -151,14 +167,14 @@ func (nc *networkCard) listenNormal() {
}
aliveCounter = 0
nc.parseTCPPackage(packet)
nc.parseTCPPackage(packet, nil)
}
}()
return
}
func (nc *networkCard) parseTCPPackage(packet gopacket.Packet) {
func (nc *networkCard) parseTCPPackage(packet gopacket.Packet, clientIP *string) {
var err error
defer func() {
if err != nil {
@@ -183,14 +199,13 @@ func (nc *networkCard) parseTCPPackage(packet gopacket.Packet) {
return
}
// get IP from ip layer
srcIP := ipInfo.SrcIP.String()
dstIP := ipInfo.DstIP.String()
srcPort := int(tcpPkt.SrcPort)
dstPort := int(tcpPkt.DstPort)
if dstPort == nc.listenPort {
// deal mysql server response
err = readToServerPackage(&srcIP, srcPort, tcpPkt, nc.receiver)
err = readToServerPackage(clientIP, &srcIP, srcPort, tcpPkt, nc.receiver)
if err != nil {
return
}
@@ -240,7 +255,7 @@ func readFromServerPackage(
}
func readToServerPackage(
srcIP *string, srcPort int, tcpPkt *layers.TCP, receiver chan model.QueryPiece) (err error) {
clientIP, srcIP *string, srcPort int, tcpPkt *layers.TCP, receiver chan model.QueryPiece) (err error) {
defer func() {
if err != nil {
log.Error("read package send from client to mysql server failed <-- %s", err.Error())
@@ -267,7 +282,7 @@ func readToServerPackage(
sessionKey := spliceSessionKey(srcIP, srcPort)
session := sessionPool[*sessionKey]
if session == nil {
session = sd.NewSession(sessionKey, srcIP, srcPort, localIPAddr, snifferPort, receiver)
session = sd.NewSession(sessionKey, clientIP, srcIP, srcPort, localIPAddr, snifferPort, receiver)
sessionPool[*sessionKey] = session
}