|
@@ -17,6 +17,7 @@ import (
|
|
|
"github.com/google/gopacket"
|
|
"github.com/google/gopacket"
|
|
|
"github.com/google/gopacket/layers"
|
|
"github.com/google/gopacket/layers"
|
|
|
"github.com/google/gopacket/pcap"
|
|
"github.com/google/gopacket/pcap"
|
|
|
|
|
+ "github.com/kr/pretty"
|
|
|
"github.com/nats-io/nats"
|
|
"github.com/nats-io/nats"
|
|
|
"github.com/nats-io/nats/encoders/protobuf"
|
|
"github.com/nats-io/nats/encoders/protobuf"
|
|
|
|
|
|
|
@@ -37,6 +38,7 @@ var (
|
|
|
requestsFile = flag.String("requests", "", "CSV file containing requests (IP and URL)")
|
|
requestsFile = flag.String("requests", "", "CSV file containing requests (IP and URL)")
|
|
|
protocol = flag.String("protocol", "http", "which protocol to parse: http or ajp13")
|
|
protocol = flag.String("protocol", "http", "which protocol to parse: http or ajp13")
|
|
|
useXForwardedAsSource = flag.Bool("use-x-forwarded", false, "Use the IP address in X-Forwarded-For as source")
|
|
useXForwardedAsSource = flag.Bool("use-x-forwarded", false, "Use the IP address in X-Forwarded-For as source")
|
|
|
|
|
+ trace = flag.Bool("trace", false, "Trace the packet capturing")
|
|
|
configFile = flag.String("config", "", "The location of the TOML config file")
|
|
configFile = flag.String("config", "", "The location of the TOML config file")
|
|
|
|
|
|
|
|
beQuiet = flag.Bool("quiet", true, "Be quiet")
|
|
beQuiet = flag.Bool("quiet", true, "Be quiet")
|
|
@@ -69,6 +71,7 @@ type Config struct {
|
|
|
UseXForwardedAsSource bool
|
|
UseXForwardedAsSource bool
|
|
|
Quiet bool
|
|
Quiet bool
|
|
|
Protocol string
|
|
Protocol string
|
|
|
|
|
+ Trace bool
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
type duration struct {
|
|
type duration struct {
|
|
@@ -94,6 +97,7 @@ func (c Config) print() {
|
|
|
fmt.Printf("UseXForwardedAsSource: %t\n", c.UseXForwardedAsSource)
|
|
fmt.Printf("UseXForwardedAsSource: %t\n", c.UseXForwardedAsSource)
|
|
|
fmt.Printf("Protocol: %s\n", c.Protocol)
|
|
fmt.Printf("Protocol: %s\n", c.Protocol)
|
|
|
fmt.Printf("Quiet: %t\n", c.Quiet)
|
|
fmt.Printf("Quiet: %t\n", c.Quiet)
|
|
|
|
|
+ fmt.Printf("Trace: %t\n", c.Trace)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
func init() {
|
|
@@ -250,15 +254,29 @@ func processPacket(packet gopacket.Packet) {
|
|
|
request.Source = request.XRealIP
|
|
request.Source = request.XRealIP
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if *trace {
|
|
|
|
|
+ fmt.Println("Request for NATS")
|
|
|
|
|
+ pretty.Println(request)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
natsEC.Publish(config.NatsQueue, &request)
|
|
natsEC.Publish(config.NatsQueue, &request)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func processAJP13(request *data.Request, appData []byte) error {
|
|
func processAJP13(request *data.Request, appData []byte) error {
|
|
|
|
|
+ if *trace {
|
|
|
|
|
+ fmt.Printf("packet: %v\n", appData)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
a, err := ajp13.Parse(appData)
|
|
a, err := ajp13.Parse(appData)
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
return fmt.Errorf("Failed to parse AJP13 request: %s", err)
|
|
return fmt.Errorf("Failed to parse AJP13 request: %s", err)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if *trace {
|
|
|
|
|
+ fmt.Println("AJP13")
|
|
|
|
|
+ pretty.Println(a)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
request.Url = a.URI
|
|
request.Url = a.URI
|
|
|
request.Method = a.Method()
|
|
request.Method = a.Method()
|
|
|
request.Host = a.Server
|
|
request.Host = a.Server
|
|
@@ -311,6 +329,11 @@ func processAJP13(request *data.Request, appData []byte) error {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if *trace {
|
|
|
|
|
+ fmt.Println("Request")
|
|
|
|
|
+ pretty.Println(request)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
return nil
|
|
return nil
|
|
|
}
|
|
}
|
|
|
|
|
|
Tobias Begalke