servicematcher : http-relative matchers

2018-08-16 13:17:38 +09:00 · 2018-08-16 13:17:38 +09:00 · 69f9095a71
commit 69f9095a71
parent 1dcb5f8438
3 changed files with 28 additions and 5 deletions
--- a/discoverer/discoverer_test.go
+++ b/discoverer/discoverer_test.go
@ -32,7 +32,7 @@ var (
 	h = &omd.Host{
 		Zone:       z,
 		MetaIPType: omm.ToMetaIPType(omm.MetaIPTypeEnumV4),
-		Address:    "192.168.1.229",
+		Address:    "127.0.0.1",
 		Mac:        "50:E5:49:46:93:28",
 	}
 	dp = &omd.DiscoverPort{
@ -47,7 +47,7 @@ var (
 	p = &omd.Port{
 		Host:           h,
 		MetaPortType:   omm.ToMetaPortType(omm.MetaPortTypeEnumTCP),
-		PortNumber:     json.Number(strconv.Itoa(80)),
+		PortNumber:     json.Number(strconv.Itoa(21)),
 		DiscoveredDate: omu.NowPtr(),
 	}

--- a/discoverer/ipv4/service_tcp.go
+++ b/discoverer/ipv4/service_tcp.go
@ -59,10 +59,16 @@ LOOP:
 			s = hadlePrePacket(info, sc, conn, osm.NewPacket(buf, rn))
 		} else {
 			conn.Close()
-			s = hadlePostPacket(info, sc)
+			s = hadlePostPacket(info, sc, nil)
 		}

 		if nil != s {
+			if s.Key == "HTTP" {
+				hsm := matcher.GetHTTPSubMatchers()
+				if ss := hadlePostPacket(info, sc, hsm); ss != nil {
+					s = ss
+				}
+			}
 			break LOOP
 		}

@ -159,11 +165,15 @@ LOOP:
 	return s
 }

-func hadlePostPacket(info osm.MatchInfo, sc serviceConnector) *omd.Service {
+func hadlePostPacket(info osm.MatchInfo, sc serviceConnector, limitedMatchers []osm.Matcher) *omd.Service {
 	defer func() {
 	}()

 	ms := matcher.GetTCPMatchers(false)
+	if limitedMatchers != nil {
+		ms = limitedMatchers
+	}
+
 	buf := make([]byte, 1024)
 	var s *omd.Service

--- a/matcher/matcher.go
+++ b/matcher/matcher.go
@ -24,6 +24,8 @@ var (

 	TCPPrePacketMatchers    []osm.Matcher
 	TCPNotPrePacketMatchers []osm.Matcher
+
+	HTTPSubMatchers []osm.Matcher
 )

 func init() {
@ -36,13 +38,16 @@ func init() {
 	addTCPMatcher(ftp.NewMatcher())
 	addTCPMatcher(http.NewMatcher())
 	addTCPMatcher(lpd.NewMatcher())
-	addTCPMatcher(elasticsearch.NewMatcher())
 	addTCPMatcher(telnet.NewMatcher())
 	addTCPMatcher(nbss.NewMatcher())
 	addTCPMatcher(ldap.NewMatcher())
 	addTCPMatcher(mysql.NewMatcher())

 	// UDP
+	// addUDPMatcher(dns.NewMatcher())
+
+	//  HTTP-relative
+	addHTTPSubMatcher(elasticsearch.NewMatcher())
 }

 func addTCPMatcher(m osm.Matcher) {
@ -60,6 +65,10 @@ func addUDPMatcher(m osm.UDPMatcher) {
 	UDPMatchers = append(UDPMatchers, m)
 }

+func addHTTPSubMatcher(m osm.Matcher) {
+	HTTPSubMatchers = append(HTTPSubMatchers, m)
+}
+
 func GetTCPMatchers(isPrePacket bool) []osm.Matcher {
 	if isPrePacket {
 		return TCPPrePacketMatchers
@ -72,6 +81,10 @@ func GetUDPMatchers() []osm.UDPMatcher {
 	return UDPMatchers
 }

+func GetHTTPSubMatchers() []osm.Matcher {
+	return HTTPSubMatchers
+}
+
 func GetMatcherByKey(key string) osm.Matcher {
 	for _, m := range AllMatchers {
 		if m.Key() == key {