-
Notifications
You must be signed in to change notification settings - Fork 2
/
LayerHandler.go
122 lines (104 loc) · 2.87 KB
/
LayerHandler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"bytes"
"encoding/gob"
"github.com/fatih/structs"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"strings"
)
type LayerHandlerFunc func(map[string]interface{}, gopacket.Layer)
var LayerHandlerMap = make(map[gopacket.LayerType]LayerHandlerFunc)
func GetBytes(key interface{}) ([]byte, error) {
var buf bytes.Buffer
enc := gob.NewEncoder(&buf)
err := enc.Encode(key)
if err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func handlePfLog(event map[string]interface{}, layer gopacket.Layer) {
pflog, _ := layer.(*layers.PFLog)
pflogEvent := structs.Map(pflog)
for key, value := range pflogEvent {
if (key == "IFName" || key == "Ruleset") {
byteArr, err := GetBytes(pflogEvent[key])
if (err == nil) {
event[key] = string(byteArr[:])
}
continue
}
event[key] = value
}
}
func handleIPv4(event map[string]interface{}, layer gopacket.Layer) {
ipv4, _ := layer.(*layers.IPv4)
ipv4Event := structs.Map(ipv4)
for key, value := range ipv4Event {
if (key == "Protocol") {
protocolNumber, ok := value.(layers.IPProtocol)
if (ok) {
protocolName := layers.IPProtocolMetadata[protocolNumber].Name
event[key] = protocolName
} else {
event[key] = value
}
}
event[key] = value
}
}
func handleIPv6(event map[string]interface{}, layer gopacket.Layer) {
ipv6, _ := layer.(*layers.IPv6)
ipv6Event := structs.Map(ipv6)
mergeMap(event, ipv6Event)
}
func handleTCP(event map[string]interface{}, layer gopacket.Layer) {
event["protocol"] = "TCP"
tcp, _ := layer.(*layers.TCP)
tcpEvent := structs.Map(tcp)
for key, value := range tcpEvent {
if (key == "Options") {
options, ok := value.([]layers.TCPOption)
if (ok) {
optionsList := make([]string, len(options))
for idx, option := range options {
optionsList[idx] = option.String()
}
event[key] = strings.Join(optionsList, ",")
} else {
event[key] = value
}
}
event[key] = value
}
}
func handleUDP(event map[string]interface{}, layer gopacket.Layer) {
event["protocol"] = "UDP"
udp, _ := layer.(*layers.UDP)
udpEvent := structs.Map(udp)
mergeMap(event, udpEvent)
}
func init() {
LayerHandlerMap[layers.LayerTypePFLog] = handlePfLog
LayerHandlerMap[layers.LayerTypeIPv4] = handleIPv4
LayerHandlerMap[layers.LayerTypeIPv6] = handleIPv6
LayerHandlerMap[layers.LayerTypeTCP] = handleTCP
LayerHandlerMap[layers.LayerTypeUDP] = handleUDP
}
func handlePacketLayer(event map[string]interface{}, layer gopacket.Layer) error {
handlerFunc := LayerHandlerMap[layer.LayerType()]
if (handlerFunc != nil) {
handlerFunc(event, layer)
} else {
hangleGenericLayer(event, layer)
}
return nil
}
func hangleGenericLayer(event map[string]interface{}, layer gopacket.Layer) {
}
func mergeMap(packetEvent map[string]interface{}, additional map[string]interface{}) {
for key, value := range additional {
packetEvent[key] = value
}
}