break out into multiple files

Author: TheTeaCat

src/bidirectionalStream.go

@@ -0,0 +1,115 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"sync"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/tcpassembly"
+	"github.com/google/gopacket/tcpassembly/tcpreader"
+)
+
+type bidirectionalStreamFactory struct {
+	conns                     map[string]*bidirectionalStream
+	requestAndResponseChannel *chan httpRequestAndResponse
+}
+
+func (f *bidirectionalStreamFactory) New(netFlow, tcpFlow gopacket.Flow) tcpassembly.Stream {
+	key := netFlow.FastHash() ^ tcpFlow.FastHash()
+
+	// The second time we see the same connection, it will be from the server to the client
+	if conn, ok := f.conns[fmt.Sprint(key)]; ok {
+		return &conn.serverToClient
+	}
+
+	s := &bidirectionalStream{
+		net:                       netFlow,
+		transport:                 tcpFlow,
+		clientToServer:            tcpreader.NewReaderStream(),
+		serverToClient:            tcpreader.NewReaderStream(),
+		requestAndResponseChannel: f.requestAndResponseChannel,
+	}
+	f.conns[fmt.Sprint(key)] = s
+	go s.run()
+
+	// The first time we see the connection, it will be from the client to the server
+	return &s.clientToServer
+}
+
+type bidirectionalStream struct {
+	net, transport            gopacket.Flow
+	clientToServer            tcpreader.ReaderStream
+	serverToClient            tcpreader.ReaderStream
+	requestAndResponseChannel *chan httpRequestAndResponse
+}
+
+func (s *bidirectionalStream) run() {
+	wg := sync.WaitGroup{}
+	wg.Add(2)
+
+	requestChannel := make(chan *http.Request, 1)
+	responseChannel := make(chan *http.Response, 1)
+
+	go func() {
+		reader := bufio.NewReader(&s.clientToServer)
+		for {
+			request, err := http.ReadRequest(reader)
+			if err == io.EOF {
+				wg.Done()
+				return
+			} else if err != nil {
+				continue
+			}
+			// RemoteAddr is not filled in by ReadRequest so we have to populate it ourselves
+			request.RemoteAddr = fmt.Sprintf("%s:%s", s.net.Src().String(), s.transport.Src().String())
+			responseBody := make([]byte, request.ContentLength)
+			if request.ContentLength > 0 {
+				io.ReadFull(request.Body, responseBody)
+			}
+			request.Body.Close()
+			request.Body = io.NopCloser(bytes.NewReader(responseBody))
+			requestChannel <- request
+
+		}
+	}()
+
+	go func() {
+		reader := bufio.NewReader(&s.serverToClient)
+		for {
+			response, err := http.ReadResponse(reader, nil)
+			if err == io.ErrUnexpectedEOF {
+				wg.Done()
+				return
+			} else if err != nil {
+				continue
+			}
+			responseBody := make([]byte, response.ContentLength)
+			if response.ContentLength > 0 {
+				io.ReadFull(response.Body, responseBody)
+			}
+			response.Body.Close()
+			response.Body = io.NopCloser(bytes.NewReader(responseBody))
+			responseChannel <- response
+		}
+	}()
+
+	wg.Wait()
+
+	capturedRequest := <-requestChannel
+	capturedResponse := <-responseChannel
+	close(requestChannel)
+	close(responseChannel)
+
+	*s.requestAndResponseChannel <- httpRequestAndResponse{
+		request:  capturedRequest,
+		response: capturedResponse,
+		src:      s.net.Src().String(),
+		dst:      s.net.Dst().String(),
+		srcPort:  s.transport.Src().String(),
+		dstPort:  s.transport.Dst().String(),
+	}
+}

src/main.go

@@ -1,8 +1,6 @@
 package main
 
 import (
-	"bufio"
-	"bytes"
 	"fmt"
 	"io"
 	"log"
@@ -11,179 +9,13 @@ import (
 	"net/http/httptest"
 	"os"
 	"strconv"
-	"sync"
 	"time"
 
 	firetail "github.com/FireTail-io/firetail-go-lib/middlewares/http"
-	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
-	"github.com/google/gopacket/pcap"
-	"github.com/google/gopacket/tcpassembly"
-	"github.com/google/gopacket/tcpassembly/tcpreader"
 )
 
-type httpRequestAndResponse struct {
-	request  *http.Request
-	response *http.Response
-	src      string
-	dst      string
-	srcPort  string
-	dstPort  string
-}
-
-type httpRequestAndResponseStreamer struct {
-	bpfExpression             string
-	requestAndResponseChannel *chan httpRequestAndResponse
-	ipManager                 *serviceIpManager
-}
-
-func (s *httpRequestAndResponseStreamer) start() {
-	handle, err := pcap.OpenLive("any", 1600, true, pcap.BlockForever)
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer handle.Close()
-
-	err = handle.SetBPFFilter(s.bpfExpression)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	assembler := tcpassembly.NewAssembler(
-		tcpassembly.NewStreamPool(
-			&bidirectionalStreamFactory{
-				conns:                     make(map[string]*bidirectionalStream),
-				requestAndResponseChannel: s.requestAndResponseChannel,
-			},
-		),
-	)
-	ticker := time.Tick(time.Minute)
-	packetsChannel := gopacket.NewPacketSource(handle, handle.LinkType()).Packets()
-	for {
-		select {
-		case packet := <-packetsChannel:
-			if packet.NetworkLayer() == nil || packet.TransportLayer() == nil {
-				continue
-			}
-			tcp, ok := packet.TransportLayer().(*layers.TCP)
-			if !ok {
-				continue
-			}
-			assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
-		case <-ticker:
-			assembler.FlushOlderThan(time.Now().Add(-2 * time.Minute))
-		default:
-		}
-	}
-}
-
-type bidirectionalStreamFactory struct {
-	conns                     map[string]*bidirectionalStream
-	requestAndResponseChannel *chan httpRequestAndResponse
-}
-
-func (f *bidirectionalStreamFactory) New(netFlow, tcpFlow gopacket.Flow) tcpassembly.Stream {
-	key := netFlow.FastHash() ^ tcpFlow.FastHash()
-
-	// The second time we see the same connection, it will be from the server to the client
-	if conn, ok := f.conns[fmt.Sprint(key)]; ok {
-		return &conn.serverToClient
-	}
-
-	s := &bidirectionalStream{
-		net:                       netFlow,
-		transport:                 tcpFlow,
-		clientToServer:            tcpreader.NewReaderStream(),
-		serverToClient:            tcpreader.NewReaderStream(),
-		requestAndResponseChannel: f.requestAndResponseChannel,
-	}
-	f.conns[fmt.Sprint(key)] = s
-	go s.run()
-
-	// The first time we see the connection, it will be from the client to the server
-	return &s.clientToServer
-}
-
-type bidirectionalStream struct {
-	net, transport            gopacket.Flow
-	clientToServer            tcpreader.ReaderStream
-	serverToClient            tcpreader.ReaderStream
-	requestAndResponseChannel *chan httpRequestAndResponse
-}
-
-func (s *bidirectionalStream) run() {
-	wg := sync.WaitGroup{}
-	wg.Add(2)
-
-	requestChannel := make(chan *http.Request, 1)
-	responseChannel := make(chan *http.Response, 1)
-
-	go func() {
-		reader := bufio.NewReader(&s.clientToServer)
-		for {
-			request, err := http.ReadRequest(reader)
-			if err == io.EOF {
-				wg.Done()
-				return
-			} else if err != nil {
-				continue
-			}
-			// RemoteAddr is not filled in by ReadRequest so we have to populate it ourselves
-			request.RemoteAddr = fmt.Sprintf("%s:%s", s.net.Src().String(), s.transport.Src().String())
-			responseBody := make([]byte, request.ContentLength)
-			if request.ContentLength > 0 {
-				io.ReadFull(request.Body, responseBody)
-			}
-			request.Body.Close()
-			request.Body = io.NopCloser(bytes.NewReader(responseBody))
-			requestChannel <- request
-
-		}
-	}()
-
-	go func() {
-		reader := bufio.NewReader(&s.serverToClient)
-		for {
-			response, err := http.ReadResponse(reader, nil)
-			if err == io.ErrUnexpectedEOF {
-				wg.Done()
-				return
-			} else if err != nil {
-				continue
-			}
-			responseBody := make([]byte, response.ContentLength)
-			if response.ContentLength > 0 {
-				io.ReadFull(response.Body, responseBody)
-			}
-			response.Body.Close()
-			response.Body = io.NopCloser(bytes.NewReader(responseBody))
-			responseChannel <- response
-		}
-	}()
-
-	wg.Wait()
-
-	capturedRequest := <-requestChannel
-	capturedResponse := <-responseChannel
-	close(requestChannel)
-	close(responseChannel)
-
-	*s.requestAndResponseChannel <- httpRequestAndResponse{
-		request:  capturedRequest,
-		response: capturedResponse,
-		src:      s.net.Src().String(),
-		dst:      s.net.Dst().String(),
-		srcPort:  s.transport.Src().String(),
-		dstPort:  s.transport.Dst().String(),
-	}
-}
-
 func main() {
-	devEnabled, err := strconv.ParseBool(os.Getenv("FIRETAIL_KUBERNETES_SENSOR_DEV_MODE"))
-	if err != nil {
-		devEnabled = false
-	}
-
+	devEnabled, _ := strconv.ParseBool(os.Getenv("FIRETAIL_KUBERNETES_SENSOR_DEV_MODE"))
 	if devEnabled {
 		slog.Warn("🧰 Development mode enabled, setting log level to debug...")
 		slog.SetLogLoggerLevel(slog.LevelDebug)

src/requestAndResponse.go

@@ -0,0 +1,67 @@
+package main
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcap"
+	"github.com/google/gopacket/tcpassembly"
+)
+
+type httpRequestAndResponse struct {
+	request  *http.Request
+	response *http.Response
+	src      string
+	dst      string
+	srcPort  string
+	dstPort  string
+}
+
+type httpRequestAndResponseStreamer struct {
+	bpfExpression             string
+	requestAndResponseChannel *chan httpRequestAndResponse
+	ipManager                 *serviceIpManager
+}
+
+func (s *httpRequestAndResponseStreamer) start() {
+	handle, err := pcap.OpenLive("any", 1600, true, pcap.BlockForever)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer handle.Close()
+
+	err = handle.SetBPFFilter(s.bpfExpression)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	assembler := tcpassembly.NewAssembler(
+		tcpassembly.NewStreamPool(
+			&bidirectionalStreamFactory{
+				conns:                     make(map[string]*bidirectionalStream),
+				requestAndResponseChannel: s.requestAndResponseChannel,
+			},
+		),
+	)
+	ticker := time.Tick(time.Minute)
+	packetsChannel := gopacket.NewPacketSource(handle, handle.LinkType()).Packets()
+	for {
+		select {
+		case packet := <-packetsChannel:
+			if packet.NetworkLayer() == nil || packet.TransportLayer() == nil {
+				continue
+			}
+			tcp, ok := packet.TransportLayer().(*layers.TCP)
+			if !ok {
+				continue
+			}
+			assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
+		case <-ticker:
+			assembler.FlushOlderThan(time.Now().Add(-2 * time.Minute))
+		default:
+		}
+	}
+}