2020-12-30 16:03:01 +00:00
|
|
|
package audit
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net"
|
2021-01-07 21:00:12 +00:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
2020-12-30 16:03:01 +00:00
|
|
|
"time"
|
|
|
|
|
2021-01-07 21:00:12 +00:00
|
|
|
"gitlab.com/inetmock/inetmock/pkg/audit/details"
|
2020-12-30 16:03:01 +00:00
|
|
|
"google.golang.org/protobuf/proto"
|
2021-01-02 16:24:06 +00:00
|
|
|
"google.golang.org/protobuf/types/known/anypb"
|
|
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
2020-12-30 16:03:01 +00:00
|
|
|
)
|
|
|
|
|
2021-01-02 16:24:06 +00:00
|
|
|
type Details interface {
|
|
|
|
MarshalToWireFormat() (*anypb.Any, error)
|
2020-12-30 16:03:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type Event struct {
|
|
|
|
ID int64
|
|
|
|
Timestamp time.Time
|
|
|
|
Transport TransportProtocol
|
|
|
|
Application AppProtocol
|
|
|
|
SourceIP net.IP
|
|
|
|
DestinationIP net.IP
|
|
|
|
SourcePort uint16
|
|
|
|
DestinationPort uint16
|
2021-01-07 21:00:12 +00:00
|
|
|
ProtocolDetails Details
|
2020-12-30 16:03:01 +00:00
|
|
|
TLS *TLSDetails
|
|
|
|
}
|
2021-01-02 16:24:06 +00:00
|
|
|
|
2021-01-13 20:38:52 +00:00
|
|
|
func (e *Event) ProtoMessage() *EventEntity {
|
2021-01-02 16:24:06 +00:00
|
|
|
var tlsDetails *TLSDetailsEntity = nil
|
|
|
|
if e.TLS != nil {
|
|
|
|
tlsDetails = e.TLS.ProtoMessage()
|
|
|
|
}
|
|
|
|
|
2021-01-07 21:00:12 +00:00
|
|
|
var detailsEntity *anypb.Any = nil
|
|
|
|
if e.ProtocolDetails != nil {
|
|
|
|
if any, err := e.ProtocolDetails.MarshalToWireFormat(); err == nil {
|
|
|
|
detailsEntity = any
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-02 16:24:06 +00:00
|
|
|
return &EventEntity{
|
|
|
|
Id: e.ID,
|
|
|
|
Timestamp: timestamppb.New(e.Timestamp),
|
|
|
|
Transport: e.Transport,
|
|
|
|
Application: e.Application,
|
2021-01-20 17:43:00 +00:00
|
|
|
SourceIP: e.SourceIP,
|
|
|
|
DestinationIP: e.DestinationIP,
|
2021-01-02 16:24:06 +00:00
|
|
|
SourcePort: uint32(e.SourcePort),
|
|
|
|
DestinationPort: uint32(e.DestinationPort),
|
|
|
|
Tls: tlsDetails,
|
2021-01-07 21:00:12 +00:00
|
|
|
ProtocolDetails: detailsEntity,
|
2021-01-02 16:24:06 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Event) ApplyDefaults(id int64) {
|
|
|
|
e.ID = id
|
|
|
|
emptyTime := time.Time{}
|
|
|
|
if e.Timestamp == emptyTime {
|
|
|
|
e.Timestamp = time.Now().UTC()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-07 21:00:12 +00:00
|
|
|
func (e *Event) SetSourceIPFromAddr(remoteAddr net.Addr) {
|
|
|
|
ip, port := parseIPPortFromAddr(remoteAddr)
|
|
|
|
e.SourceIP = ip
|
|
|
|
e.SourcePort = port
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Event) SetDestinationIPFromAddr(localAddr net.Addr) {
|
|
|
|
ip, port := parseIPPortFromAddr(localAddr)
|
|
|
|
e.DestinationIP = ip
|
|
|
|
e.DestinationPort = port
|
|
|
|
}
|
|
|
|
|
2021-01-02 16:24:06 +00:00
|
|
|
func NewEventFromProto(msg *EventEntity) (ev Event) {
|
|
|
|
ev = Event{
|
|
|
|
ID: msg.GetId(),
|
|
|
|
Timestamp: msg.GetTimestamp().AsTime(),
|
|
|
|
Transport: msg.GetTransport(),
|
|
|
|
Application: msg.GetApplication(),
|
2021-01-20 17:43:00 +00:00
|
|
|
SourceIP: msg.SourceIP,
|
|
|
|
DestinationIP: msg.DestinationIP,
|
2021-01-02 16:24:06 +00:00
|
|
|
SourcePort: uint16(msg.GetSourcePort()),
|
|
|
|
DestinationPort: uint16(msg.GetDestinationPort()),
|
2021-01-07 21:00:12 +00:00
|
|
|
ProtocolDetails: guessDetailsFromApp(msg.GetProtocolDetails()),
|
2021-01-02 16:24:06 +00:00
|
|
|
TLS: NewTLSDetailsFromProto(msg.GetTls()),
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
2021-01-07 21:00:12 +00:00
|
|
|
|
|
|
|
func parseIPPortFromAddr(addr net.Addr) (ip net.IP, port uint16) {
|
|
|
|
switch a := addr.(type) {
|
|
|
|
case *net.TCPAddr:
|
|
|
|
return a.IP, uint16(a.Port)
|
|
|
|
case *net.UDPAddr:
|
|
|
|
return a.IP, uint16(a.Port)
|
|
|
|
case *net.UnixAddr:
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
ipPortSplit := strings.Split(addr.String(), ":")
|
|
|
|
if len(ipPortSplit) != 2 {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ip = net.ParseIP(ipPortSplit[0])
|
|
|
|
if p, err := strconv.Atoi(ipPortSplit[1]); err == nil {
|
|
|
|
port = uint16(p)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func guessDetailsFromApp(any *anypb.Any) Details {
|
|
|
|
var detailsProto proto.Message
|
|
|
|
var err error
|
|
|
|
if detailsProto, err = any.UnmarshalNew(); err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
switch any.TypeUrl {
|
|
|
|
case "type.googleapis.com/inetmock.audit.HTTPDetailsEntity":
|
|
|
|
return details.NewHTTPFromWireFormat(detailsProto.(*details.HTTPDetailsEntity))
|
|
|
|
case "type.googleapis.com/inetmock.audit.DNSDetailsEntity":
|
|
|
|
return details.NewDNSFromWireFormat(detailsProto.(*details.DNSDetailsEntity))
|
|
|
|
default:
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|