-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmongo_packet.go
105 lines (92 loc) · 2.77 KB
/
mongo_packet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package main
import (
"encoding/binary"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"strconv"
"sync"
"time"
)
// Earliest packet timestamp
var packetMinTimestamp time.Time
// Map of sending hosts to MongoConnections
var mapHostConnection map[string]*MongoConnection
type MongoPacket struct {
delta time.Duration
payload []byte
}
func ProcessPackets(pcapFile string,
mongodHost string,
mongodPort string) {
if handle, err := pcap.OpenOffline(pcapFile); err != nil {
panic(err)
} else {
var connectionWaitGroup sync.WaitGroup
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
firstPacket := <-packetSource.Packets()
packetMinTimestamp = GetPacketTime(firstPacket)
mapHostConnection = make(map[string]*MongoConnection)
SendPacket(firstPacket,
&connectionWaitGroup,
mongodHost,
mongodPort)
for packet := range packetSource.Packets() {
SendPacket(packet,
&connectionWaitGroup,
mongodHost,
mongodPort)
}
for _, mConnection := range mapHostConnection {
mConnection.EOF()
}
connectionWaitGroup.Wait()
}
}
func GetPacketTime(packet gopacket.Packet) time.Time {
return packet.Metadata().CaptureInfo.Timestamp
}
func SendPacket(packet gopacket.Packet,
connectionWaitGroup *sync.WaitGroup,
mongodHost string,
mongodPort string) {
// If packet contains a mongo message
if packet.ApplicationLayer() != nil {
payload := packet.ApplicationLayer().Payload()
delta := GetPacketTime(packet).Sub(packetMinTimestamp)
// Get timestamp's delta from first packet
// Get mongo wire protocol payload
mongoPacket := MongoPacket{
payload: payload,
delta: delta,
}
transportLayer := packet.TransportLayer()
networkLayer := packet.NetworkLayer()
var srcIp string
var srcPort string
if networkLayer.LayerType() == layers.LayerTypeIPv4 {
ip4header := networkLayer.LayerContents()
// Convert binary to IP string
srcIp = strconv.Itoa(int(ip4header[12])) + "." +
strconv.Itoa(int(ip4header[13])) + "." +
strconv.Itoa(int(ip4header[14])) + "." +
strconv.Itoa(int(ip4header[15]))
}
if transportLayer.LayerType() == layers.LayerTypeTCP {
tcpHeader := transportLayer.LayerContents()
// Hack to be able to use convert what should be a uint16 to string
tcpHeaderSrcPort := []byte{0, 0, tcpHeader[0], tcpHeader[1]}
srcPort = strconv.Itoa(int(binary.BigEndian.Uint32(tcpHeaderSrcPort)))
}
src := srcIp + ":" + srcPort
if mConnection, ok := mapHostConnection[src]; ok {
mConnection.Send(mongoPacket)
} else {
connectionWaitGroup.Add(1)
mConnection := NewMongoConnection(mongodHost, mongodPort, 100)
mapHostConnection[src] = mConnection
go mConnection.ExecuteConnection(connectionWaitGroup)
mConnection.Send(mongoPacket)
}
}
}