├── CHANGES ├── LICENCE ├── Makefile ├── README.md └── addon ├── .gitignore ├── gocode ├── bin │ └── .gitignore ├── pkg │ └── .gitignore └── src │ ├── .gitignore │ └── OSAG │ ├── capture │ ├── .gitignore │ ├── cmd.go │ └── config │ │ └── config.go │ ├── convert │ ├── .gitignore │ ├── DBConvert.go │ └── DBConvert_test.go │ ├── goDB │ ├── .gitignore │ ├── Attribute.go │ ├── Attribute_test.go │ ├── Conditional.go │ ├── Conditional_test.go │ ├── DBLog.go │ ├── DBTime.go │ ├── DBTime_test.go │ ├── DBWorkManager.go │ ├── DesugarConditional.go │ ├── DesugarConditional_test.go │ ├── GPFile.go │ ├── GPGeneralDefs.go │ ├── InstrumentConditional.go │ ├── InstrumentConditional_test.go │ ├── ParseConditional.go │ ├── ParseConditional_test.go │ ├── Query.go │ ├── ResolveConditional.go │ ├── ResolveConditional_test.go │ ├── StringParser.go │ ├── Summary.go │ ├── SyslogConsts_public.go │ ├── SyslogDBWriter.go │ ├── TokenizeConditional.go │ ├── TokenizeConditional_test.go │ ├── bigendian │ │ ├── doc.go │ │ ├── putint_generic.go │ │ ├── putint_reference.go │ │ ├── readint_amd64.s │ │ ├── readint_asm.go │ │ ├── readint_generic.go │ │ ├── readint_reference.go │ │ └── readint_test.go │ ├── database_format.md │ ├── db_writer.go │ ├── keyval.go │ ├── liblz4_linux.go │ ├── lz4 │ │ ├── Makefile │ │ ├── liblz4_linux.a │ │ ├── lz4.c │ │ ├── lz4.h │ │ ├── lz4hc.c │ │ └── lz4hc.h │ └── metadata.go │ ├── goProbe │ ├── GPClassify.go │ ├── GPFlow.go │ ├── GPLog.go │ ├── GPPacket.go │ ├── GPPacket_test.go │ ├── capture.go │ ├── capture_manager.go │ ├── flow_log.go │ └── rungroup.go │ ├── goquery_completion │ ├── cmd.go │ ├── cmd_test.go │ ├── common.go │ ├── conditional.go │ ├── default_database_path_public.go │ ├── flag.go │ ├── ifaces.go │ └── query_type.go │ ├── query │ ├── .gitignore │ ├── GPQuery.go │ ├── TablePrinter.go │ ├── TablePrinter_test.go │ ├── clean.go │ ├── common_test.go │ ├── config.go │ ├── dbdir_public.go │ ├── dns.go │ ├── dns_public.go │ ├── dns_test.go │ ├── exclude_management_net_public.go │ ├── external_ips_public.go │ ├── help_public.go │ ├── list.go │ ├── output_consistency │ │ ├── ANY_interface.args.json │ │ ├── ANY_interface.correctOutput.json │ │ ├── and_sum.args.json │ │ ├── and_sum.correctOutput.json │ │ ├── day_border_above_both.args.json │ │ ├── day_border_above_both.correctOutput.json │ │ ├── day_border_below_both.args.json │ │ ├── day_border_below_both.correctOutput.json │ │ ├── dip,dport,iface,l7proto,proto,sip,time_both.args.json │ │ ├── dip,dport,iface,l7proto,proto,sip,time_both.correctOutput.json │ │ ├── dip,dport,iface,l7proto,proto,sip,time_sum.args.json │ │ ├── dip,dport,iface,l7proto,proto,sip,time_sum.correctOutput.json │ │ ├── dip,dport,iface_sum.args.json │ │ ├── dip,dport,iface_sum.correctOutput.json │ │ ├── dip,dport,l7proto,proto,sip,time_both.args.json │ │ ├── dip,dport,l7proto,proto,sip,time_both.correctOutput.json │ │ ├── dip,dport,l7proto,proto,sip,time_sum.args.json │ │ ├── dip,dport,l7proto,proto,sip,time_sum.correctOutput.json │ │ ├── dip,dport,l7proto,proto,sip_sum.args.json │ │ ├── dip,dport,l7proto,proto,sip_sum.correctOutput.json │ │ ├── dip,dport,l7proto,proto,time_sum.args.json │ │ ├── dip,dport,l7proto,proto,time_sum.correctOutput.json │ │ ├── dip,dport,l7proto,proto_sum.args.json │ │ ├── dip,dport,l7proto,proto_sum.correctOutput.json │ │ ├── dip,dport,l7proto,sip,time_sum.args.json │ │ ├── dip,dport,l7proto,sip,time_sum.correctOutput.json │ │ ├── dip,dport,l7proto,sip_sum.args.json │ │ ├── dip,dport,l7proto,sip_sum.correctOutput.json │ │ ├── dip,dport,l7proto,time_sum.args.json │ │ ├── dip,dport,l7proto,time_sum.correctOutput.json │ │ ├── dip,dport,l7proto_sum.args.json │ │ ├── dip,dport,l7proto_sum.correctOutput.json │ │ ├── dip,dport,proto,sip,time_sum.args.json │ │ ├── dip,dport,proto,sip,time_sum.correctOutput.json │ │ ├── dip,dport,proto,sip_sum.args.json │ │ ├── dip,dport,proto,sip_sum.correctOutput.json │ │ ├── dip,dport,proto,time_sum.args.json │ │ ├── dip,dport,proto,time_sum.correctOutput.json │ │ ├── dip,dport,proto_sum.args.json │ │ ├── dip,dport,proto_sum.correctOutput.json │ │ ├── dip,dport,sip,time_sum.args.json │ │ ├── dip,dport,sip,time_sum.correctOutput.json │ │ ├── dip,dport,sip_sum.args.json │ │ ├── dip,dport,sip_sum.correctOutput.json │ │ ├── dip,dport,time_sum.args.json │ │ ├── dip,dport,time_sum.correctOutput.json │ │ ├── dip,dport_both.args.json │ │ ├── dip,dport_both.correctOutput.json │ │ ├── dip,dport_sum_sum.args.json │ │ ├── dip,dport_sum_sum.correctOutput.json │ │ ├── dip,l7proto,proto,sip,time_sum.args.json │ │ ├── dip,l7proto,proto,sip,time_sum.correctOutput.json │ │ ├── dip,l7proto,proto,sip_sum.args.json │ │ ├── dip,l7proto,proto,sip_sum.correctOutput.json │ │ ├── dip,l7proto,proto,time_sum.args.json │ │ ├── dip,l7proto,proto,time_sum.correctOutput.json │ │ ├── dip,l7proto,proto_sum.args.json │ │ ├── dip,l7proto,proto_sum.correctOutput.json │ │ ├── dip,l7proto,sip,time_sum.args.json │ │ ├── dip,l7proto,sip,time_sum.correctOutput.json │ │ ├── dip,l7proto,sip_sum.args.json │ │ ├── dip,l7proto,sip_sum.correctOutput.json │ │ ├── dip,l7proto,time_sum.args.json │ │ ├── dip,l7proto,time_sum.correctOutput.json │ │ ├── dip,l7proto_sum.args.json │ │ ├── dip,l7proto_sum.correctOutput.json │ │ ├── dip,proto,sip,time_sum.args.json │ │ ├── dip,proto,sip,time_sum.correctOutput.json │ │ ├── dip,proto,sip_sum.args.json │ │ ├── dip,proto,sip_sum.correctOutput.json │ │ ├── dip,proto,time_sum.args.json │ │ ├── dip,proto,time_sum.correctOutput.json │ │ ├── dip,proto_sum.args.json │ │ ├── dip,proto_sum.correctOutput.json │ │ ├── dip,sip,time_sum.args.json │ │ ├── dip,sip,time_sum.correctOutput.json │ │ ├── dip,sip_sum.args.json │ │ ├── dip,sip_sum.correctOutput.json │ │ ├── dip,time_sum.args.json │ │ ├── dip,time_sum.correctOutput.json │ │ ├── dip_sum.args.json │ │ ├── dip_sum.correctOutput.json │ │ ├── dnet_sum.args.json │ │ ├── dnet_sum.correctOutput.json │ │ ├── dport,l7proto,proto,sip,time_sum.args.json │ │ ├── dport,l7proto,proto,sip,time_sum.correctOutput.json │ │ ├── dport,l7proto,proto,sip_sum.args.json │ │ ├── dport,l7proto,proto,sip_sum.correctOutput.json │ │ ├── dport,l7proto,proto,time_sum.args.json │ │ ├── dport,l7proto,proto,time_sum.correctOutput.json │ │ ├── dport,l7proto,proto_sum.args.json │ │ ├── dport,l7proto,proto_sum.correctOutput.json │ │ ├── dport,l7proto,sip,time_sum.args.json │ │ ├── dport,l7proto,sip,time_sum.correctOutput.json │ │ ├── dport,l7proto,sip_sum.args.json │ │ ├── dport,l7proto,sip_sum.correctOutput.json │ │ ├── dport,l7proto,time_sum.args.json │ │ ├── dport,l7proto,time_sum.correctOutput.json │ │ ├── dport,l7proto_sum.args.json │ │ ├── dport,l7proto_sum.correctOutput.json │ │ ├── dport,proto,sip,time_sum.args.json │ │ ├── dport,proto,sip,time_sum.correctOutput.json │ │ ├── dport,proto,sip_sum.args.json │ │ ├── dport,proto,sip_sum.correctOutput.json │ │ ├── dport,proto,time_sum.args.json │ │ ├── dport,proto,time_sum.correctOutput.json │ │ ├── dport,proto_sum.args.json │ │ ├── dport,proto_sum.correctOutput.json │ │ ├── dport,sip,time_sum.args.json │ │ ├── dport,sip,time_sum.correctOutput.json │ │ ├── dport,sip_sum.args.json │ │ ├── dport,sip_sum.correctOutput.json │ │ ├── dport,time_sum.args.json │ │ ├── dport,time_sum.correctOutput.json │ │ ├── dport_sum.args.json │ │ ├── dport_sum.correctOutput.json │ │ ├── dst,proto_sum.args.json │ │ ├── dst,proto_sum.correctOutput.json │ │ ├── equal_sum.args.json │ │ ├── equal_sum.correctOutput.json │ │ ├── external_in.args.json │ │ ├── external_in.correctOutput.json │ │ ├── external_out.args.json │ │ ├── external_out.correctOutput.json │ │ ├── external_sum.args.json │ │ ├── external_sum.correctOutput.json │ │ ├── greater_sum.args.json │ │ ├── greater_sum.correctOutput.json │ │ ├── host_sum.args.json │ │ ├── host_sum.correctOutput.json │ │ ├── in.args.json │ │ ├── in.correctOutput.json │ │ ├── l7proto,proto,sip,time_sum.args.json │ │ ├── l7proto,proto,sip,time_sum.correctOutput.json │ │ ├── l7proto,proto,sip_sum.args.json │ │ ├── l7proto,proto,sip_sum.correctOutput.json │ │ ├── l7proto,proto,time_sum.args.json │ │ ├── l7proto,proto,time_sum.correctOutput.json │ │ ├── l7proto,proto_sum.args.json │ │ ├── l7proto,proto_sum.correctOutput.json │ │ ├── l7proto,sip,time_sum.args.json │ │ ├── l7proto,sip,time_sum.correctOutput.json │ │ ├── l7proto,sip_sum.args.json │ │ ├── l7proto,sip_sum.correctOutput.json │ │ ├── l7proto,time_sum.args.json │ │ ├── l7proto,time_sum.correctOutput.json │ │ ├── l7proto_sum.args.json │ │ ├── l7proto_sum.correctOutput.json │ │ ├── less_both.args.json │ │ ├── less_both.correctOutput.json │ │ ├── multiple_interfaces.args.json │ │ ├── multiple_interfaces.correctOutput.json │ │ ├── multiple_interfaces_aggregate.args.json │ │ ├── multiple_interfaces_aggregate.correctOutput.json │ │ ├── multiple_interfaces_cond.args.json │ │ ├── multiple_interfaces_cond.correctOutput.json │ │ ├── nested_both.args.json │ │ ├── nested_both.correctOutput.json │ │ ├── net_sum.args.json │ │ ├── net_sum.correctOutput.json │ │ ├── notequal_sum.args.json │ │ ├── notequal_sum.correctOutput.json │ │ ├── or_sum.args.json │ │ ├── or_sum.correctOutput.json │ │ ├── out.args.json │ │ ├── out.correctOutput.json │ │ ├── precedence_both.args.json │ │ ├── precedence_both.correctOutput.json │ │ ├── proto,sip,time_sum.args.json │ │ ├── proto,sip,time_sum.correctOutput.json │ │ ├── proto,sip_sum.args.json │ │ ├── proto,sip_sum.correctOutput.json │ │ ├── proto,src_sum.args.json │ │ ├── proto,src_sum.correctOutput.json │ │ ├── proto,time_sum.args.json │ │ ├── proto,time_sum.correctOutput.json │ │ ├── proto_sum.args.json │ │ ├── proto_sum.correctOutput.json │ │ ├── range_sum.args.json │ │ ├── range_sum.correctOutput.json │ │ ├── sip,time_sum.args.json │ │ ├── sip,time_sum.correctOutput.json │ │ ├── sip_sum.args.json │ │ ├── sip_sum.correctOutput.json │ │ ├── sipdip_sum.args.json │ │ ├── sipdip_sum.correctOutput.json │ │ ├── snet.args.json │ │ ├── snet.correctOutput.json │ │ ├── time_sum.args.json │ │ └── time_sum.correctOutput.json │ ├── output_consistency_test.go │ └── query_test.go │ ├── util │ ├── tunnel_info.go │ └── tunnel_info_public.go │ └── version │ ├── version.go │ └── version_public.go ├── gopacket-v1.1.15.patch ├── goprobe.init ├── goprobe.service ├── goprobe.targets ├── gp_status.pl ├── libpcap-1.9.0.patch ├── libprotoident.patch ├── serialize_ipprot_list.sh └── testdb ├── eth0 ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf ├── eth1 ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf ├── eth2 ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf ├── summary.json ├── t_c1_fwde ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf ├── t_c1_fwde1 ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf ├── tun_3g_c1_fw1 ├── 1456358400 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── 1456444800 │ ├── bytes_rcvd.gpf │ ├── bytes_sent.gpf │ ├── dip.gpf │ ├── dport.gpf │ ├── l7proto.gpf │ ├── meta.json │ ├── pkts_rcvd.gpf │ ├── pkts_sent.gpf │ ├── proto.gpf │ └── sip.gpf └── tun_3g_c1_fwde ├── 1456358400 ├── bytes_rcvd.gpf ├── bytes_sent.gpf ├── dip.gpf ├── dport.gpf ├── l7proto.gpf ├── meta.json ├── pkts_rcvd.gpf ├── pkts_sent.gpf ├── proto.gpf └── sip.gpf └── 1456444800 ├── bytes_rcvd.gpf ├── bytes_sent.gpf ├── dip.gpf ├── dport.gpf ├── l7proto.gpf ├── meta.json ├── pkts_rcvd.gpf ├── pkts_sent.gpf ├── proto.gpf └── sip.gpf /CHANGES: -------------------------------------------------------------------------------- 1 | v1.04 els0r 2 | - Initial GitHub release 3 | 4 | v1.05 els0r 5 | GOPROBE 6 | - fixes of several memory leaks with regard to interface flapping 7 | - switch to syslog entries via UDP packets 8 | - improvements in the direction detection heuristic 9 | - prevention from crashes when IP fragmentation is encountered 10 | - restructuring of core goProbe code to allow for a more flexible handling of interface capture routines. Allows goProbe to capture on 200+ interfaces 11 | - support for loading/reloading the configuration (w.r.t on which interfaces capturing is performed) 12 | - upgrade of gopacket to version 1.1.9, go to 1.4 and libpcap to 1.5.3 13 | 14 | GOQUERY 15 | - support for time formats other than UNIX epoch 16 | - list functionality to show from which interfaces flow data was stored 17 | 18 | v2.0 lorenzb,els0r 19 | GOPROBE 20 | - improve concurrent capture architecture for >5x faster startup and shutdown 21 | - support for up to 1024 interfaces 22 | - new configuration file format allows specifying PCAP buffer size and BPF filter for each interface 23 | - configuration can be live-reloaded 24 | - record meta-data about capture in meta.json/summary.json files 25 | - document database format 26 | 27 | GOQUERY 28 | - '-list' target is blazing fast and prints more relevant information 29 | - new output format shows incoming and outgoing traffic side by side 30 | - significantly improved query performance 31 | - allow use of negation in conditions 32 | - new 'net' attribute allows querying 'dnet' and 'snet' simultaneously 33 | - new 'host' attribute allows querying 'sip' and 'dip' simultaneously 34 | - 'src' is an alias for 'sip' and 'dst' is an alias for 'dip' 35 | - Influx DB output format (use '-e influxdb') 36 | - support for name resolution in conditions 37 | - support for reverse DNS for output IPs 38 | - query multiple interfaces by giving commma separated list of interfaces to -i 39 | - query all interfaces for which there is data by specifying '-i ANY' 40 | - add unit and system (i.e. output consistency) tests 41 | - extensive bash completion with support for condition grammar, interface names, query types, ... 42 | 43 | v2.1.0 fako1024,els0r 44 | - code refresh from Open Systems (functionality additions to query tool) 45 | - upgrade to libpcap 1.9.0 and gopacket 1.1.15 46 | - remove layer 7 detection and all its dependencies (libprotoident, libtrace) - drastic improvements to compilation speed and system resource usage footprint 47 | - static inclusion of precompiled lz4 library 48 | -------------------------------------------------------------------------------- /addon/.gitignore: -------------------------------------------------------------------------------- 1 | zlib-1.2.8 2 | -------------------------------------------------------------------------------- /addon/gocode/bin/.gitignore: -------------------------------------------------------------------------------- 1 | !.gitignore 2 | -------------------------------------------------------------------------------- /addon/gocode/pkg/.gitignore: -------------------------------------------------------------------------------- 1 | !.gitignore 2 | -------------------------------------------------------------------------------- /addon/gocode/src/.gitignore: -------------------------------------------------------------------------------- 1 | code.google.com 2 | github.com 3 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/capture/.gitignore: -------------------------------------------------------------------------------- 1 | *.csv 2 | *.pcap 3 | *.prof 4 | *.mprof 5 | GPCore 6 | *goProbe* 7 | capture 8 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/capture/config/config.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // config.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, December 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // Package for parsing goprobe config files. 12 | package config 13 | 14 | import ( 15 | "encoding/json" 16 | "fmt" 17 | "io/ioutil" 18 | "os" 19 | 20 | "OSAG/goProbe" 21 | ) 22 | 23 | type Config struct { 24 | DBPath string `json:"db_path"` 25 | Interfaces map[string]goProbe.CaptureConfig `json:"interfaces"` 26 | SyslogFlows bool `json:"syslog_flows"` 27 | } 28 | 29 | func NewConfig() *Config { 30 | interfaces := make(map[string]goProbe.CaptureConfig) 31 | return &Config{ 32 | Interfaces: interfaces, 33 | } 34 | } 35 | 36 | func (c Config) Validate() error { 37 | if c.DBPath == "" { 38 | return fmt.Errorf("Database path must not be empty") 39 | } 40 | for iface, cc := range c.Interfaces { 41 | err := cc.Validate() 42 | if err != nil { 43 | return fmt.Errorf("Interface '%s' has invalid configuration: %s", iface, err) 44 | } 45 | } 46 | return nil 47 | } 48 | 49 | func ParseFile(path string) (*Config, error) { 50 | config := NewConfig() 51 | 52 | fd, err := os.Open(path) 53 | if err != nil { 54 | return nil, err 55 | } 56 | defer fd.Close() 57 | 58 | data, err := ioutil.ReadAll(fd) 59 | if err != nil { 60 | return nil, err 61 | } 62 | 63 | if err := json.Unmarshal(data, config); err != nil { 64 | return nil, err 65 | } 66 | 67 | if err := config.Validate(); err != nil { 68 | return nil, err 69 | } 70 | 71 | return config, nil 72 | } 73 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/convert/.gitignore: -------------------------------------------------------------------------------- 1 | goConvert 2 | ./goConvert 3 | convert 4 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/.gitignore: -------------------------------------------------------------------------------- 1 | ./GPDPIProtocols.go 2 | GPDPIProtocols.go 3 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/Conditional_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Conditional_test.go 4 | // 5 | // 6 | // Written by Lorenz Breidenbach lob@open.ch, September 2015 7 | // Copyright (c) 2015 Open Systems AG, Switzerland 8 | // All Rights Reserved. 9 | // 10 | ///////////////////////////////////////////////////////////////////////////////// 11 | 12 | package goDB 13 | 14 | import ( 15 | "fmt" 16 | "testing" 17 | ) 18 | 19 | var negationNormalFormTests = []struct { 20 | inTokens []string 21 | output string 22 | }{ 23 | //No change 24 | {[]string{"sip", "!=", "127.0.0.1"}, "sip != 127.0.0.1"}, 25 | {[]string{"sip", "=", "127.0.0.1"}, "sip = 127.0.0.1"}, 26 | {[]string{"sip", ">=", "127.0.0.1"}, "sip >= 127.0.0.1"}, 27 | {[]string{"sip", "<=", "127.0.0.1"}, "sip <= 127.0.0.1"}, 28 | {[]string{"sip", "<", "127.0.0.1"}, "sip < 127.0.0.1"}, 29 | {[]string{"sip", ">", "127.0.0.1"}, "sip > 127.0.0.1"}, 30 | //Flip comparison op 31 | {[]string{"!", "sip", "!=", "127.0.0.1"}, "sip = 127.0.0.1"}, 32 | {[]string{"!", "sip", "=", "127.0.0.1"}, "sip != 127.0.0.1"}, 33 | {[]string{"!", "sip", ">=", "127.0.0.1"}, "sip < 127.0.0.1"}, 34 | {[]string{"!", "sip", "<=", "127.0.0.1"}, "sip > 127.0.0.1"}, 35 | {[]string{"!", "sip", "<", "127.0.0.1"}, "sip >= 127.0.0.1"}, 36 | {[]string{"!", "sip", ">", "127.0.0.1"}, "sip <= 127.0.0.1"}, 37 | //Double negation 38 | {[]string{"!", "(", "!", "sip", "!=", "127.0.0.1", ")"}, "sip != 127.0.0.1"}, 39 | //Logical connectives 40 | {[]string{"sip", "!=", "127.0.0.1", "&", "sip", "!=", "192.168.0.1"}, "(sip != 127.0.0.1 & sip != 192.168.0.1)"}, 41 | {[]string{"sip", "!=", "127.0.0.1", "|", "sip", "!=", "192.168.0.1"}, "(sip != 127.0.0.1 | sip != 192.168.0.1)"}, 42 | //Nested formula 43 | {[]string{"!", "(", "!", "sip", "!=", "127.0.0.1", "|", "dport", "<", "80", ")"}, "(sip != 127.0.0.1 & dport >= 80)"}, 44 | } 45 | 46 | func TestNegationNormalForm(t *testing.T) { 47 | for _, test := range negationNormalFormTests { 48 | node, err := parseConditional(test.inTokens) 49 | if err != nil { 50 | t.Fatalf("Parsing %v unexpectly failed. Error:\n%v", test.inTokens, err) 51 | } 52 | nnfNode := negationNormalForm(node) 53 | if nnfNode.String() != test.output { 54 | t.Fatalf("Expected output: %v Actual output: %v", test.output, nnfNode) 55 | } 56 | } 57 | } 58 | 59 | var listToTreeTests = []struct { 60 | and bool 61 | inNodes []Node 62 | output string 63 | }{ 64 | {true, []Node{newConditionNode("dport", "=", "10")}, "dport = 10"}, 65 | {true, []Node{newConditionNode("dport", "=", "10"), newConditionNode("dport", "=", "11")}, "(dport = 10 & dport = 11)"}, 66 | {true, []Node{newConditionNode("dport", "=", "10"), newConditionNode("dport", "=", "11"), newConditionNode("dport", "=", "12")}, "(dport = 10 & (dport = 11 & dport = 12))"}, 67 | {false, []Node{newConditionNode("dport", "=", "10")}, "dport = 10"}, 68 | {false, []Node{newConditionNode("dport", "=", "10"), newConditionNode("dport", "=", "11")}, "(dport = 10 | dport = 11)"}, 69 | {false, []Node{newConditionNode("dport", "=", "10"), newConditionNode("dport", "=", "11"), newConditionNode("dport", "=", "12")}, "(dport = 10 | (dport = 11 | dport = 12))"}, 70 | } 71 | 72 | func TestListToTree(t *testing.T) { 73 | var checkNoPointer func(Node) bool 74 | checkNoPointer = func(node Node) bool { 75 | switch node := node.(type) { 76 | case *andNode: 77 | return false 78 | case *orNode: 79 | return false 80 | case *notNode: 81 | return false 82 | case *conditionNode: 83 | return false 84 | case andNode: 85 | return checkNoPointer(node.left) && checkNoPointer(node.right) 86 | case orNode: 87 | return checkNoPointer(node.left) && checkNoPointer(node.right) 88 | case notNode: 89 | return checkNoPointer(node.node) 90 | case conditionNode: 91 | return true 92 | default: 93 | panic(fmt.Sprintf("Unknown node type %T", node)) 94 | } 95 | 96 | } 97 | 98 | for _, test := range listToTreeTests { 99 | node := listToTree(test.and, test.inNodes) 100 | if node.String() != test.output { 101 | t.Fatalf("testcase: %v andflag: %v expected output: %s actual output: %s", test.inNodes, test.and, test.output, node.String()) 102 | } 103 | if !checkNoPointer(node) { 104 | t.Fatalf("testcase: %v andflag: %v contains pointers somewhere in the tree", test.inNodes, test.and) 105 | } 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/DBLog.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // DBLog.go 4 | // 5 | // Log.ing Interface that all other interfaces get access to in order to write 6 | // error messages to the underlying system logging facilities 7 | // 8 | // Written by Lennart Elsen lel@open.ch, July 2014 9 | // Copyright (c) 2014 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package goDB 15 | 16 | import ( 17 | "log/syslog" 18 | ) 19 | 20 | type DBLog struct { 21 | Log *syslog.Writer 22 | } 23 | 24 | var SysLog *syslog.Writer 25 | 26 | const SLOG_ADDR = "127.0.0.1" 27 | const SLOG_PORT = "514" 28 | 29 | func InitDBLog() error { 30 | 31 | var err error 32 | if SysLog, err = syslog.Dial("udp", SLOG_ADDR+":"+SLOG_PORT, syslog.LOG_NOTICE, "goDB"); err != nil { 33 | return err 34 | } 35 | return nil 36 | } 37 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/DBTime.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // DBTime.go 4 | // 5 | // Wrapper for time parsing functions 6 | // 7 | // Written by Lennart Elsen lel@open.ch, April 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package goDB 14 | 15 | import ( 16 | "errors" 17 | "strconv" 18 | "strings" 19 | "time" 20 | ) 21 | 22 | // Utility variables and functions for time parsing ----------------------------- 23 | var TimeFormats []string = []string{ 24 | time.ANSIC, // "Mon Jan _2 15:04:05 2006" 25 | time.RubyDate, // "Mon Jan 02 15:04:05 -0700 2006" 26 | time.RFC822Z, // "02 Jan 06 15:04 -0700" // RFC822 with numeric zone 27 | time.RFC1123Z, // "Mon, 02 Jan 2006 15:04:05 -0700" // RFC1123 with numeric zone 28 | time.RFC3339, // "2006-01-02T15:04:05Z07:00" 29 | 30 | // custom additions for MC 31 | "2006-01-02 15:04:05 -0700", 32 | "2006-01-02 15:04:05", 33 | "2006-01-02 15:04 -0700", 34 | "2006-01-02 15:04", 35 | "02.01.2006 15:04", 36 | "02.01.2006 15:04 -0700", 37 | "02.01.06 15:04", 38 | "02.01.06 15:04 -0700", 39 | "2.1.06 15:04:05", 40 | "2.1.06 15:04:05 -0700", 41 | "2.1.06 15:04", 42 | "2.1.06 15:04 -0700", 43 | "2.1.2006 15:04:05", 44 | "2.1.2006 15:04:05 -0700", 45 | "2.1.2006 15:04", 46 | "2.1.2006 15:04 -0700", 47 | "02.1.2006 15:04:05", 48 | "02.1.2006 15:04:05 -0700", 49 | "02.1.2006 15:04", 50 | "02.1.2006 15:04 -0700", 51 | "2.01.2006 15:04:05", 52 | "2.01.2006 15:04:05 -0700", 53 | "2.01.2006 15:04", 54 | "2.01.2006 15:04 -0700", 55 | "02.1.06 15:04:05", 56 | "02.1.06 15:04:05 -0700", 57 | "02.1.06 15:04", 58 | "02.1.06 15:04 -0700", 59 | "2.01.06 15:04:05", 60 | "2.01.06 15:04:05 -0700", 61 | "2.01.06 15:04", 62 | "2.01.06 15:04 -0700"} 63 | 64 | // function returning a UNIX timestamp relative to the current time 65 | func parseRelativeTime(rtime string) (int64, error) { 66 | 67 | rtime = rtime[1:] 68 | 69 | var secBackwards int64 = 0 70 | 71 | // iterate over different time chunks to get the days, hours and minutes 72 | for _, chunk := range strings.Split(rtime, ":") { 73 | var err error 74 | 75 | if len(chunk) == 0 { 76 | return 0, errors.New("incorrect relative time specification") 77 | } 78 | 79 | num := int64(0) 80 | 81 | switch chunk[len(chunk)-1] { 82 | case 'd': 83 | if num, err = strconv.ParseInt(chunk[:len(chunk)-1], 10, 64); err != nil { 84 | return 0, err 85 | } 86 | secBackwards += 86400 * num 87 | case 'h': 88 | if num, err = strconv.ParseInt(chunk[:len(chunk)-1], 10, 64); err != nil { 89 | return 0, err 90 | } 91 | secBackwards += 3600 * num 92 | case 'm': 93 | if num, err = strconv.ParseInt(chunk[:len(chunk)-1], 10, 64); err != nil { 94 | return 0, err 95 | } 96 | secBackwards += 60 * num 97 | default: 98 | return 0, errors.New("incorrect relative time specification") 99 | } 100 | } 101 | 102 | return (time.Now().Unix() - secBackwards), nil 103 | 104 | } 105 | 106 | // Entry point for external calls ------------------------------------------------- 107 | func ParseTimeArgument(timeString string) (int64, error) { 108 | var ( 109 | err error 110 | rerr error 111 | t time.Time 112 | tRel int64 113 | ) 114 | 115 | // incorporate location information 116 | loc, locerr := time.LoadLocation("Local") 117 | if locerr != nil { 118 | return int64(0), locerr 119 | } 120 | 121 | // check whether a relative timestamp was specified 122 | if timeString[0] == '-' { 123 | if tRel, rerr = parseRelativeTime(timeString); rerr == nil { 124 | return tRel, rerr 125 | } else { 126 | return int64(0), rerr 127 | } 128 | } 129 | 130 | // try to interpret string as unix timestamp 131 | if i, er := strconv.ParseInt(timeString, 10, 64); er == nil { 132 | return i, er 133 | } 134 | 135 | // then check other time formats 136 | for _, tFormat := range TimeFormats { 137 | t, err = time.ParseInLocation(tFormat, timeString, loc) 138 | if err == nil { 139 | return t.Unix(), err 140 | } 141 | } 142 | 143 | return int64(0), errors.New("Unable to parse time format") 144 | } 145 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/DBTime_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // DBTime_test.go 4 | // 5 | // Testing wrapper for time parsing functions 6 | // 7 | // Written by Lennart Elsen lel@open.ch, June 2016 8 | // Copyright (c) 2016 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package goDB 14 | 15 | import ( 16 | "testing" 17 | "time" 18 | ) 19 | 20 | func TestTimeFormatParsing(t *testing.T) { 21 | // incorporate location information 22 | loc, locerr := time.LoadLocation("Local") 23 | if locerr != nil { 24 | t.Fatalf("failed to load location: %s", locerr.Error()) 25 | } 26 | 27 | var TestDate = time.Date(2007, time.September, 25, 14, 23, 00, 0, loc) 28 | 29 | for _, format := range TimeFormats { 30 | // get the date string in the current format to be tested 31 | dateString := TestDate.Format(format) 32 | 33 | // parse the time using the Parse function and compare the retrieved timestamp 34 | tstamp, err := ParseTimeArgument(dateString) 35 | if err != nil { 36 | t.Fatalf("failed to parse date '%s': %s", dateString, err.Error()) 37 | } 38 | if tstamp != TestDate.Unix() { 39 | t.Fatalf("parser got unix timestamp: '%d'; expected: '%d'", tstamp, TestDate.Unix()) 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/DesugarConditional.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // DesugarConditional.go 4 | // 5 | // Written by Lennart Elsen lel@open.ch and 6 | // Lorenz Breidenbach lob@open.ch, January 2016 7 | // Copyright (c) 2016 Open Systems AG, Switzerland 8 | // All Rights Reserved. 9 | // 10 | ///////////////////////////////////////////////////////////////////////////////// 11 | 12 | package goDB 13 | 14 | import "fmt" 15 | 16 | // Returns a desugared version of the receiver. 17 | func desugar(node Node) (Node, error) { 18 | return node.transform(desugarConditionNode) 19 | } 20 | 21 | func desugarConditionNode(node conditionNode) (Node, error) { 22 | helper := func(name, src, dst, comparator, value string) (Node, error) { 23 | var result Node 24 | if comparator != "=" && comparator != "!=" { 25 | return result, fmt.Errorf("Invalid comparison operator in %s condition: %s", name, comparator) 26 | } 27 | 28 | result = orNode{ 29 | left: conditionNode{ 30 | attribute: src, 31 | comparator: "=", 32 | value: value, 33 | }, 34 | right: conditionNode{ 35 | attribute: dst, 36 | comparator: "=", 37 | value: value, 38 | }, 39 | } 40 | 41 | if comparator == "!=" { 42 | result = notNode{ 43 | node: result, 44 | } 45 | } 46 | 47 | return result, nil 48 | } 49 | 50 | switch node.attribute { 51 | case "src": 52 | node.attribute = "sip" 53 | case "dst": 54 | node.attribute = "dip" 55 | case "host": 56 | return helper("host", "sip", "dip", node.comparator, node.value) 57 | case "net": 58 | return helper("net", "snet", "dnet", node.comparator, node.value) 59 | default: 60 | // nothing to do 61 | } 62 | 63 | return node, nil 64 | } 65 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/DesugarConditional_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // DesugarConditional_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, January 2016 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package goDB 12 | 13 | import "testing" 14 | 15 | var desugarTests = []struct { 16 | inTokens []string 17 | output string // desugared ouput 18 | success bool 19 | }{ 20 | { 21 | []string{"host", "!=", "192.168.178.1", "|", "(", "host", "=", "192.168.178.1", ")"}, 22 | "(!((sip = 192.168.178.1 | dip = 192.168.178.1)) | (sip = 192.168.178.1 | dip = 192.168.178.1))", 23 | true, 24 | }, 25 | { 26 | []string{"net", "!=", "192.168.178.1/24", "|", "(", "net", "=", "192.168.178.1/16", ")"}, 27 | "(!((snet = 192.168.178.1/24 | dnet = 192.168.178.1/24)) | (snet = 192.168.178.1/16 | dnet = 192.168.178.1/16))", 28 | true, 29 | }, 30 | { 31 | []string{"!", "(", "src", "=", "192.168.178.1", "&", "dst", "!=", "1.2.3.4", ")"}, 32 | "!((sip = 192.168.178.1 & dip != 1.2.3.4))", 33 | true, 34 | }, 35 | { 36 | []string{"host", "<", "192.168.178.1/24"}, 37 | "", 38 | false, 39 | }, 40 | { 41 | []string{"net", ">=", "192.168.178.1/24", "|", "(", "net", "=", "192.168.178.1/16", ")"}, 42 | "", 43 | false, 44 | }, 45 | } 46 | 47 | func TestDesugar(t *testing.T) { 48 | for _, test := range desugarTests { 49 | node, err := parseConditional(test.inTokens) 50 | if err != nil { 51 | t.Fatalf("Parsing %v unexpectly failed. Error:\n%v", test.inTokens, err) 52 | } 53 | 54 | desugaredNode, err := desugar(node) 55 | if !test.success { 56 | if err == nil { 57 | t.Fatalf("Expected to fail on input %v but didn't.", 58 | test.inTokens) 59 | } 60 | } else { 61 | if err != nil { 62 | t.Fatalf("Unexpectedly failed on input %v. The error is: %s", 63 | test.inTokens, err) 64 | } 65 | if desugaredNode.String() != test.output { 66 | t.Fatalf("Expected output: %s. Actual output: %s", 67 | test.output, desugaredNode) 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/GPGeneralDefs.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // GPGeneralDefs.go 4 | // 5 | // Type definitions and helper functions used throughout this package 6 | // 7 | // Written by Lennart Elsen lel@open.ch and 8 | // Lorenz Breidenbach lob@open.ch, October 2015 9 | // Copyright (c) 2015 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package goDB 15 | 16 | type DBData struct { 17 | // counters 18 | Bytes_rcvd []byte 19 | Bytes_sent []byte 20 | Pkts_rcvd []byte 21 | Pkts_sent []byte 22 | 23 | // attributes 24 | Dip []byte 25 | Sip []byte 26 | Dport []byte 27 | Proto []byte 28 | 29 | // metadata (important for folder naming) 30 | Tstamp int64 31 | Iface string 32 | } 33 | 34 | // constructor for the DBData struct in case it needs to be set from an external 35 | // go program that included goProbe 36 | func NewDBData(br []byte, bs []byte, pr []byte, ps []byte, dip []byte, sip []byte, dport []byte, proto []byte, tstamp int64, iface string) DBData { 37 | return DBData{br, bs, pr, ps, dip, sip, dport, proto, tstamp, iface} 38 | } 39 | 40 | // GOOGLE's utility functions for printing IPv4/6 addresses ---------------------- 41 | // Convert i to hexadecimal string 42 | func itox(i uint, min int) string { 43 | 44 | // Assemble hexadecimal in reverse order. 45 | var b [32]byte 46 | bp := len(b) 47 | for ; i > 0 || min > 0; i /= 16 { 48 | bp-- 49 | b[bp] = "0123456789abcdef"[byte(i%16)] 50 | min-- 51 | } 52 | 53 | return string(b[bp:]) 54 | } 55 | 56 | // Convert i to decimal string. 57 | func itod(i uint) string { 58 | if i == 0 { 59 | return "0" 60 | } 61 | 62 | // Assemble decimal in reverse order. 63 | var b [32]byte 64 | bp := len(b) 65 | for ; i > 0; i /= 10 { 66 | bp-- 67 | b[bp] = byte(i%10) + '0' 68 | } 69 | 70 | return string(b[bp:]) 71 | } 72 | 73 | /// END GOOGLE /// 74 | 75 | // convert the ip byte arrays to string. The formatting logic for IPv6 76 | // is directly copied over from the go IP package in order to save an 77 | // additional import just for string operations 78 | func rawIpToString(ip []byte) string { 79 | var ( 80 | numZeros uint8 = 0 81 | iplen int = len(ip) 82 | ) 83 | 84 | // count zeros in order to determine whether the address 85 | // is IPv4 or IPv6 86 | for i := 4; i < iplen; i++ { 87 | if (ip[i] & 0xFF) == 0x00 { 88 | numZeros++ 89 | } 90 | } 91 | 92 | // construct ipv4 string 93 | if numZeros == 12 { 94 | return itod(uint(ip[0])) + "." + 95 | itod(uint(ip[1])) + "." + 96 | itod(uint(ip[2])) + "." + 97 | itod(uint(ip[3])) 98 | } else { 99 | /// START OF GOOGLE CODE SNIPPET /// 100 | p := ip 101 | 102 | // Find longest run of zeros. 103 | e0 := -1 104 | e1 := -1 105 | for i := 0; i < iplen; i += 2 { 106 | j := i 107 | for j < iplen && p[j] == 0 && p[j+1] == 0 { 108 | j += 2 109 | } 110 | if j > i && j-i > e1-e0 { 111 | e0 = i 112 | e1 = j 113 | } 114 | } 115 | 116 | // The symbol "::" MUST NOT be used to shorten just one 16 bit 0 field. 117 | if e1-e0 <= 2 { 118 | e0 = -1 119 | e1 = -1 120 | } 121 | 122 | // Print with possible :: in place of run of zeros 123 | var s string 124 | for i := 0; i < iplen; i += 2 { 125 | if i == e0 { 126 | s += "::" 127 | i = e1 128 | if i >= iplen { 129 | break 130 | } 131 | } else if i > 0 { 132 | s += ":" 133 | } 134 | s += itox((uint(p[i])<<8)|uint(p[i+1]), 1) 135 | 136 | } 137 | return s 138 | } 139 | } 140 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/ParseConditional_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // ParseConditional_test.go 4 | // 5 | // 6 | // Written by Lorenz Breidenbach lob@open.ch, September 2015 7 | // Copyright (c) 2015 Open Systems AG, Switzerland 8 | // All Rights Reserved. 9 | // 10 | ///////////////////////////////////////////////////////////////////////////////// 11 | 12 | package goDB 13 | 14 | import "testing" 15 | 16 | var parseConditionalTests = []struct { 17 | inTokens []string 18 | astString string 19 | success bool 20 | }{ 21 | {[]string{"host", "!=", "192.168.178.1", "|", "(", "host", "=", "192.168.178.1", ")", ")"}, "", false}, 22 | {[]string{"host", "="}, "", false}, 23 | {[]string{"sip", "=", "192.168.1.1", "|", "(", "host"}, "", false}, 24 | {[]string{"sip", "=", "192.168.1.1", "/", "(", "sip"}, "", false}, 25 | {[]string{"(", "sip", "=", "192.168.1.1", ")"}, "", true}, 26 | {[]string{"sip", "=", "192.168.1.1", ")"}, "", false}, 27 | {[]string{"sip", "$", "192.168.1.1"}, "", false}, 28 | {[]string{"(", "sip", "=", "192.168.1.1"}, "", false}, 29 | {[]string{"sip", "&", "192.168.1.1"}, "", false}, 30 | {[]string{"sip", "=", "192.168.1.1"}, 31 | "sip = 192.168.1.1", 32 | true}, 33 | {[]string{"sip", "=", "www.example.com", "|", "dip", "=", "dip.example.com"}, 34 | "(sip = www.example.com) | (dip = dip.example.com)", 35 | true}, 36 | {[]string{"!", "sip", "=", "192.168.1.2", "|", "!", "dip", "=", "192.168.1.1", "|", "dport", "!=", "80"}, 37 | "(!(sip = 192.168.1.2) | (!(dip = 192.168.1.1) | dport != 80))", 38 | true}, 39 | {[]string{"sip", "=", "192.168.1.1", "|", "sip", "=", "192.168.1.2", "|", "sip", "=", "192.168.1.3", "|", "sip", "=", "192.168.1.4"}, 40 | "(sip = 192.168.1.1 | (sip = 192.168.1.2 | (sip = 192.168.1.3 | sip = 192.168.1.4)))", 41 | true}, 42 | } 43 | 44 | func TestParseConditional(t *testing.T) { 45 | for _, test := range parseConditionalTests { 46 | ast, err := parseConditional(test.inTokens) 47 | if (err == nil) != test.success { 48 | t.Log("ast", ast) 49 | t.Log("err", err) 50 | t.Fatalf("Test: %v, Expected output: %v. Actual output: %v", test.inTokens, test.success, err == nil) 51 | } 52 | if test.success { 53 | t.Log("AST:", ast) 54 | } else { 55 | t.Logf("ERROR:\n%s\n", err) 56 | } 57 | } 58 | } 59 | 60 | func TestParseConditionalEmpty(t *testing.T) { 61 | ast, err := parseConditional(nil) 62 | if ast != nil || err != nil { 63 | t.Fatalf("TestParseConditionalEmpty expected: nil, nil Got: %v, %v", ast, err) 64 | } 65 | 66 | ast, err = parseConditional([]string{}) 67 | if ast != nil || err != nil { 68 | t.Fatalf("TestParseConditionalEmpty expected: nil, nil Got: %v, %v", ast, err) 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/ResolveConditional.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // ResolveConditional.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package goDB 12 | 13 | import ( 14 | "fmt" 15 | "net" 16 | "regexp" 17 | "time" 18 | ) 19 | 20 | var hostnameRegexp = regexp.MustCompile(`[a-zA-Z0-9\-]+(?:\.[a-zA-Z0-9\-]+)*\.?`) 21 | 22 | type lookupHostResult struct { 23 | hostname string 24 | addrs []string 25 | err error 26 | } 27 | 28 | // Returns a resolved version of node. 29 | func resolve(node Node, timeout time.Duration) (Node, error) { 30 | // Find all hostnames 31 | hostnames := make(map[string]struct{}) 32 | _, err := node.transform(func(node conditionNode) (Node, error) { 33 | // We only expect a hostname in sip or dip attributes 34 | if node.attribute != "sip" && node.attribute != "dip" { 35 | return node, nil 36 | } 37 | 38 | // For IPs we are already done. 39 | if net.ParseIP(node.value) != nil { 40 | return node, nil 41 | } 42 | 43 | // Does the value vaguely look like a hostname? 44 | if !hostnameRegexp.MatchString(node.value) { 45 | return nil, fmt.Errorf("Invalid value in condition: '%s' is neither an ip nor a hostname.", node.value) 46 | } 47 | 48 | hostnames[node.value] = struct{}{} 49 | 50 | return node, nil 51 | }) 52 | if err != nil { 53 | return nil, err 54 | } 55 | 56 | // Resolve them asynchronously with a timeout 57 | timer := time.NewTimer(timeout) 58 | resultChan := make(chan lookupHostResult, 10) 59 | 60 | for hostname := range hostnames { 61 | hostname := hostname 62 | go func() { 63 | addrs, err := net.LookupHost(hostname) 64 | resultChan <- lookupHostResult{hostname, addrs, err} 65 | }() 66 | } 67 | 68 | lookups := make(map[string][]string) 69 | for count := 0; count < len(hostnames); count++ { 70 | select { 71 | case <-timer.C: 72 | return nil, fmt.Errorf("Timeout while resolving hostnames in conditional") 73 | case result := <-resultChan: 74 | if result.err != nil { 75 | return nil, result.err 76 | } 77 | lookups[result.hostname] = result.addrs 78 | } 79 | } 80 | 81 | // Rewrite all conditions involving hostnames to use IPs 82 | return node.transform(func(node conditionNode) (Node, error) { 83 | // We only expect a domain in sip or dip attributes 84 | if node.attribute != "sip" && node.attribute != "dip" { 85 | return node, nil 86 | } 87 | 88 | addrs, exists := lookups[node.value] 89 | if !exists { 90 | return node, nil 91 | } 92 | 93 | var conditions []Node 94 | for _, addr := range addrs { 95 | condition := newConditionNode(node.attribute, node.comparator, addr) 96 | conditions = append(conditions, condition) 97 | } 98 | 99 | return listToTree(false, conditions), nil 100 | }) 101 | } 102 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/ResolveConditional_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // ResolveConditional_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package goDB 12 | 13 | import ( 14 | "fmt" 15 | "testing" 16 | "time" 17 | ) 18 | 19 | var resolveTests = []struct { 20 | conditional string 21 | timeout time.Duration 22 | output string 23 | success bool 24 | }{ 25 | // doesn't exist and likely never will 26 | { 27 | "sip = 1b5ec0b902e689122ededcfac01ee69ed3c8422c.open.ch", 28 | 2 * time.Second, 29 | "", 30 | false, 31 | }, 32 | // super short timeout 33 | { 34 | "sip = google-public-dns-a.google.com | dip = google-public-dns-a.google.com", // Google's 8.8.8.8 DNS server 35 | 1 * time.Nanosecond, 36 | "", 37 | false, 38 | }, 39 | // should work (Google's 8.8.8.8 DNS server) 40 | { 41 | "sip = google-public-dns-a.google.com | dip = google-public-dns-a.google.com", // 42 | 2 * time.Second, 43 | "((sip = 8.8.8.8 | sip = 2001:4860:4860::8888) | (dip = 8.8.8.8 | dip = 2001:4860:4860::8888))", 44 | true, 45 | }, 46 | // do we leave non-sip and non-dip attributes untouched? 47 | { 48 | "((sip = 8.8.8.8 | l7proto = 10) | (dport = 80 | snet = 192.168.1.1/20))", 49 | 2 * time.Second, 50 | "((sip = 8.8.8.8 | l7proto = 10) | (dport = 80 | snet = 192.168.1.1/20))", 51 | true, 52 | }, 53 | // wrong domains 54 | { 55 | "sip = ..", 56 | 2 * time.Second, 57 | "", 58 | false, 59 | }, 60 | { 61 | "dip = .wtf", 62 | 2 * time.Second, 63 | "", 64 | false, 65 | }, 66 | } 67 | 68 | // Note that this test is inherently brittle since it relies on: 69 | // * working DNS resolution 70 | // * google-public-dns-a.google.com resolving to 2001:4860:4860::8888 and 8.8.8.8 71 | // I couldn't think of a more stable domain-IP pair, but of course google can 72 | // change this at any moment. 73 | // 74 | // It's probably still better to have a slightly brittle test than to have no test. 75 | func TestResolveInConditional(t *testing.T) { 76 | for _, test := range resolveTests { 77 | tokens, err := TokenizeConditional(test.conditional) 78 | if err != nil { 79 | t.Fatalf("Tokenizing %v unexpectly failed. Error:\n%v", test.conditional, err) 80 | } 81 | node, err := parseConditional(tokens) 82 | if err != nil { 83 | t.Fatalf("Parsing %v unexpectly failed. Error:\n%v", tokens, err) 84 | } 85 | 86 | resolvedNode, err := resolve(node, test.timeout) 87 | if !test.success { 88 | if err == nil { 89 | fmt.Println(resolvedNode) 90 | t.Errorf("Expected to fail on input %v but didn't.", 91 | test.conditional) 92 | } 93 | } else { 94 | if err != nil { 95 | t.Errorf("Unexpectedly failed on input %v. The error is: %s", 96 | test.conditional, err) 97 | } 98 | if resolvedNode.String() != test.output { 99 | t.Errorf("Expected output: %s. Actual output: %s", 100 | test.output, resolvedNode) 101 | } 102 | } 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/SyslogConsts_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // syslogConsts_public.go 4 | // 5 | // Constants for location of syslog socket file 6 | // 7 | // Written by Lennart Elsen lel@open.ch, June 2016 8 | // Copyright (c) 2016 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | // +build !OSAG 14 | 15 | package goDB 16 | 17 | const ( 18 | SOCKET_PATH = "/var/run/goprobe.sock" 19 | ) 20 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/SyslogDBWriter.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // SyslogDBWriter.go 4 | // 5 | // Logging facility for dumping the raw flow information to syslog. 6 | // 7 | // Written by Lennart Elsen lel@open.ch, June 2016 8 | // Copyright (c) 2016 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package goDB 14 | 15 | import ( 16 | "fmt" 17 | "log/syslog" 18 | ) 19 | 20 | type SyslogDBWriter struct { 21 | logger *syslog.Writer 22 | } 23 | 24 | func NewSyslogDBWriter() (*SyslogDBWriter, error) { 25 | s := &SyslogDBWriter{} 26 | 27 | var err error 28 | if s.logger, err = syslog.Dial("unix", SOCKET_PATH, syslog.LOG_NOTICE, "ntm"); err != nil { 29 | return nil, err 30 | } 31 | return s, nil 32 | } 33 | 34 | func (s *SyslogDBWriter) Write(flowmap AggFlowMap, iface string, timestamp int64) { 35 | for flowKey, flowVal := range flowmap { 36 | s.logger.Info( 37 | fmt.Sprintf("%d,%s,%s,%s", 38 | timestamp, 39 | iface, 40 | flowKey.String(), 41 | flowVal.String(), 42 | ), 43 | ) 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/doc.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // doc.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, November 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // Package bigendian provides functionality to convert (u)ints encoded in 12 | // big-endian to little-endian. Note that all architectures officially 13 | // supported by go (x86, amd64, arm) are little-endian. (ARM supports 14 | // big-endian in principle, but go doesn't support big-endian ARM. 15 | // See https://github.com/golang/go/issues/11079 .) 16 | // 17 | // We only have assembler code for amd64, but we have a reference implementation 18 | // in pure go that is used for testing and on non-amd64 platforms. 19 | package bigendian 20 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/putint_generic.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // putint_generic.go 4 | // 5 | // Code for all architectures as there is no assembler implementation yet. 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, December 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package bigendian 14 | 15 | func PutUint64(b []byte, val uint64) { 16 | putUint64Ref(b, val) 17 | } 18 | 19 | func PutInt64(b []byte, val int64) { 20 | putInt64Ref(b, val) 21 | } 22 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/putint_reference.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // putint_reference.go 4 | // 5 | // Reference code used for testing and architectures on which we don't support 6 | // assembler 7 | // 8 | // Written by Lorenz Breidenbach lob@open.ch, December 2015 9 | // Copyright (c) 2015 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package bigendian 15 | 16 | func putUint64Ref(b []byte, val uint64) { 17 | b[0] = byte(val >> 56) 18 | b[1] = byte(val >> 48) 19 | b[2] = byte(val >> 40) 20 | b[3] = byte(val >> 32) 21 | b[4] = byte(val >> 24) 22 | b[5] = byte(val >> 16) 23 | b[6] = byte(val >> 8) 24 | b[7] = byte(val) 25 | } 26 | 27 | func putInt64Ref(b []byte, val int64) { 28 | b[0] = byte(val >> 56) 29 | b[1] = byte(val >> 48) 30 | b[2] = byte(val >> 40) 31 | b[3] = byte(val >> 32) 32 | b[4] = byte(val >> 24) 33 | b[5] = byte(val >> 16) 34 | b[6] = byte(val >> 8) 35 | b[7] = byte(val) 36 | } 37 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/readint_amd64.s: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // readint_amd64.s 4 | // 5 | // Assembler implementation for the amd64 architecture 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, November 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | # include "textflag.h" 14 | 15 | // func ReadUint64At(b []byte, idx int) uint64 16 | TEXT ·ReadUint64At(SB),NOSPLIT,$0-40 17 | MOVQ b_cap+16(FP), AX // AX = cap(b) 18 | MOVQ idx+24(FP), BX // BX = idx 19 | SHLQ $3, BX // BX = BX * 8 == idx * 8 20 | LEAQ +8(BX), CX // CX = BX + 8 == idx * 8 + 8 21 | CMPQ AX, CX // compare to CX 22 | JCS panic // if less then idx * 8 + 8, panic 23 | MOVQ b+0(FP), CX // CX = &b[0] 24 | ADDQ BX, CX // CX = CX + BX == &b[idx*8] 25 | MOVQ (CX), CX // CX = *CX == b[idx*8] 26 | BSWAPQ CX // convert from big endian to little endian 27 | MOVQ CX, ret+32(FP) // store result. 28 | // 24 = 3 * 8 byte for slice + 8 bytes for idx 29 | RET 30 | panic: 31 | CALL runtime·panicindex(SB) 32 | 33 | // func ReadInt64At(b []byte, idx int) int64 34 | TEXT ·ReadInt64At(SB),NOSPLIT,$0-40 35 | MOVQ b_cap+16(FP), AX // AX = cap(b) 36 | MOVQ idx+24(FP), BX // BX = idx 37 | SHLQ $3, BX // BX = BX * 8 == idx * 8 38 | LEAQ +8(BX), CX // CX = BX + 8 == idx * 8 + 8 39 | CMPQ AX, CX // compare to CX 40 | JCS panic // if less then idx * 8 + 8, panic 41 | MOVQ b+0(FP), CX // CX = &b[0] 42 | ADDQ BX, CX // CX = CX + BX == &b[idx*8] 43 | MOVQ (CX), CX // CX = *CX == b[idx*8] 44 | BSWAPQ CX // convert from big endian to little endian 45 | MOVQ CX, ret+32(FP) // store result. 46 | // 24 = 3 * 8 byte for slice + 8 bytes for idx 47 | RET 48 | panic: 49 | CALL runtime·panicindex(SB) 50 | 51 | // func UnsafeReadUint64At(b []byte, idx int) uint64 52 | TEXT ·UnsafeReadUint64At(SB),NOSPLIT,$0-40 53 | MOVQ idx+24(FP), BX // BX = idx 54 | SHLQ $3, BX // BX = BX * 8 == idx * 8 55 | MOVQ b+0(FP), CX // CX = &b[0] 56 | ADDQ BX, CX // CX = CX + BX == &b[idx*8] 57 | MOVQ (CX), CX // CX = *CX == b[idx*8] 58 | BSWAPQ CX // convert from big endian to little endian 59 | MOVQ CX, ret+32(FP) // store result. 60 | // 24 = 3 * 8 byte for slice + 8 bytes for idx 61 | RET 62 | 63 | // func UnsafeReadInt64At(b []byte, idx int) int64 64 | TEXT ·UnsafeReadInt64At(SB),NOSPLIT,$0-40 65 | MOVQ idx+24(FP), BX // BX = idx 66 | SHLQ $3, BX // BX = BX * 8 == idx * 8 67 | MOVQ b+0(FP), CX // CX = &b[0] 68 | ADDQ BX, CX // CX = CX + BX == &b[idx*8] 69 | MOVQ (CX), CX // CX = *CX == b[idx*8] 70 | BSWAPQ CX // convert from big endian to little endian 71 | MOVQ CX, ret+32(FP) // store result. 72 | // 24 = 3 * 8 byte for slice + 8 bytes for idx 73 | RET 74 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/readint_asm.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // readint_asm.go 4 | // 5 | // Stubs for architectures on which we support assembler. 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, November 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | // +build amd64 14 | 15 | package bigendian 16 | 17 | func ReadUint64At(b []byte, idx int) uint64 18 | 19 | func ReadInt64At(b []byte, idx int) int64 20 | 21 | func UnsafeReadUint64At(b []byte, idx int) uint64 22 | 23 | func UnsafeReadInt64At(b []byte, idx int) int64 24 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/readint_generic.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // readint_generic.go 4 | // 5 | // Code for non-amd64 architectures 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, November 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | // +build !amd64 14 | 15 | package bigendian 16 | 17 | func ReadUint64At(b []byte, idx int) uint64 { 18 | return readUint64AtRef(b, idx) 19 | } 20 | 21 | func ReadInt64At(b []byte, idx int) int64 { 22 | return readInt64AtRef(b, idx) 23 | } 24 | 25 | func UnsafeReadUint64At(b []byte, idx int) uint64 { 26 | return readUint64AtRef(b, idx) 27 | } 28 | 29 | func UnsafeReadInt64At(b []byte, idx int) int64 { 30 | return readInt64AtRef(b, idx) 31 | } 32 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/bigendian/readint_reference.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // readint_reference.go 4 | // 5 | // Reference code used for testing and architectures on which we don't support 6 | // assembler 7 | // 8 | // Written by Lorenz Breidenbach lob@open.ch, November 2015 9 | // Copyright (c) 2015 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package bigendian 15 | 16 | func readUint64Ref(b []byte) uint64 { 17 | return uint64(b[0])<<56 | uint64(b[1])<<48 | 18 | uint64(b[2])<<40 | uint64(b[3])<<32 | 19 | uint64(b[4])<<24 | uint64(b[5])<<16 | 20 | uint64(b[6])<<8 | uint64(b[7]) 21 | } 22 | 23 | func readInt64Ref(b []byte) int64 { 24 | return int64(b[0])<<56 | int64(b[1])<<48 | 25 | int64(b[2])<<40 | int64(b[3])<<32 | 26 | int64(b[4])<<24 | int64(b[5])<<16 | 27 | int64(b[6])<<8 | int64(b[7]) 28 | } 29 | 30 | func readUint64AtRef(b []byte, idx int) uint64 { 31 | return readUint64Ref(b[idx*8 : idx*8+8]) 32 | } 33 | 34 | func readInt64AtRef(b []byte, idx int) int64 { 35 | return readInt64Ref(b[idx*8 : idx*8+8]) 36 | } 37 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/keyval.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // keyval.go 4 | // 5 | // Flow map primitives and their utility functions 6 | // 7 | // Written by Lennart Elsen lel@open.ch 8 | // 9 | // Copyright (c) 2016 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package goDB 15 | 16 | import "fmt" 17 | 18 | type Key struct { 19 | Sip [16]byte 20 | Dip [16]byte 21 | Dport [2]byte 22 | Protocol byte 23 | } 24 | 25 | // ExtraKey is a key with extra information 26 | type ExtraKey struct { 27 | Time int64 28 | Iface string 29 | Key 30 | } 31 | 32 | type Val struct { 33 | NBytesRcvd uint64 34 | NBytesSent uint64 35 | NPktsRcvd uint64 36 | NPktsSent uint64 37 | } 38 | 39 | type AggFlowMap map[Key]*Val 40 | 41 | // ATTENTION: apart from the obvious use case, the following methods are used to provide flow information 42 | // via syslog, so don't unnecessarily change the order of the fields. 43 | 44 | // print the key as a comma separated attribute list 45 | func (k Key) String() string { 46 | return fmt.Sprintf("%s,%s,%d,%s", 47 | rawIpToString(k.Sip[:]), 48 | rawIpToString(k.Dip[:]), 49 | int(uint16(k.Dport[0])<<8|uint16(k.Dport[1])), 50 | GetIPProto(int(k.Protocol)), 51 | ) 52 | } 53 | 54 | func (v *Val) String() string { 55 | return fmt.Sprintf("%d,%d,%d,%d", 56 | v.NPktsRcvd, 57 | v.NPktsSent, 58 | v.NBytesRcvd, 59 | v.NBytesSent, 60 | ) 61 | } 62 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/liblz4_linux.go: -------------------------------------------------------------------------------- 1 | package goDB 2 | 3 | /* 4 | #cgo LDFLAGS: ${SRCDIR}/lz4/liblz4_linux.a 5 | */ 6 | import "C" 7 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/lz4/Makefile: -------------------------------------------------------------------------------- 1 | # Version numbers 2 | VERSION=121 3 | export RELEASE=r$(VERSION) 4 | LIBVER_MAJOR=`sed -n '/define LZ4_VERSION_MAJOR/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < lz4.h` 5 | LIBVER_MINOR=`sed -n '/define LZ4_VERSION_MINOR/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < lz4.h` 6 | LIBVER_PATCH=`sed -n '/define LZ4_VERSION_RELEASE/s/.*[[:blank:]]\([0-9][0-9]*\).*/\1/p' < lz4.h` 7 | LIBVER=$(LIBVER_MAJOR).$(LIBVER_MINOR).$(LIBVER_PATCH) 8 | 9 | DESTDIR= 10 | PREFIX = /usr 11 | CC := $(CC) 12 | CFLAGS?= -O3 13 | CFLAGS+= -I. -std=c99 -Wall -Wextra -Wundef -Wshadow -Wstrict-prototypes -DLZ4_VERSION=\"$(RELEASE)\" 14 | 15 | LIBDIR?= $(PREFIX)/lib 16 | INCLUDEDIR=$(PREFIX)/include 17 | DISTRIBNAME=lz4-$(RELEASE).tar.gz 18 | 19 | 20 | # Define *.exe as extension for Windows systems 21 | ifneq (,$(filter Windows%,$(OS))) 22 | EXT =.exe 23 | else 24 | EXT = 25 | endif 26 | 27 | # OS X linker doesn't support -soname, and use different extension 28 | # see : https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/DynamicLibraryDesignGuidelines.html 29 | ifeq ($(shell uname), Darwin) 30 | SHARED_EXT = dylib 31 | SHARED_EXT_MAJOR = $(LIBVER_MAJOR).$(SHARED_EXT) 32 | SHARED_EXT_VER = $(LIBVER).$(SHARED_EXT) 33 | SONAME_FLAGS = -install_name $(PREFIX)/lib/liblz4.$(SHARED_EXT_MAJOR) -compatibility_version $(LIBVER_MAJOR) -current_version $(LIBVER) 34 | else 35 | SONAME_FLAGS = -Wl,-soname=liblz4.$(SHARED_EXT).$(LIBVER_MAJOR) 36 | SHARED_EXT = so 37 | SHARED_EXT_MAJOR = $(SHARED_EXT).$(LIBVER_MAJOR) 38 | SHARED_EXT_VER = $(SHARED_EXT).$(LIBVER) 39 | endif 40 | 41 | TEXT = lz4.c lz4.h lz4hc.c lz4hc.h \ 42 | liblz4.pc.in Makefile \ 43 | lz4_format_description.txt NEWS LICENSE README.md \ 44 | cmake_unofficial/CMakeLists.txt 45 | NONTEXT = LZ4_Streaming_Format.odt 46 | SOURCES = $(TEXT) $(NONTEXT) 47 | 48 | 49 | default: liblz4 50 | 51 | all: liblz4 52 | 53 | liblz4: lz4.c lz4hc.c 54 | @echo compiling static library 55 | @$(CC) $(CPPFLAGS) $(CFLAGS) -c $^ 56 | @$(AR) rcs liblz4_linux.a lz4.o lz4hc.o 57 | @echo compiling dynamic library 58 | @$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared $^ -fPIC $(SONAME_FLAGS) -o $@.$(SHARED_EXT_VER) 59 | @echo creating versioned links 60 | @ln -sf $@.$(SHARED_EXT_VER) $@.$(SHARED_EXT_MAJOR) 61 | @ln -sf $@.$(SHARED_EXT_VER) $@.$(SHARED_EXT) 62 | 63 | clean: 64 | @rm -f core *.o *.a *.$(SHARED_EXT) *.$(SHARED_EXT).* $(DISTRIBNAME) *.sha1 liblz4.pc 65 | @echo Cleaning completed 66 | 67 | 68 | #------------------------------------------------------------------------ 69 | #make install is validated only for Linux, OSX, kFreeBSD and Hurd targets 70 | ifneq (,$(filter $(shell uname),Linux Darwin GNU/kFreeBSD GNU)) 71 | 72 | liblz4.pc: liblz4.pc.in Makefile 73 | @echo creating pkgconfig 74 | @sed -e 's|@PREFIX@|$(PREFIX)|' \ 75 | -e 's|@LIBDIR@|$(LIBDIR)|' \ 76 | -e 's|@INCLUDEDIR@|$(INCLUDEDIR)|' \ 77 | -e 's|@VERSION@|$(VERSION)|' \ 78 | $< >$@ 79 | 80 | install: liblz4 liblz4.pc 81 | @install -d -m 755 $(DESTDIR)$(LIBDIR)/pkgconfig/ $(DESTDIR)$(INCLUDEDIR)/ 82 | @install -m 755 liblz4.$(SHARED_EXT_VER) $(DESTDIR)$(LIBDIR)/liblz4.$(SHARED_EXT_VER) 83 | @cp -a liblz4.$(SHARED_EXT_MAJOR) $(DESTDIR)$(LIBDIR) 84 | @cp -a liblz4.$(SHARED_EXT) $(DESTDIR)$(LIBDIR) 85 | @cp -a liblz4.pc $(DESTDIR)$(LIBDIR)/pkgconfig/ 86 | @install -m 644 liblz4_linux.a $(DESTDIR)$(LIBDIR)/liblz4_linux.a 87 | @install -m 644 lz4.h $(DESTDIR)$(INCLUDEDIR)/lz4.h 88 | @install -m 644 lz4hc.h $(DESTDIR)$(INCLUDEDIR)/lz4hc.h 89 | @echo lz4 static and shared library installed 90 | @cd $(PRGDIR); $(MAKE) -e install 91 | 92 | uninstall: 93 | rm -f $(DESTDIR)$(LIBDIR)/liblz4.$(SHARED_EXT) 94 | rm -f $(DESTDIR)$(LIBDIR)/liblz4.$(SHARED_EXT_MAJOR) 95 | rm -f $(DESTDIR)$(LIBDIR)/pkgconfig/liblz4.pc 96 | [ -x $(DESTDIR)$(LIBDIR)/liblz4.$(SHARED_EXT_VER) ] && rm -f $(DESTDIR)$(LIBDIR)/liblz4.$(SHARED_EXT_VER) 97 | [ -f $(DESTDIR)$(LIBDIR)/liblz4_linux.a ] && rm -f $(DESTDIR)$(LIBDIR)/liblz4_linux.a 98 | [ -f $(DESTDIR)$(INCLUDEDIR)/lz4.h ] && rm -f $(DESTDIR)$(INCLUDEDIR)/lz4.h 99 | [ -f $(DESTDIR)$(INCLUDEDIR)/lz4hc.h ] && rm -f $(DESTDIR)$(INCLUDEDIR)/lz4hc.h 100 | @echo lz4 libraries successfully uninstalled 101 | @cd $(PRGDIR); $(MAKE) uninstall 102 | 103 | dist: clean 104 | @install -dD -m 700 lz4-$(RELEASE)/cmake_unofficial/ 105 | @for f in $(TEXT); do \ 106 | tr -d '\r' < $$f > .tmp; \ 107 | install -m 600 .tmp lz4-$(RELEASE)/$$f; \ 108 | done 109 | @rm .tmp 110 | @for f in $(NONTEXT); do \ 111 | install -m 600 $$f lz4-$(RELEASE)/$$f; \ 112 | done 113 | @tar -czf $(DISTRIBNAME) lz4-$(RELEASE)/ 114 | @rm -rf lz4-$(RELEASE) 115 | @sha1sum $(DISTRIBNAME) > $(DISTRIBNAME).sha1 116 | @echo Distribution $(DISTRIBNAME) built 117 | 118 | endif 119 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/lz4/liblz4_linux.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/gocode/src/OSAG/goDB/lz4/liblz4_linux.a -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/lz4/lz4.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if defined (__cplusplus) 4 | extern "C" { 5 | #endif 6 | 7 | 8 | /************************************** 9 | Version 10 | **************************************/ 11 | #define LZ4_VERSION_MAJOR 1 /* for major interface/format changes */ 12 | #define LZ4_VERSION_MINOR 3 /* for minor interface/format changes */ 13 | #define LZ4_VERSION_RELEASE 0 /* for tweaks, bug-fixes, or development */ 14 | #define LZ4_VERSION_NUMBER (LZ4_VERSION_MAJOR *100*100 + LZ4_VERSION_MINOR *100 + LZ4_VERSION_RELEASE) 15 | int LZ4_versionNumber (void); 16 | 17 | /************************************** 18 | Tuning parameter 19 | **************************************/ 20 | /* 21 | * LZ4_MEMORY_USAGE : 22 | * Memory usage formula : N->2^N Bytes (examples : 10 -> 1KB; 12 -> 4KB ; 16 -> 64KB; 20 -> 1MB; etc.) 23 | * Increasing memory usage improves compression ratio 24 | * Reduced memory usage can improve speed, due to cache effect 25 | * Default value is 14, for 16KB, which nicely fits into Intel x86 L1 cache 26 | */ 27 | #define LZ4_MEMORY_USAGE 14 28 | 29 | /************************************** 30 | Advanced Functions 31 | **************************************/ 32 | #define LZ4_MAX_INPUT_SIZE 0x7E000000 /* 2 113 929 216 bytes */ 33 | #define LZ4_COMPRESSBOUND(isize) ((unsigned int)(isize) > (unsigned int)LZ4_MAX_INPUT_SIZE ? 0 : (isize) + ((isize)/255) + 16) 34 | 35 | int LZ4_compressBound(int isize); 36 | 37 | int LZ4_decompress_fast (const char* source, char* dest, int originalSize); 38 | 39 | #define LZ4_STREAMSIZE_U32 ((1 << (LZ4_MEMORY_USAGE-2)) + 8) 40 | #define LZ4_STREAMSIZE (LZ4_STREAMSIZE_U32 * sizeof(unsigned int)) 41 | 42 | #if defined (__cplusplus) 43 | } 44 | #endif 45 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/lz4/lz4hc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if defined (__cplusplus) 4 | extern "C" { 5 | #endif 6 | 7 | int LZ4_compressHC2 (const char* source, char* dest, int inputSize, int compressionLevel); 8 | 9 | #if defined (__cplusplus) 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goDB/metadata.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // metadata.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, January 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package goDB 12 | 13 | import ( 14 | "encoding/json" 15 | "os" 16 | ) 17 | 18 | // Represents metadata for one database block. 19 | type BlockMetadata struct { 20 | Timestamp int64 `json:"timestamp"` 21 | PcapPacketsReceived int `json:"pcap_packets_received"` 22 | PcapPacketsDropped int `json:"pcap_packets_dropped"` 23 | PcapPacketsIfDropped int `json:"pcap_packets_if_dropped"` 24 | PacketsLogged int `json:"packets_logged"` 25 | 26 | // As in Summary 27 | FlowCount uint64 `json:"flowcount"` 28 | Traffic uint64 `json:"traffic"` 29 | } 30 | 31 | // Metadata for a collection of database blocks. 32 | // By convention all blocks belong the same day. 33 | type Metadata struct { 34 | Blocks []BlockMetadata `json:"blocks"` 35 | } 36 | 37 | func NewMetadata() *Metadata { 38 | return &Metadata{} 39 | } 40 | 41 | // Reads the given metadata file. 42 | func ReadMetadata(path string) (*Metadata, error) { 43 | var result Metadata 44 | 45 | f, err := os.Open(path) 46 | if err != nil { 47 | return nil, err 48 | } 49 | defer f.Close() 50 | 51 | if err := json.NewDecoder(f).Decode(&result); err != nil { 52 | return nil, err 53 | } 54 | 55 | return &result, nil 56 | } 57 | 58 | // Tries to read the given metadata file. 59 | // If an error occurs, a fresh Metadata struct is returned. 60 | func TryReadMetadata(path string) *Metadata { 61 | meta, err := ReadMetadata(path) 62 | if err != nil { 63 | return NewMetadata() 64 | } 65 | return meta 66 | } 67 | 68 | func WriteMetadata(path string, meta *Metadata) error { 69 | f, err := os.Create(path) 70 | if err != nil { 71 | return err 72 | } 73 | defer f.Close() 74 | 75 | return json.NewEncoder(f).Encode(meta) 76 | } 77 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goProbe/GPFlow.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // GPFlow.go 4 | // 5 | // Main flow structure which is put into the GPMatrix and which is updated according to packet information 6 | // 7 | // Written by Lennart Elsen lel@open.ch, May 2014 8 | // Copyright (c) 2014 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package goProbe 14 | 15 | type GPFlower interface { 16 | UpdateFlow() 17 | IsWorthKeeping() bool 18 | HasBeenIdle() bool 19 | Reset() 20 | } 21 | 22 | type GPFlow struct { 23 | // Hash Map Key variables 24 | sip [16]byte 25 | dip [16]byte 26 | sport [2]byte 27 | dport [2]byte 28 | protocol byte 29 | 30 | // Hash Map Value variables 31 | nBytesRcvd uint64 32 | nBytesSent uint64 33 | nPktsRcvd uint64 34 | nPktsSent uint64 35 | pktDirectionSet bool 36 | } 37 | 38 | func updateDirection(packet *GPPacket) bool { 39 | directionSet := false 40 | if direction := ClassifyPacketDirection(packet); direction != Unknown { 41 | directionSet = true 42 | 43 | // switch fields if direction was opposite to the default direction 44 | // "DirectionRemains" 45 | if direction == DirectionReverts { 46 | packet.sip, packet.dip = packet.dip, packet.sip 47 | packet.sport, packet.dport = packet.dport, packet.sport 48 | } 49 | } 50 | 51 | return directionSet 52 | } 53 | 54 | // Constructor method 55 | func NewGPFlow(packet *GPPacket) *GPFlow { 56 | var ( 57 | bytes_sent, bytes_rcvd, pkts_sent, pkts_rcvd uint64 58 | ) 59 | 60 | // set packet and byte counters with respect to its interface direction 61 | if packet.dirInbound { 62 | bytes_rcvd = uint64(packet.numBytes) 63 | pkts_rcvd = 1 64 | } else { 65 | bytes_sent = uint64(packet.numBytes) 66 | pkts_sent = 1 67 | } 68 | 69 | // try to get the packet direction 70 | directionSet := updateDirection(packet) 71 | 72 | return &GPFlow{packet.sip, packet.dip, packet.sport, packet.dport, packet.protocol, bytes_rcvd, bytes_sent, pkts_rcvd, pkts_sent, directionSet} 73 | } 74 | 75 | // here, the values are incremented if the packet belongs to an existing flow 76 | func (f *GPFlow) UpdateFlow(packet *GPPacket) { 77 | 78 | // increment packet and byte counters with respect to its interface direction 79 | if packet.dirInbound { 80 | f.nBytesRcvd += uint64(packet.numBytes) 81 | f.nPktsRcvd++ 82 | } else { 83 | f.nBytesSent += uint64(packet.numBytes) 84 | f.nPktsSent++ 85 | } 86 | 87 | // try to update direction if necessary 88 | if !(f.pktDirectionSet) { 89 | f.pktDirectionSet = updateDirection(packet) 90 | } 91 | } 92 | 93 | // routine that a flow uses to check whether it has any interesting layer 7 info 94 | // worth keeping and whether its counters are non-zero. If they are, it means that 95 | // the flow was essentially idle in the last time interval and that it can be safely 96 | // discarded. 97 | // Updated: also carries over the flows where a direction could be identified 98 | func (f *GPFlow) IsWorthKeeping() bool { 99 | 100 | // first check if the flow stores and identified the layer 7 protocol or if the 101 | // flow stores direction information 102 | if f.hasIdentifiedDirection() { 103 | 104 | // check if any entries have been updated lately 105 | if !(f.HasBeenIdle()) { 106 | return true 107 | } 108 | } 109 | 110 | return false 111 | } 112 | 113 | // reset all flow counters 114 | func (f *GPFlow) Reset() { 115 | f.nBytesRcvd = 0 116 | f.nBytesSent = 0 117 | f.nPktsRcvd = 0 118 | f.nPktsSent = 0 119 | } 120 | 121 | func (f *GPFlow) hasIdentifiedDirection() bool { 122 | return f.pktDirectionSet 123 | } 124 | 125 | func (f *GPFlow) HasBeenIdle() bool { 126 | return (f.nPktsRcvd == 0) && (f.nPktsSent == 0) 127 | } 128 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goProbe/GPLog.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // GPLog.go 4 | // 5 | // Logging Interface that all other interfaces get access to in order to write 6 | // error messages to the underlying system logging facilities 7 | // 8 | // Written by Lennart Elsen lel@open.ch, May 2014 9 | // Copyright (c) 2014 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package goProbe 15 | 16 | import ( 17 | "fmt" 18 | "log/syslog" 19 | "os" 20 | "sync" 21 | 22 | "github.com/google/gopacket" 23 | "github.com/google/gopacket/layers" 24 | "github.com/google/gopacket/pcapgo" 25 | ) 26 | 27 | type PacketLogWriter struct { 28 | sync.Mutex 29 | path string 30 | writers map[string]*PcapWriter 31 | } 32 | 33 | type PcapWriter struct { 34 | file *os.File 35 | pcapWriter *pcapgo.Writer 36 | } 37 | 38 | var SysLog *syslog.Writer 39 | var PacketLog *PacketLogWriter 40 | 41 | const ( 42 | SLOG_ADDR = "127.0.0.1" 43 | SLOG_PORT = "514" 44 | ) 45 | 46 | func InitGPLog() error { 47 | 48 | var err error 49 | if SysLog, err = syslog.Dial("udp", SLOG_ADDR+":"+SLOG_PORT, syslog.LOG_NOTICE, "goProbe"); err != nil { 50 | return err 51 | } 52 | return nil 53 | } 54 | 55 | func InitPacketLog(dbpath string, ifaces []string) { 56 | 57 | PacketLog = &PacketLogWriter{writers: make(map[string]*PcapWriter)} 58 | PacketLog.path = dbpath 59 | 60 | PacketLog.Lock() 61 | defer PacketLog.Unlock() 62 | 63 | for _, iface := range ifaces { 64 | PacketLog.writers[iface] = nil 65 | } 66 | } 67 | 68 | func (p *PacketLogWriter) Close() { 69 | for _, w := range p.writers { 70 | if w != nil { 71 | if w.file != nil { 72 | w.file.Close() 73 | } 74 | } 75 | } 76 | } 77 | 78 | func (p *PacketLogWriter) Log(iface string, packet gopacket.Packet, snapshotLen int) error { 79 | p.Lock() 80 | defer p.Unlock() 81 | 82 | var err error 83 | 84 | // create a new packet logger if nothing has been logged yet 85 | if p.writers[iface] == nil { 86 | pw := new(PcapWriter) 87 | 88 | // make sure the directory exists before logging the packet to disk. If this is the very first 89 | // time that goProbe is started, this is important 90 | if err = os.MkdirAll(p.path+"/"+iface, 0755); err != nil { 91 | return err 92 | } 93 | 94 | if pw.file, err = os.Create(p.path + "/" + iface + "/" + iface + "_errors.pcap"); err != nil { 95 | return err 96 | } 97 | pw.pcapWriter = pcapgo.NewWriter(pw.file) 98 | pw.pcapWriter.WriteFileHeader(uint32(snapshotLen), layers.LinkTypeEthernet) 99 | 100 | p.writers[iface] = pw 101 | } 102 | 103 | // log the packet 104 | if p.writers[iface].pcapWriter != nil && p.writers[iface].file != nil { 105 | if err = p.writers[iface].pcapWriter.WritePacket(packet.Metadata().CaptureInfo, packet.Data()); err != nil { 106 | return err 107 | } 108 | } else { 109 | return fmt.Errorf("packet log writer is nil") 110 | } 111 | return nil 112 | } 113 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goProbe/GPPacket_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // GPPacket.go 4 | // 5 | // Testing file for GPPacket allocation and handling 6 | // 7 | // Written by Fabian Kohn fko@open.ch, June 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package goProbe 14 | 15 | import "testing" 16 | 17 | func BenchmarkAllocateIn(b *testing.B) { 18 | for i := 0; i < b.N; i++ { 19 | NewGPPacket([16]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, [16]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, [2]byte{1, 2}, [2]byte{1, 2}, [4]byte{1, 2, 3, 4}, 4, 17, 128, 0, true) 20 | } 21 | } 22 | 23 | func BenchmarkAllocateOut(b *testing.B) { 24 | for i := 0; i < b.N; i++ { 25 | NewGPPacket([16]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, [16]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, [2]byte{1, 2}, [2]byte{1, 2}, [4]byte{1, 2, 3, 4}, 4, 17, 128, 0, false) 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goProbe/flow_log.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // flow_log.go 4 | // 5 | // Defines FlowLog for storing flows. 6 | // 7 | // Written by Lennart Elsen lel@open.ch and 8 | // Lorenz Breidenbach lob@open.ch, December 2015 9 | // Copyright (c) 2015 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package goProbe 15 | 16 | import "OSAG/goDB" 17 | 18 | // A FlowLog stores flows. It is NOT threadsafe. 19 | type FlowLog struct { 20 | // TODO(lob): Consider making this map[EPHash]GPFlow to reduce GC load 21 | flowMap map[EPHash]*GPFlow 22 | } 23 | 24 | // NewFlowLog creates a new flow log for storing flows. 25 | func NewFlowLog() *FlowLog { 26 | return &FlowLog{make(map[EPHash]*GPFlow)} 27 | } 28 | 29 | // Add a packet to the flow log. If the packet belongs to a flow 30 | // already present in the log, the flow will be updated. Otherwise, 31 | // a new flow will be created. 32 | func (fm *FlowLog) Add(packet *GPPacket) { 33 | // update or assign the flow 34 | if flowToUpdate, existsHash := fm.flowMap[packet.epHash]; existsHash { 35 | flowToUpdate.UpdateFlow(packet) 36 | } else if flowToUpdate, existsReverseHash := fm.flowMap[packet.epHashReverse]; existsReverseHash { 37 | flowToUpdate.UpdateFlow(packet) 38 | } else { 39 | fm.flowMap[packet.epHash] = NewGPFlow(packet) 40 | } 41 | } 42 | 43 | // Rotate the log. All flows are reset to no packets and traffic. 44 | // Moreover, any flows not worth keeping (according to GPFlow.IsWorthKeeping) 45 | // are discarded. 46 | // 47 | // Returns an AggFlowMap containing all flows since the last call to Rotate. 48 | func (fm *FlowLog) Rotate() (agg goDB.AggFlowMap) { 49 | if len(fm.flowMap) == 0 { 50 | SysLog.Debug("There are currently no flow records available") 51 | } 52 | 53 | fm.flowMap, agg = fm.transferAndAggregate() 54 | 55 | return 56 | } 57 | 58 | func (fm *FlowLog) transferAndAggregate() (newFlowMap map[EPHash]*GPFlow, agg goDB.AggFlowMap) { 59 | newFlowMap = make(map[EPHash]*GPFlow) 60 | agg = make(goDB.AggFlowMap) 61 | 62 | for k, v := range fm.flowMap { 63 | 64 | // check if the flow actually has any interesting information for us 65 | if !v.HasBeenIdle() { 66 | var ( 67 | tsip, tdip [16]byte 68 | ) 69 | 70 | copy(tsip[:], v.sip[:]) 71 | copy(tdip[:], v.dip[:]) 72 | 73 | var tempkey = goDB.Key{ 74 | tsip, 75 | tdip, 76 | [2]byte{v.dport[0], v.dport[1]}, 77 | v.protocol, 78 | } 79 | 80 | if toUpdate, exists := agg[tempkey]; exists { 81 | toUpdate.NBytesRcvd += v.nBytesRcvd 82 | toUpdate.NBytesSent += v.nBytesSent 83 | toUpdate.NPktsRcvd += v.nPktsRcvd 84 | toUpdate.NPktsSent += v.nPktsSent 85 | } else { 86 | agg[tempkey] = &goDB.Val{v.nBytesRcvd, v.nBytesSent, v.nPktsRcvd, v.nPktsSent} 87 | } 88 | 89 | // check whether the flow should be retained for the next interval 90 | // or thrown away 91 | if v.IsWorthKeeping() { 92 | // reset and insert the flow into the new flow matrix 93 | v.Reset() 94 | newFlowMap[k] = v 95 | } 96 | } 97 | } 98 | 99 | return 100 | } 101 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goProbe/rungroup.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // rungroup.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, December 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package goProbe 12 | 13 | import "sync" 14 | 15 | type RunGroup struct { 16 | wg sync.WaitGroup 17 | } 18 | 19 | func (rg *RunGroup) Run(f func()) { 20 | rg.wg.Add(1) 21 | go func() { 22 | defer rg.wg.Done() 23 | f() 24 | }() 25 | } 26 | 27 | func (rg *RunGroup) Wait() { 28 | rg.wg.Wait() 29 | } 30 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/cmd_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // cmd_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "reflect" 15 | "testing" 16 | ) 17 | 18 | var unescapeTests = []struct { 19 | in string 20 | out []string 21 | weird bool 22 | }{ 23 | {"", []string{""}, false}, 24 | {" ", []string{""}, false}, 25 | {" ", []string{""}, false}, 26 | {"a", []string{"a"}, false}, 27 | {"a ", []string{"a", ""}, false}, 28 | {" a ", []string{"a", ""}, false}, 29 | {" 'a' ", []string{"a", ""}, false}, 30 | {`\ "a" `, []string{" ", "a", ""}, false}, 31 | {`\ "\ \\\"\n"`, []string{" ", `\ \"\n`, ""}, true}, 32 | {` "a" \ `, []string{"a", " ", ""}, false}, 33 | {` "a"\ `, []string{"a", " "}, false}, 34 | {`\ 'a' `, []string{" ", "a", ""}, false}, 35 | {` 'a' \ `, []string{"a", " ", ""}, false}, 36 | {` 'a'\ `, []string{"a", " "}, false}, 37 | {`"hello""world`, []string{"hello", "world"}, false}, 38 | {`"hello""world"`, []string{"hello", "world", ""}, true}, 39 | {`"hello"'world'`, []string{"hello", "world", ""}, true}, 40 | {`"hello"'world"`, []string{"hello", "world\""}, false}, 41 | {`"world'`, []string{"world'"}, false}, 42 | {`''`, []string{"", ""}, true}, 43 | } 44 | 45 | func TestBashUnescape(t *testing.T) { 46 | for _, test := range unescapeTests { 47 | out, weird := bashUnescape(test.in) 48 | if !reflect.DeepEqual(test.out, out) || test.weird != weird { 49 | t.Fatalf("Expected (%#v, %v), got (%#v, %v)", test.out, test.weird, out, weird) 50 | } 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/common.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // common.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import "fmt" 14 | 15 | func last(ss []string) string { 16 | if len(ss) > 0 { 17 | return ss[len(ss)-1] 18 | } else { 19 | return "" 20 | } 21 | } 22 | 23 | func penultimate(ss []string) string { 24 | if len(ss) > 1 { 25 | return ss[len(ss)-2] 26 | } else { 27 | return "" 28 | } 29 | } 30 | 31 | func antepenultimate(ss []string) string { 32 | if len(ss) > 2 { 33 | return ss[len(ss)-3] 34 | } else { 35 | return "" 36 | } 37 | } 38 | 39 | type suggestions interface { 40 | suggestionsMarker() 41 | } 42 | 43 | type unknownSuggestions struct{} 44 | 45 | func (_ unknownSuggestions) suggestionsMarker() {} 46 | 47 | type suggestion struct { 48 | token string 49 | tokenPlusMeta string 50 | accept bool 51 | } 52 | 53 | type knownSuggestions struct { 54 | suggestions []suggestion 55 | } 56 | 57 | func (_ knownSuggestions) suggestionsMarker() {} 58 | 59 | func complete( 60 | tokenize func(string) []string, 61 | join func([]string) string, 62 | next func([]string) suggestions, 63 | unknown func(string) []string, 64 | s string, 65 | ) []string { 66 | var completions []string 67 | 68 | tokens := tokenize(s) 69 | suggs := next(tokens) 70 | 71 | switch suggs := suggs.(type) { 72 | case unknownSuggestions: 73 | completions = unknown(s) 74 | case knownSuggestions: 75 | switch len(suggs.suggestions) { 76 | case 0: 77 | // do nothing 78 | case 1: 79 | sugg := suggs.suggestions[0] 80 | tokens[len(tokens)-1] = sugg.token 81 | if sugg.accept { 82 | completions = append(completions, join(tokens)) 83 | } 84 | tokens = append(tokens, "") 85 | completions = append(completions, complete(tokenize, join, next, unknown, join(tokens))...) 86 | default: 87 | for _, sugg := range suggs.suggestions { 88 | tokens[len(tokens)-1] = sugg.tokenPlusMeta 89 | if sugg.accept { 90 | completions = append(completions, join(tokens)) 91 | } else { 92 | completions = append(completions, join(append(tokens, ""))) 93 | } 94 | } 95 | } 96 | default: 97 | panic(fmt.Sprintf("Unexpected type %T", suggs)) 98 | } 99 | 100 | return completions 101 | } 102 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/conditional.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // conditional.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "strings" 15 | 16 | "OSAG/goDB" 17 | ) 18 | 19 | func openParens(tokens []string) int { 20 | open := 0 21 | for _, token := range tokens { 22 | switch token { 23 | case "(": 24 | open++ 25 | case ")": 26 | open-- 27 | } 28 | } 29 | return open 30 | } 31 | 32 | func nextAll(prevprev, prev string, openParens int) []suggestion { 33 | s := func(sugg string, accept bool) suggestion { 34 | if accept { 35 | return suggestion{sugg, sugg, accept} 36 | } else { 37 | return suggestion{sugg, sugg + " ... ", accept} 38 | } 39 | } 40 | 41 | switch prev { 42 | case "", "(", "&", "|": 43 | return []suggestion{ 44 | s("!", false), 45 | s("(", false), 46 | s("dip", false), 47 | s("sip", false), 48 | s("dnet", false), 49 | s("snet", false), 50 | s("dst", false), 51 | s("src", false), 52 | s("host", false), 53 | s("net", false), 54 | s("dport", false), 55 | s("proto", false), 56 | } 57 | case "!": 58 | return []suggestion{ 59 | s("(", false), 60 | s("dip", false), 61 | s("sip", false), 62 | s("dnet", false), 63 | s("snet", false), 64 | s("dst", false), 65 | s("src", false), 66 | s("host", false), 67 | s("net", false), 68 | s("dport", false), 69 | s("proto", false), 70 | } 71 | case "dip", "sip", "dnet", "snet", "dst", "src", "host", "net": 72 | return []suggestion{ 73 | s("=", false), 74 | s("!=", false), 75 | } 76 | case "dport", "proto": 77 | return []suggestion{ 78 | s("=", false), 79 | s("!=", false), 80 | s("<", false), 81 | s(">", false), 82 | s("<=", false), 83 | s(">=", false), 84 | } 85 | case "=", "!=", "<", ">", "<=", ">=": 86 | switch prevprev { 87 | case "proto": 88 | var result []suggestion 89 | for name := range goDB.IPProtocolIDs { 90 | result = append(result, suggestion{name, name + " ...", openParens == 0}) 91 | } 92 | return result 93 | default: 94 | return nil 95 | } 96 | case ")": 97 | if openParens > 0 { 98 | return []suggestion{ 99 | s(")", openParens == 1), 100 | s("&", false), 101 | s("|", false), 102 | } 103 | } else { 104 | return []suggestion{ 105 | s("&", false), 106 | s("|", false), 107 | } 108 | } 109 | default: 110 | switch prevprev { 111 | case "=", "!=", "<", ">", "<=", ">=": 112 | if openParens > 0 { 113 | return []suggestion{ 114 | s(")", openParens == 1), 115 | s("&", false), 116 | s("|", false), 117 | } 118 | } else { 119 | return []suggestion{ 120 | s("&", false), 121 | s("|", false), 122 | } 123 | } 124 | default: 125 | return nil 126 | } 127 | } 128 | } 129 | 130 | func conditional(args []string) []string { 131 | tokenize := func(conditional string) []string { 132 | san, err := goDB.SanitizeUserInput(conditional) 133 | if err != nil { 134 | return nil 135 | } 136 | //fmt.Fprintf(os.Stderr, "%#v\n", san) 137 | tokens, err := goDB.TokenizeConditional(san) 138 | if err != nil { 139 | return nil 140 | } 141 | //fmt.Fprintf(os.Stderr, "%#v\n", tokens) 142 | 143 | var startedNewToken bool 144 | startedNewToken = len(tokens) == 0 || strings.LastIndex(conditional, tokens[len(tokens)-1])+len(tokens[len(tokens)-1]) < len(conditional) 145 | 146 | if startedNewToken { 147 | tokens = append(tokens, "") 148 | } 149 | 150 | return tokens 151 | } 152 | 153 | join := func(tokens []string) string { 154 | return strings.Join(tokens, " ") 155 | } 156 | 157 | next := func(tokens []string) suggestions { 158 | var suggs []suggestion 159 | for _, sugg := range nextAll(antepenultimate(tokens), penultimate(tokens), openParens(tokens)) { 160 | if strings.HasPrefix(sugg.token, last(tokens)) { 161 | suggs = append(suggs, sugg) 162 | } 163 | } 164 | if len(suggs) == 0 { 165 | return unknownSuggestions{} 166 | } else { 167 | return knownSuggestions{suggs} 168 | } 169 | } 170 | 171 | unknown := func(s string) []string { 172 | return []string{s, " (I can't help you)"} 173 | } 174 | 175 | return complete(tokenize, join, next, unknown, last(args)) 176 | } 177 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/default_database_path_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // default_database_path_public.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package main 14 | 15 | const DEFAULT_DB_PATH = "" 16 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/flag.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // flag.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import "strings" 14 | 15 | var flags = map[string]suggestion{ 16 | "-a": {"-a", "-a (sort ascending)", true}, 17 | "-c": {"-c", "-c ", true}, 18 | "-d": {"-d", "-d ", true}, 19 | "-e": {"-e", "-e ", true}, 20 | "-f": {"-f", "-f ", true}, 21 | "-l": {"-l", "-l ", true}, 22 | "-h": {"-h", "-h (show help)", true}, 23 | "-help": {"-help", "-help (show help)", true}, 24 | "-i": {"-i", "-i ", true}, 25 | "-in": {"-in", "-in (only incoming)", true}, 26 | "-list": {"-list", "-list (list interfaces)", true}, 27 | "-n": {"-n", "-n <# of results to print>", true}, 28 | "-out": {"-out", "-out (only outgoing)", true}, 29 | "-resolve": {"-resolve", "-resolve (run RDNS)", true}, 30 | "-resolve-rows": {"-resolve-rows", "-resolve-rows", true}, 31 | "-resolve-timeout": {"-resolve-timeout", "-resolve-timeout", true}, 32 | "-s": {"-s", "-s ", true}, 33 | "-sum": {"-sum", "-sum (sum incoming & outgoing)", true}, 34 | } 35 | 36 | func flag(args []string) []string { 37 | tokenize := func(flag string) []string { 38 | return []string{flag} 39 | } 40 | 41 | join := func(tokens []string) string { 42 | return strings.Join(tokens, " ") 43 | } 44 | 45 | next := func(tokens []string) suggestions { 46 | unusedFlags := map[suggestion]struct{}{} 47 | for _, flag := range flags { 48 | unusedFlags[flag] = struct{}{} 49 | } 50 | 51 | for _, arg := range args[:len(args)-1] { 52 | if strings.HasPrefix(arg, "-") { 53 | delete(unusedFlags, flags[arg]) 54 | // {-in, -out} and -sum are mutually exclusive 55 | switch arg { 56 | case "-in", "-out": 57 | delete(unusedFlags, flags["-sum"]) 58 | case "-sum": 59 | delete(unusedFlags, flags["-in"]) 60 | delete(unusedFlags, flags["-out"]) 61 | } 62 | } 63 | } 64 | 65 | var suggs []suggestion 66 | for sugg := range unusedFlags { 67 | if strings.HasPrefix(sugg.token, last(tokens)) { 68 | suggs = append(suggs, sugg) 69 | } 70 | } 71 | return knownSuggestions{suggs} 72 | } 73 | 74 | unknown := func(_ string) []string { 75 | panic("There are no unknown suggestions for flag completion.") 76 | } 77 | 78 | return complete(tokenize, join, next, unknown, last(args)) 79 | } 80 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/ifaces.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // ifaces.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "fmt" 15 | "strings" 16 | 17 | "OSAG/goDB" 18 | "OSAG/util" 19 | ) 20 | 21 | // tries to find the db path based on args 22 | // If no db path has been specified, returns the default DB path. 23 | func dbPath(args []string) string { 24 | result := DEFAULT_DB_PATH 25 | minusd := false 26 | for _, arg := range args { 27 | switch { 28 | case arg == "-d": 29 | minusd = true 30 | case minusd: 31 | minusd = false 32 | result = arg 33 | } 34 | } 35 | return result 36 | } 37 | 38 | func ifaces(args []string) []string { 39 | tokenize := func(qt string) []string { 40 | return strings.Split(qt, ",") 41 | } 42 | 43 | join := func(attribs []string) string { 44 | return strings.Join(attribs, ",") 45 | } 46 | 47 | dbpath := dbPath(args) 48 | 49 | summ, err := goDB.ReadDBSummary(dbpath) 50 | if err != nil { 51 | return nil 52 | } 53 | 54 | tunnels := util.TunnelInfos() 55 | 56 | next := func(ifaces []string) suggestions { 57 | used := map[string]struct{}{} 58 | for _, iface := range ifaces[:len(ifaces)-1] { 59 | used[iface] = struct{}{} 60 | } 61 | 62 | var suggs []suggestion 63 | 64 | if len(ifaces) == 1 && strings.HasPrefix("any", strings.ToLower(last(ifaces))) { 65 | suggs = append(suggs, suggestion{"ANY", "ANY (query all interfaces)", true}) 66 | } else { 67 | for _, iface := range ifaces { 68 | if strings.ToLower(iface) == "any" { 69 | return knownSuggestions{[]suggestion{}} 70 | } 71 | } 72 | } 73 | 74 | for iface, _ := range summ.Interfaces { 75 | if _, used := used[iface]; !used && strings.HasPrefix(iface, last(ifaces)) { 76 | if info, isTunnel := tunnels[iface]; isTunnel { 77 | suggs = append(suggs, suggestion{iface, fmt.Sprintf("%s (%s: %s) ", iface, info.PhysicalIface, info.Peer), true}) 78 | } else { 79 | suggs = append(suggs, suggestion{iface, iface, true}) 80 | } 81 | } 82 | } 83 | 84 | return knownSuggestions{suggs} 85 | } 86 | 87 | unknown := func(_ string) []string { 88 | panic("There are no unknown suggestions for interfaces.") 89 | } 90 | 91 | return complete(tokenize, join, next, unknown, last(args)) 92 | } 93 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/goquery_completion/query_type.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // query_type.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import "strings" 14 | 15 | func queryType(args []string) []string { 16 | tokenize := func(qt string) []string { 17 | return strings.Split(qt, ",") 18 | } 19 | 20 | join := func(attribs []string) string { 21 | return strings.Join(attribs, ",") 22 | } 23 | 24 | unusedAttribs := func(attribs []string) []string { 25 | attribUnused := map[string]bool{ 26 | "time": true, 27 | "iface": true, 28 | "sip": true, 29 | "dip": true, 30 | "dport": true, 31 | "proto": true, 32 | } 33 | 34 | for _, attrib := range attribs { 35 | switch attrib { 36 | case "talk_conv", "talk_src", "talk_dst", "apps_port", "agg_talk_port", "raw": 37 | return nil 38 | case "src": 39 | attrib = "sip" 40 | case "dst": 41 | attrib = "dip" 42 | } 43 | attribUnused[attrib] = false 44 | } 45 | 46 | var result []string 47 | for attrib, unused := range attribUnused { 48 | if unused { 49 | result = append(result, attrib) 50 | } 51 | } 52 | return result 53 | } 54 | 55 | next := func(attribs []string) suggestions { 56 | var suggs []suggestion 57 | if len(attribs) == 1 { 58 | for _, qt := range []string{"talk_conv", "talk_src", "talk_dst", "apps_port", "agg_talk_port", "raw"} { 59 | if strings.HasPrefix(qt, attribs[0]) { 60 | suggs = append(suggs, suggestion{qt, qt, true}) 61 | } 62 | } 63 | } 64 | for _, ua := range unusedAttribs(attribs[:len(attribs)-1]) { 65 | if strings.HasPrefix(ua, last(attribs)) { 66 | suggs = append(suggs, suggestion{ua, ua, true}) 67 | } 68 | } 69 | return knownSuggestions{suggs} 70 | } 71 | 72 | unknown := func(_ string) []string { 73 | panic("There are no unknown suggestions for the query type.") 74 | } 75 | 76 | return complete(tokenize, join, next, unknown, last(args)) 77 | } 78 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/.gitignore: -------------------------------------------------------------------------------- 1 | ./goQuery 2 | goQuery 3 | goQuery 4 | query 5 | goQuery.test 6 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/clean.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // clean.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "fmt" 15 | "io/ioutil" 16 | "math" 17 | "os" 18 | "path/filepath" 19 | "strconv" 20 | "time" 21 | 22 | "OSAG/goDB" 23 | ) 24 | 25 | type cleanIfaceResult struct { 26 | DeltaFlowCount uint64 // number of flows deleted 27 | DeltaTraffic uint64 // traffic bytes deleted 28 | NewBegin int64 // timestamp of new begin 29 | Gone bool // The interface has no entries left 30 | } 31 | 32 | func cleanIfaceDir(dbPath string, timestamp int64, iface string) (result cleanIfaceResult, err error) { 33 | dayTimestamp := goDB.DayTimestamp(timestamp) 34 | 35 | entries, err := ioutil.ReadDir(filepath.Join(dbPath, iface)) 36 | if err != nil { 37 | return result, err 38 | } 39 | 40 | result.NewBegin = math.MaxInt64 41 | 42 | clean := true 43 | for _, entry := range entries { 44 | if !entry.IsDir() { 45 | clean = false 46 | continue 47 | } 48 | 49 | dirTimestamp, err := strconv.ParseInt(entry.Name(), 10, 64) 50 | if err != nil || fmt.Sprintf("%d", dirTimestamp) != entry.Name() { 51 | // a directory whose name isn't an int64 wasn't created by 52 | // goProbe; leave it untouched 53 | clean = false 54 | continue 55 | } 56 | 57 | entryPath := filepath.Join(dbPath, iface, entry.Name()) 58 | metaFilePath := filepath.Join(entryPath, goDB.METADATA_FILE_NAME) 59 | 60 | if dirTimestamp < dayTimestamp { 61 | // delete directory 62 | 63 | meta := goDB.TryReadMetadata(metaFilePath) 64 | 65 | if err := os.RemoveAll(entryPath); err != nil { 66 | return result, err 67 | } 68 | 69 | for _, block := range meta.Blocks { 70 | result.DeltaFlowCount += block.FlowCount 71 | result.DeltaTraffic += block.Traffic 72 | } 73 | } else { 74 | clean = false 75 | if dirTimestamp < result.NewBegin { 76 | // update NewBegin 77 | meta := goDB.TryReadMetadata(metaFilePath) 78 | if len(meta.Blocks) > 0 && meta.Blocks[0].Timestamp < result.NewBegin { 79 | result.NewBegin = meta.Blocks[0].Timestamp 80 | } 81 | } 82 | 83 | } 84 | } 85 | 86 | result.Gone = result.NewBegin == math.MaxInt64 87 | 88 | if clean { 89 | if err := os.RemoveAll(filepath.Join(dbPath, iface)); err != nil { 90 | return result, err 91 | } 92 | } 93 | 94 | return 95 | } 96 | 97 | // Cleans up all directories that cannot contain any flow records 98 | // recorded at timestamp or later. 99 | func cleanOldDBDirs(dbPath string, timestamp int64) error { 100 | if timestamp >= time.Now().Unix() { 101 | return fmt.Errorf("I can only clean up database entries from the past.") 102 | } 103 | 104 | ifaces, err := ioutil.ReadDir(dbPath) 105 | if err != nil { 106 | return err 107 | } 108 | 109 | // Contains changes required to each interface's summary 110 | ifaceResults := make(map[string]cleanIfaceResult) 111 | 112 | for _, iface := range ifaces { 113 | if !iface.IsDir() { 114 | continue 115 | } 116 | 117 | result, err := cleanIfaceDir(dbPath, timestamp, iface.Name()) 118 | if err != nil { 119 | return err 120 | } 121 | ifaceResults[iface.Name()] = result 122 | } 123 | 124 | return goDB.ModifyDBSummary(dbPath, 10*time.Second, func(summ *goDB.DBSummary) (*goDB.DBSummary, error) { 125 | if summ == nil { 126 | return summ, fmt.Errorf("Cannot update summary: Summary missing") 127 | } 128 | 129 | for iface, change := range ifaceResults { 130 | if change.Gone { 131 | delete(summ.Interfaces, iface) 132 | } else { 133 | ifaceSumm := summ.Interfaces[iface] 134 | ifaceSumm.FlowCount -= change.DeltaFlowCount 135 | ifaceSumm.Traffic -= change.DeltaTraffic 136 | ifaceSumm.Begin = change.NewBegin 137 | summ.Interfaces[iface] = ifaceSumm 138 | } 139 | } 140 | 141 | return summ, nil 142 | }) 143 | } 144 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/common_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // common_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, October 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "encoding/json" 15 | "fmt" 16 | "os" 17 | "os/exec" 18 | "testing" 19 | ) 20 | 21 | const ( 22 | // "Magic" environment variables used for tests. See comment above 23 | // TestMagicCallMain for detailed explanation. 24 | MAGIC_ENV_VAR = "GOTEST_argumentsJson" 25 | 26 | // Path to a small test database that is needed for many tests and part of 27 | // the repository. We don't need to make this configurable since the small 28 | // test database is checked into the git repository. 29 | SMALL_GODB = "./testdb" 30 | ) 31 | 32 | // NOT a normal test! 33 | // 34 | // The following code is inspired by 35 | // http://talks.golang.org/2015/tricks.slide#37 Here is how it works: 36 | // 37 | // 1. When this method is called by the testrunner (the 1st time), the 38 | // environment variable MAGIC_ENV_VAR is not set. So nothing happens. (So how 39 | // does the environment variable get set? We set the environment variable and 40 | // execute the test executable as a subprocess of the main testing process in 41 | // callMain(). The subprocess is instructed to only call the TestMagicCallMain 42 | // method.) 43 | // 44 | // 2. When TestMagicCallMain is called for the 2nd time, the environment 45 | // variable MAGIC_ENV_VAR has been set and hence the if-branch is taken. The if 46 | // branch modifies the value of os.Args and hands control to main() (from 47 | // GPQuery). The result is that the testing subprocess acts like goQuery called 48 | // with the arguments in os.Args. 49 | // 50 | // 3. The main testing process checks whether the subprocess acting like goquery 51 | // behaved as intended. 52 | func TestMagicCallMain(t *testing.T) { 53 | if argumentsJson := os.Getenv(MAGIC_ENV_VAR); argumentsJson != "" { 54 | var arguments []string 55 | err := json.Unmarshal([]byte(argumentsJson), &arguments) 56 | if err != nil { 57 | panic("Couldn't unmarshal JSON argument string") 58 | } 59 | 60 | os.Args = []string{os.Args[0]} 61 | os.Args = append(os.Args, arguments...) 62 | 63 | main() 64 | return 65 | } 66 | } 67 | 68 | // Returns a Cmd struct to execute goQuery with the given arguments. 69 | // See TestMagicCallMain for further details of how we do this. 70 | // Note: Actually, we don't really execute goQuery, but rather the 71 | // main() method from goQuery inside a test executable. In particular, our fake goQuery 72 | // prints PASS whenever main() from goQuery runs successfully and spams us with failure 73 | // information when main() from goQuery fails. 74 | func callMain(arg ...string) *exec.Cmd { 75 | argumentsJson, err := json.Marshal(arg) 76 | if err != nil { 77 | panic(fmt.Sprintf("Couldn't encode arguments as JSON. Error: %s", err)) 78 | } 79 | cmd := exec.Command(os.Args[0], "-test.run=TestMagicCallMain") 80 | cmd.Env = append(os.Environ(), fmt.Sprintf("%s=%s", MAGIC_ENV_VAR, argumentsJson)) 81 | return cmd 82 | } 83 | 84 | func checkDbExists(tb testing.TB, path string) { 85 | fi, err := os.Stat(path) 86 | if err != nil { 87 | if os.IsNotExist(err) || !fi.IsDir() { 88 | tb.Fatalf("Couldn't find database at %s", path) 89 | } 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/config.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // config.go 4 | // 5 | // Type definitions and helper functions used throughout this package 6 | // 7 | // Written by Lennart Elsen lel@open.ch and 8 | // Lorenz Breidenbach lob@open.ch, October 2015 9 | // Copyright (c) 2015 Open Systems AG, Switzerland 10 | // All Rights Reserved. 11 | // 12 | ///////////////////////////////////////////////////////////////////////////////// 13 | 14 | package main 15 | 16 | import "time" 17 | 18 | // Config encapsulates all command line options one can pass to goQuery 19 | type Config struct { 20 | QueryType string 21 | Ifaces string 22 | Conditions string 23 | NumResults int 24 | Help bool 25 | HelpAdmin bool 26 | Version bool 27 | WipeAdmin bool 28 | CleanAdmin int64 29 | External bool 30 | Sort string 31 | SortAscending bool 32 | Incoming bool 33 | Outgoing bool 34 | Sum bool 35 | First string 36 | Last string 37 | BaseDir string 38 | ListDB bool 39 | Format string 40 | MaxMemPercent int 41 | Resolve bool 42 | ResolveRows int 43 | ResolveTimeout time.Duration 44 | ShowMgmtTraffic bool 45 | } 46 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/dbdir_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // dbdir_public.go 4 | // 5 | // Written by Lennart Elsen lel@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package main 14 | 15 | // set this variable on compile time 16 | var goprobeConfigPath string 17 | 18 | type gpConfig struct { 19 | DBPath string `json:"db_path"` 20 | Interfaces map[string]interface{} `json:"interfaces"` 21 | } 22 | 23 | func getDefaultDBDir() (string, error) { 24 | return "/opt/ntm/goProbe/db", nil 25 | } 26 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/dns.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // dns.go 4 | // 5 | // Provides functionality for reverse DNS lookups used by goQuery. 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, October 2015 8 | // Copyright (c) 2015 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package main 14 | 15 | import ( 16 | "net" 17 | "time" 18 | ) 19 | 20 | type lookupResult struct { 21 | success bool 22 | ip string 23 | domain string 24 | } 25 | 26 | // Performs a reverse lookup on the given ips. The lookup takes at most timeout time, afterwards 27 | // it is aborted. 28 | // Returns a mapping IP => domain. If the lookup is aborted because of a timeout, the current mapping 29 | // is returned with the pending lookups missing. If there is no RDNS entry for an IP, the corresponding 30 | // key in the result will not be associated with any value (i.e. domain). 31 | func timedReverseLookup(ips []string, timeout time.Duration) (ipToDomain map[string]string) { 32 | // Compute set of ips so we look up each unique IP exactly once 33 | // This assumes that the ips are provided in a normalized format. 34 | ipToDomain = make(map[string]string) 35 | ipset := make(map[string]struct{}) 36 | for _, ip := range ips { 37 | ipset[ip] = struct{}{} 38 | } 39 | 40 | lookupChannel := make(chan lookupResult, 1) 41 | var pending int 42 | // Perform an asynchronous lookup for every ip in the set. The results are sent 43 | // over the lookup channel. 44 | for ip, _ := range ipset { 45 | go func(ip string) { 46 | lookupR := lookupResult{} 47 | lookupR.ip = ip 48 | lookupR.domain = "" 49 | domains, err := net.LookupAddr(ip) 50 | if err != nil { 51 | lookupChannel <- lookupR 52 | } 53 | if len(domains) > 0 { 54 | lookupR.success = true 55 | lookupR.domain = domains[0] 56 | } 57 | lookupChannel <- lookupR 58 | }(ip) 59 | pending++ 60 | } 61 | for pending != 0 { 62 | // Aggregate results while waiting for timeout. 63 | select { 64 | case lookupResult := (<-lookupChannel): 65 | pending-- 66 | if lookupResult.success { 67 | ipToDomain[lookupResult.ip] = lookupResult.domain 68 | } 69 | case <-time.After(timeout): 70 | pending = 0 71 | } 72 | } 73 | return 74 | } 75 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/dns_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // dns_public.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, October 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package main 14 | 15 | func checkDNS() error { 16 | return nil 17 | } 18 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/dns_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // dns_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, August 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "testing" 15 | "time" 16 | ) 17 | 18 | func TestLookup(t *testing.T) { 19 | t.Parallel() 20 | 21 | // 8.8.8.8 is google's DNS server. This lookup should yield the same 22 | // result for many years. 23 | ips2domains := timedReverseLookup([]string{"8.8.8.8", "0.0.0.0"}, 2*time.Second) 24 | if domain, ok := ips2domains["8.8.8.8"]; ok && domain != "google-public-dns-a.google.com." { 25 | t.Fatalf("RDNS lookup yielded wrong result: %s", domain) 26 | } else if !ok { 27 | t.Errorf("RDNS lookup yielded no result. Perhaps your internet is down?") 28 | } 29 | 30 | if _, ok := ips2domains["0.0.0.0"]; ok { 31 | t.Fatalf("RDNS unexpectedly succeeded on 0.0.0.0.") 32 | } 33 | } 34 | 35 | func TestTimeout(t *testing.T) { 36 | t.Parallel() 37 | 38 | t0 := time.Now() 39 | _ = timedReverseLookup([]string{"8.8.8.8", "8.8.4.4", "192.168.0.1", "10.0.0.1", "129.3.4.5"}, 1*time.Millisecond) 40 | t1 := time.Now() 41 | if t1.Sub(t0) > 10*time.Millisecond { 42 | t.Fatal("Timeout failed") 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/exclude_management_net_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // exclude_management_net_public.go 4 | // 5 | // Written by Fabian Kohn fko@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package main 14 | 15 | func excludeManagementNet(conditional string) string { 16 | return conditional 17 | } 18 | 19 | func hideManagementTraffic(conditional string) string { 20 | return conditional 21 | } -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/external_ips_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // external_ips_public.go 4 | // 5 | // Written by Lennart Elsen lel@open.ch, July 2014 6 | // Copyright (c) 2014 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package main 14 | 15 | func externalIPs() []string { 16 | return []string{} 17 | } 18 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/list.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // list.go 4 | // 5 | // Written by Fabian Kohn fko@open.ch and 6 | // Lennart Elsen lel@open.ch and 7 | // Lorenz Breidenbach lob@open.ch, September 2015 8 | // Copyright (c) 2014 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package main 14 | 15 | import ( 16 | "OSAG/goDB" 17 | "OSAG/util" 18 | "encoding/json" 19 | "fmt" 20 | "os" 21 | "sort" 22 | "text/tabwriter" 23 | "time" 24 | ) 25 | 26 | // List interfaces for which data is available and show how many flows and 27 | // how much traffic was observed for each one. 28 | func listInterfaces(dbPath string, external bool) error { 29 | summary, err := goDB.ReadDBSummary(dbPath) 30 | if err != nil { 31 | return err 32 | } 33 | 34 | if external { 35 | if err := json.NewEncoder(os.Stdout).Encode(summary); err != nil { 36 | return err 37 | } 38 | } else { 39 | 40 | wtxt := tabwriter.NewWriter(os.Stdout, 0, 4, 4, ' ', tabwriter.AlignRight) 41 | fmt.Fprintln(wtxt, "") 42 | fmt.Fprintln(wtxt, "Iface\t# of flows\tTraffic\tFrom\tUntil\t") 43 | fmt.Fprintln(wtxt, "---------\t----------\t---------\t-------------------\t-------------------\t") 44 | 45 | tunnelInfos := util.TunnelInfos() 46 | 47 | ifaces := make([]string, 0, len(summary.Interfaces)) 48 | for iface := range summary.Interfaces { 49 | ifaces = append(ifaces, iface) 50 | } 51 | sort.Strings(ifaces) 52 | 53 | totalFlowCount, totalTraffic := uint64(0), uint64(0) 54 | for _, iface := range ifaces { 55 | ifaceDesc := iface 56 | if ti, haveTunnelInfo := tunnelInfos[iface]; haveTunnelInfo { 57 | ifaceDesc = fmt.Sprintf("%s (%s: %s)", 58 | iface, 59 | ti.PhysicalIface, 60 | ti.Peer, 61 | ) 62 | } 63 | 64 | is := summary.Interfaces[iface] 65 | 66 | fmt.Fprintf(wtxt, "%s\t%s\t%s\t%s\t%s\t\n", 67 | ifaceDesc, 68 | TextFormatter{}.Count(is.FlowCount), 69 | TextFormatter{}.Size(is.Traffic), 70 | time.Unix(is.Begin, 0).Format("2006-01-02 15:04:05"), 71 | time.Unix(is.End, 0).Format("2006-01-02 15:04:05")) 72 | totalFlowCount += is.FlowCount 73 | totalTraffic += is.Traffic 74 | } 75 | fmt.Fprintln(wtxt, "\t \t \t \t \t") 76 | fmt.Fprintf(wtxt, "Total\t%s\t%s\t\t\t\n", 77 | TextFormatter{}.Count(totalFlowCount), 78 | TextFormatter{}.Size(totalTraffic)) 79 | wtxt.Flush() 80 | } 81 | return nil 82 | } 83 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/ANY_interface.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "ANY", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "iface,sip,dip"], 3 | ["-i", "aNy", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "iface,sip,dip"], 4 | ["-i", "eth0,eth1,eth2,t_c1_fwde,t_c1_fwde1,tun_3g_c1_fw1,tun_3g_c1_fwde", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "iface,sip,dip"] 5 | ] 6 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/and_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "(dport != 53 & l7proto = HTTP)", "-n", "99999999", "-e", "json", "talk_conv"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/and_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth0","total_bytes":6319960,"total_packets":7744},"talk_conv":[{"bytes":3609184,"bytes_percent":57.107703213311474,"dip":"24.233.77.155","packets":3826,"packets_percent":49.40599173553719,"sip":"125.167.76.152"},{"bytes":1106228,"bytes_percent":17.503718377964418,"dip":"233.159.162.13","packets":1178,"packets_percent":15.211776859504132,"sip":"125.167.76.152"},{"bytes":582743,"bytes_percent":9.220675447312958,"dip":"69.249.133.210","packets":757,"packets_percent":9.775309917355372,"sip":"125.167.76.152"},{"bytes":335181,"bytes_percent":5.303530402091153,"dip":"185.155.37.214","packets":603,"packets_percent":7.786673553719008,"sip":"125.167.76.152"},{"bytes":215624,"bytes_percent":3.411793745530035,"dip":"185.155.37.106","packets":389,"packets_percent":5.023243801652892,"sip":"125.167.76.152"},{"bytes":181037,"bytes_percent":2.8645276235925543,"dip":"136.195.213.241","packets":113,"packets_percent":1.459194214876033,"sip":"125.167.76.152"},{"bytes":153842,"bytes_percent":2.4342242672421976,"dip":"159.13.29.98","packets":253,"packets_percent":3.2670454545454546,"sip":"125.167.76.152"},{"bytes":42210,"bytes_percent":0.6678839739492022,"dip":"247.206.92.157","packets":203,"packets_percent":2.6213842975206614,"sip":"125.167.76.152"},{"bytes":16111,"bytes_percent":0.2549224995094906,"dip":"17.92.23.141","packets":48,"packets_percent":0.6198347107438017,"sip":"125.167.76.152"},{"bytes":15557,"bytes_percent":0.24615662124443827,"dip":"132.61.3.140","packets":20,"packets_percent":0.25826446280991733,"sip":"125.167.76.152"},{"bytes":13148,"bytes_percent":0.20803929138792018,"dip":"239.133.173.41","packets":72,"packets_percent":0.9297520661157025,"sip":"125.167.76.152"},{"bytes":10916,"bytes_percent":0.17272261216843143,"dip":"190.138.132.69","packets":40,"packets_percent":0.5165289256198347,"sip":"125.167.76.152"},{"bytes":8077,"bytes_percent":0.1278014417812771,"dip":"239.164.193.192","packets":54,"packets_percent":0.6973140495867769,"sip":"125.167.76.152"},{"bytes":4601,"bytes_percent":0.07280109367780808,"dip":"24.233.77.196","packets":24,"packets_percent":0.30991735537190085,"sip":"125.167.76.152"},{"bytes":4483,"bytes_percent":0.07093399325312186,"dip":"192.22.59.160","packets":23,"packets_percent":0.297004132231405,"sip":"125.167.76.152"},{"bytes":3583,"bytes_percent":0.05669339679365059,"dip":"192.22.59.82","packets":27,"packets_percent":0.34865702479338845,"sip":"125.167.76.152"},{"bytes":3312,"bytes_percent":0.052405394970854245,"dip":"142.150.238.96","packets":13,"packets_percent":0.1678719008264463,"sip":"125.167.76.152"},{"bytes":3122,"bytes_percent":0.04939904682941031,"dip":"114.135.59.15","packets":19,"packets_percent":0.2453512396694215,"sip":"125.167.76.152"},{"bytes":2472,"bytes_percent":0.03911417160868107,"dip":"141.183.93.191","packets":24,"packets_percent":0.30991735537190085,"sip":"125.167.76.152"},{"bytes":1916,"bytes_percent":0.03031664757371882,"dip":"61.255.70.45","packets":14,"packets_percent":0.18078512396694216,"sip":"125.167.76.152"},{"bytes":1667,"bytes_percent":0.026376749219931772,"dip":"17.227.53.25","packets":9,"packets_percent":0.11621900826446281,"sip":"125.167.76.152"},{"bytes":1619,"bytes_percent":0.025617250742093305,"dip":"17.92.23.214","packets":7,"packets_percent":0.09039256198347108,"sip":"125.167.76.152"},{"bytes":1467,"bytes_percent":0.023212172228938156,"dip":"34.196.173.236","packets":13,"packets_percent":0.1678719008264463,"sip":"125.167.76.152"},{"bytes":1416,"bytes_percent":0.022405205096234785,"dip":"132.162.119.238","packets":11,"packets_percent":0.14204545454545456,"sip":"125.167.76.152"},{"bytes":444,"bytes_percent":0.007025360920005823,"dip":"11.26.172.233","packets":4,"packets_percent":0.05165289256198347,"sip":"125.167.76.152"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/day_border_above_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456444776", "-n", "99999999", "-e", "json", "sip"] 3 | ] 4 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/day_border_below_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456444775", "-n", "99999999", "-e", "json", "sip"] 3 | ] 4 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,iface,l7proto,proto,sip,time_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,iface,l7proto,proto,sip,time"], 3 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "raw"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,iface,l7proto,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-e", "json", "dip,dport,iface,l7proto,proto,sip,time"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,iface_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,iface"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,proto,sip,time_both.args.json: -------------------------------------------------------------------------------- 1 | [["-in", "-out", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,proto,sip,time"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,l7proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,l7proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,proto,sip"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "agg_talk_port"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport_both.args.json: -------------------------------------------------------------------------------- 1 | [["-in", "-out", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,dport_sum_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,dport"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,l7proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,l7proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,sip"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dip_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dip"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dst"], 4 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "talk_dst"] 5 | ] 6 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dnet_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dnet = 237.147.182.13/8", "-n", "99999999", "-e", "json", "talk_conv"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dnet_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes":837540059,"total_packets":408335},"talk_conv":[{"bytes":837227983,"bytes_percent":99.96273897628579,"dip":"237.147.182.13","packets":407897,"packets_percent":99.89273513169334,"sip":"154.203.92.216"},{"bytes":268343,"bytes_percent":0.03203942272568959,"dip":"237.218.188.96","packets":230,"packets_percent":0.0563263007089767,"sip":"154.203.92.156"},{"bytes":15745,"bytes_percent":0.001879910080814415,"dip":"237.195.83.187","packets":94,"packets_percent":0.023020314202799173,"sip":"154.203.92.203"},{"bytes":12174,"bytes_percent":0.0014535424149783862,"dip":"237.195.83.88","packets":63,"packets_percent":0.015428508455067531,"sip":"154.203.92.203"},{"bytes":9418,"bytes_percent":0.0011244835275395467,"dip":"237.15.117.131","packets":23,"packets_percent":0.00563263007089767,"sip":"154.203.92.100"},{"bytes":6396,"bytes_percent":0.0007636649651882502,"dip":"237.195.116.37","packets":28,"packets_percent":0.006857114868918902,"sip":"154.203.92.203"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,l7proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,l7proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,proto"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "apps_port"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dport_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dport"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/dst,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "dst,proto"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/equal_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport = 443", "-n", "99999999", "-e", "json", "talk_conv"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_in.args.json: -------------------------------------------------------------------------------- 1 | [["-in", "-d", "$TESTDB", "-i", "eth1", "-f", "1456428000", "-l", "1456473000", "-n", "2", "-x", "-e", "json", "sip,dip,dport,proto,l7proto"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_in.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"sip,dip,dport,proto,l7proto":[{"bytes":2967990640,"bytes_percent":59.948428773307675,"category":"Encryption","dip":"154.203.92.216","dport":"2049","l7proto":"SSL/TLS","packets":3448620,"packets_percent":72.43008172752494,"proto":"TCP","sip":"154.203.92.202"},{"bytes":795900636,"bytes_percent":16.075856825436713,"category":"Encryption","dip":"237.147.182.13","dport":"443","l7proto":"SSL/TLS","packets":96508,"packets_percent":2.0269215881598948,"proto":"TCP","sip":"154.203.92.216"}],"status":"ok","summary":{"interface":"eth1","total_bytes":4950906472,"total_packets":4761309}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_out.args.json: -------------------------------------------------------------------------------- 1 | [["-out", "-d", "$TESTDB", "-i", "eth1", "-f", "1456428000", "-l", "1456473000", "-n", "2", "-x", "-e", "json", "sip,dip,dport,proto,l7proto"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_out.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"sip,dip,dport,proto,l7proto":[{"bytes":7382130764,"bytes_percent":94.6343853779922,"category":"Encryption","dip":"154.203.92.216","dport":"2049","l7proto":"SSL/TLS","packets":6383108,"packets_percent":77.79643468494683,"proto":"TCP","sip":"154.203.92.202"},{"bytes":67905672,"bytes_percent":0.8705090357837956,"category":"Uncategorised","dip":"154.203.92.82","dport":"5405","l7proto":"Unknown_UDP","packets":390132,"packets_percent":4.754874687457533,"proto":"UDP","sip":"154.203.92.202"}],"status":"ok","summary":{"interface":"eth1","total_bytes":7800685485,"total_packets":8204885}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-d", "$TESTDB", "-i", "eth1", "-f", "1456428000", "-l", "1456473000", "-n", "2", "-x", "-e", "json", "sip,dip,dport,proto,l7proto"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/external_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"sip,dip,dport,proto,l7proto":[{"bytes":10350121404,"bytes_percent":81.16728827978447,"category":"Encryption","dip":"154.203.92.216","dport":"2049","l7proto":"SSL/TLS","packets":9831728,"packets_percent":75.82585915342621,"proto":"TCP","sip":"154.203.92.202"},{"bytes":813287016,"bytes_percent":6.377925350360236,"category":"Encryption","dip":"237.147.182.13","dport":"443","l7proto":"SSL/TLS","packets":395440,"packets_percent":3.049776981587658,"proto":"TCP","sip":"154.203.92.216"}],"status":"ok","summary":{"interface":"eth1","total_bytes":12751591957,"total_packets":12966194}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/greater_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport >= 443", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport > 443 | dport = 443", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/host_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "host=154.203.92.216", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "sip=154.203.92.216|dip=154.203.92.216", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/host_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes":11645459778,"total_packets":10666380},"talk_conv":[{"bytes":10456524008,"bytes_percent":89.79056393938112,"dip":"154.203.92.216","packets":10007384,"packets_percent":93.8217464594361,"sip":"154.203.92.202"},{"bytes":837227983,"bytes_percent":7.1893080991241565,"dip":"237.147.182.13","packets":407897,"packets_percent":3.824137148685871,"sip":"154.203.92.216"},{"bytes":344718267,"bytes_percent":2.9601086910387506,"dip":"154.155.92.202","packets":230045,"packets_percent":2.1567298371143724,"sip":"154.203.92.216"},{"bytes":5161245,"bytes_percent":0.04431980444216,"dip":"41.1.77.232","packets":4520,"packets_percent":0.04237613885873183,"sip":"154.203.92.216"},{"bytes":539755,"bytes_percent":0.004634896434228189,"dip":"185.227.213.62","packets":468,"packets_percent":0.004387617917231526,"sip":"154.203.92.216"},{"bytes":462384,"bytes_percent":0.003970508754609345,"dip":"154.203.161.202","packets":5928,"packets_percent":0.05557649361826599,"sip":"154.203.92.216"},{"bytes":308241,"bytes_percent":0.0026468770308434963,"dip":"148.30.124.46","packets":4318,"packets_percent":0.04048233796283275,"sip":"154.203.92.216"},{"bytes":259792,"bytes_percent":0.002230843650250595,"dip":"148.30.124.55","packets":3929,"packets_percent":0.03683536495043304,"sip":"154.203.92.216"},{"bytes":155814,"bytes_percent":0.0013379806634544026,"dip":"154.203.92.118","packets":1182,"packets_percent":0.011081547816597571,"sip":"154.203.92.216"},{"bytes":37769,"bytes_percent":0.0003243238199263823,"dip":"121.18.250.176","packets":75,"packets_percent":0.0007031438969922316,"sip":"154.203.92.216"},{"bytes":16562,"bytes_percent":0.00014221851533322946,"dip":"154.203.92.216","packets":208,"packets_percent":0.001950052407658456,"sip":"154.155.92.202"},{"bytes":9354,"bytes_percent":8.03231489208446e-05,"dip":"195.195.92.174","packets":55,"packets_percent":0.0005156388577943033,"sip":"154.203.92.216"},{"bytes":7896,"bytes_percent":6.780324822311193e-05,"dip":"232.153.185.45","packets":84,"packets_percent":0.0007875211646312995,"sip":"154.203.92.216"},{"bytes":7802,"bytes_percent":6.699606669664631e-05,"dip":"125.122.172.47","packets":83,"packets_percent":0.000778145912671403,"sip":"154.203.92.216"},{"bytes":7708,"bytes_percent":6.61888851701807e-05,"dip":"136.196.32.195","packets":82,"packets_percent":0.0007687706607115067,"sip":"154.203.92.216"},{"bytes":7332,"bytes_percent":6.296015906431823e-05,"dip":"191.181.187.118","packets":78,"packets_percent":0.0007312696528719209,"sip":"154.203.92.216"},{"bytes":4859,"bytes_percent":4.1724415288259994e-05,"dip":"84.201.227.216","packets":19,"packets_percent":0.00017812978723803202,"sip":"154.203.92.216"},{"bytes":1055,"bytes_percent":9.059324578949226e-06,"dip":"41.129.104.130","packets":10,"packets_percent":9.375251959896422e-05,"sip":"154.203.92.216"},{"bytes":1037,"bytes_percent":8.904757903668576e-06,"dip":"239.8.57.65","packets":10,"packets_percent":9.375251959896422e-05,"sip":"154.203.92.216"},{"bytes":915,"bytes_percent":7.85713932676639e-06,"dip":"240.241.251.62","packets":5,"packets_percent":4.687625979948211e-05,"sip":"154.203.92.216"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/in.args.json: -------------------------------------------------------------------------------- 1 | [["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-in", "-n", "99999999", "-e", "json", "talk_conv"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,proto"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,proto_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"l7proto,proto":[{"bytes":11621777604,"bytes_percent":91.13981723372362,"category":"Encryption","l7proto":"SSL/TLS","packets":10923273,"packets_percent":84.24425085726776,"proto":"TCP"},{"bytes":611014597,"bytes_percent":4.791673063727411,"category":"Remote_Access","l7proto":"SSH","packets":176406,"packets_percent":1.3605071773567479,"proto":"TCP"},{"bytes":187654808,"bytes_percent":1.4716186703024692,"category":"Uncategorised","l7proto":"Unknown_TCP","packets":264170,"packets_percent":2.037375038503974,"proto":"TCP"},{"bytes":131496909,"bytes_percent":1.0312195484565723,"category":"Uncategorised","l7proto":"Unknown_UDP","packets":932800,"packets_percent":7.194092576433763,"proto":"UDP"},{"bytes":85967695,"bytes_percent":0.6741722546478437,"category":"Measurement","l7proto":"Munin","packets":502171,"packets_percent":3.8729252392799305,"proto":"TCP"},{"bytes":68474371,"bytes_percent":0.5369868423558748,"category":"Web","l7proto":"HTTP_NonStandard","packets":85057,"packets_percent":0.6559904934323827,"proto":"TCP"},{"bytes":32655940,"bytes_percent":0.25609304399105626,"category":"Web","l7proto":"HTTPS","packets":38645,"packets_percent":0.29804428346514017,"proto":"TCP"},{"bytes":4167034,"bytes_percent":0.032678539385919594,"category":"Services","l7proto":"DNS","packets":27175,"packets_percent":0.20958347530508953,"proto":"UDP"},{"bytes":3921966,"bytes_percent":0.030756677387618513,"category":"Mail","l7proto":"IMAPS","packets":5552,"packets_percent":0.042819041578430805,"proto":"TCP"},{"bytes":2772563,"bytes_percent":0.02174287735483881,"category":"Web","l7proto":"HTTP","packets":4574,"packets_percent":0.03527635017646659,"proto":"TCP"},{"bytes":1410567,"bytes_percent":0.011061889407664647,"category":"Services","l7proto":"DNS_TCP","packets":3060,"packets_percent":0.023599831993875768,"proto":"TCP"},{"bytes":213366,"bytes_percent":0.0016732499025964558,"category":"Services","l7proto":"SSDP","packets":3084,"packets_percent":0.02378492871539636,"proto":"UDP"},{"bytes":40970,"bytes_percent":0.0003212932168638715,"category":"Mail","l7proto":"Invalid_SMTP","packets":96,"packets_percent":0.000740386886082377,"proto":"TCP"},{"bytes":14010,"bytes_percent":0.00010986863481237098,"category":"Services","l7proto":"mDNS","packets":88,"packets_percent":0.0006786879789088456,"proto":"UDP"},{"bytes":4091,"bytes_percent":3.208226873785936e-05,"category":"P2P","l7proto":"BitTorrent","packets":17,"packets_percent":0.00013111017774375427,"proto":"TCP"},{"bytes":2338,"bytes_percent":1.8334965609659056e-05,"category":"Services","l7proto":"DHCP","packets":6,"packets_percent":4.627418038014856e-05,"proto":"UDP"},{"bytes":1518,"bytes_percent":1.1904395977528848e-05,"category":"P2P","l7proto":"BitTorrent_UDP","packets":1,"packets_percent":7.712363396691428e-06,"proto":"UDP"},{"bytes":1242,"bytes_percent":9.739960345250875e-06,"category":"Uncategorised","l7proto":"Unsupported","packets":13,"packets_percent":0.00010026072415698854,"proto":"HOPOPT"},{"bytes":368,"bytes_percent":2.88591417637063e-06,"category":"Uncategorised","l7proto":"Unsupported","packets":6,"packets_percent":4.627418038014856e-05,"proto":"IGMP"}],"status":"ok","summary":{"interface":"eth1","total_bytes":12751591957,"total_packets":12966194}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "l7proto"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "apps_dpi"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/l7proto_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"apps_dpi":[{"bytes":11621777604,"bytes_percent":91.13981723372362,"category":"Encryption","l7proto":"SSL/TLS","packets":10923273,"packets_percent":84.24425085726776},{"bytes":611014597,"bytes_percent":4.791673063727411,"category":"Remote_Access","l7proto":"SSH","packets":176406,"packets_percent":1.3605071773567479},{"bytes":187654808,"bytes_percent":1.4716186703024692,"category":"Uncategorised","l7proto":"Unknown_TCP","packets":264170,"packets_percent":2.037375038503974},{"bytes":131496909,"bytes_percent":1.0312195484565723,"category":"Uncategorised","l7proto":"Unknown_UDP","packets":932800,"packets_percent":7.194092576433763},{"bytes":85967695,"bytes_percent":0.6741722546478437,"category":"Measurement","l7proto":"Munin","packets":502171,"packets_percent":3.8729252392799305},{"bytes":68474371,"bytes_percent":0.5369868423558748,"category":"Web","l7proto":"HTTP_NonStandard","packets":85057,"packets_percent":0.6559904934323827},{"bytes":32655940,"bytes_percent":0.25609304399105626,"category":"Web","l7proto":"HTTPS","packets":38645,"packets_percent":0.29804428346514017},{"bytes":4167034,"bytes_percent":0.032678539385919594,"category":"Services","l7proto":"DNS","packets":27175,"packets_percent":0.20958347530508953},{"bytes":3921966,"bytes_percent":0.030756677387618513,"category":"Mail","l7proto":"IMAPS","packets":5552,"packets_percent":0.042819041578430805},{"bytes":2772563,"bytes_percent":0.02174287735483881,"category":"Web","l7proto":"HTTP","packets":4574,"packets_percent":0.03527635017646659},{"bytes":1410567,"bytes_percent":0.011061889407664647,"category":"Services","l7proto":"DNS_TCP","packets":3060,"packets_percent":0.023599831993875768},{"bytes":213366,"bytes_percent":0.0016732499025964558,"category":"Services","l7proto":"SSDP","packets":3084,"packets_percent":0.02378492871539636},{"bytes":40970,"bytes_percent":0.0003212932168638715,"category":"Mail","l7proto":"Invalid_SMTP","packets":96,"packets_percent":0.000740386886082377},{"bytes":14010,"bytes_percent":0.00010986863481237098,"category":"Services","l7proto":"mDNS","packets":88,"packets_percent":0.0006786879789088456},{"bytes":4091,"bytes_percent":3.208226873785936e-05,"category":"P2P","l7proto":"BitTorrent","packets":17,"packets_percent":0.00013111017774375427},{"bytes":2338,"bytes_percent":1.8334965609659056e-05,"category":"Services","l7proto":"DHCP","packets":6,"packets_percent":4.627418038014856e-05},{"bytes":1610,"bytes_percent":1.2625874521621504e-05,"category":"Uncategorised","l7proto":"Unsupported","packets":19,"packets_percent":0.00014653490453713712},{"bytes":1518,"bytes_percent":1.1904395977528848e-05,"category":"P2P","l7proto":"BitTorrent_UDP","packets":1,"packets_percent":7.712363396691428e-06}],"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes":12751591957,"total_packets":12966194}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/less_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport <= 443", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport < 443 | dport = 443", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/multiple_interfaces.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth0,eth1,tun_3g_c1_fw1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip,dip"], 3 | ["-i", "tun_3g_c1_fw1,eth1,eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip,dip"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/multiple_interfaces_aggregate.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth0,eth1,tun_3g_c1_fw1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip,dip"], 3 | ["-i", "tun_3g_c1_fw1,eth1,eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip,dip"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/multiple_interfaces_cond.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth0,eth1,tun_3g_c1_fw1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport = 443", "-n", "99999999", "-e", "json", "iface,sip,dip"], 3 | ["-i", "tun_3g_c1_fw1,eth1,eth0", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport = 443", "-n", "99999999", "-e", "json", "iface,sip,dip"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/nested_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "({snet==125.0.0.0/8 or dnet -eq 237.0.0.0/8} & (sip -neq 125.167.76.152 || NOT [dip eq 237.147.182.13])) and (dport === 443 OR dport=8080 || dport=80)","-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "((snet=125.0.0.0/8 | dnet=237.0.0.0/8) & !(sip=125.167.76.152 & dip=237.147.182.13)) & (dport=443 | dport=8080 | dport=80)","-n", "99999999", "-e", "json", "talk_conv"], 4 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "((snet=125.0.0.0/8 | dnet=237.0.0.0/8) & (src!=125.167.76.152 | dst!=237.147.182.13)) & (dport=443 | dport=8080 | dport=80)","-n", "99999999", "-e", "json", "talk_conv"], 5 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "((snet=125.0.0.0/8 | dnet=237.0.0.0/8) & (sip!=125.167.76.152 | dip!=237.147.182.13)) & (dport=443 | dport=8080 | dport=80)","-n", "99999999", "-e", "json", "talk_conv"], 6 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "(dport=443 | dport=80 | dport=8080) & ((dnet=237.0.0.0/8 | snet=125.0.0.0/8) & (dip!=237.147.182.13 | sip!=125.167.76.152))","-n", "99999999", "-e", "json", "talk_conv"] 7 | ] 8 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/nested_both.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes_rcvd":819286059,"total_bytes_sent":18254000,"total_packets_rcvd":99300,"total_packets_sent":309035},"talk_conv":[{"bytes_percent":99.96273897628579,"bytes_rcvd":819261631,"bytes_sent":17966352,"dip":"237.147.182.13","packets_percent":99.89273513169334,"packets_rcvd":99142,"packets_sent":308755,"sip":"154.203.92.216"},{"bytes_percent":0.03203942272568959,"bytes_rcvd":4223,"bytes_sent":264120,"dip":"237.218.188.96","packets_percent":0.0563263007089767,"packets_rcvd":51,"packets_sent":179,"sip":"154.203.92.156"},{"bytes_percent":0.001879910080814415,"bytes_rcvd":6640,"bytes_sent":9105,"dip":"237.195.83.187","packets_percent":0.023020314202799173,"packets_rcvd":49,"packets_sent":45,"sip":"154.203.92.203"},{"bytes_percent":0.0014535424149783862,"bytes_rcvd":6356,"bytes_sent":5818,"dip":"237.195.83.88","packets_percent":0.015428508455067531,"packets_rcvd":32,"packets_sent":31,"sip":"154.203.92.203"},{"bytes_percent":0.0011244835275395467,"bytes_rcvd":2288,"bytes_sent":7130,"dip":"237.15.117.131","packets_percent":0.00563263007089767,"packets_rcvd":11,"packets_sent":12,"sip":"154.203.92.100"},{"bytes_percent":0.0007636649651882502,"bytes_rcvd":4921,"bytes_sent":1475,"dip":"237.195.116.37","packets_percent":0.006857114868918902,"packets_rcvd":15,"packets_sent":13,"sip":"154.203.92.203"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/net_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "net!=154.203.49.202/24", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "snet != 154.203.49.202/24 & dnet != 154.203.49.202/24", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/notequal_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dport != 443", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "! dport = 443", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/or_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "(dport = 443 | dport = 80)", "-n", "99999999", "-e", "json", "talk_conv"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/out.args.json: -------------------------------------------------------------------------------- 1 | [["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-out", "-e", "json", "talk_conv"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/precedence_both.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "sip = 154.203.92.202 | (sip = 154.203.92.156 & dport = 22)", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "sip = 154.203.92.202 | sip = 154.203.92.156 & dport = 22", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/precedence_both.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes_rcvd":3354312305,"total_bytes_sent":7557990283,"total_packets_rcvd":3968664,"total_packets_sent":7146474},"talk_conv":[{"bytes_percent":95.82325933207525,"bytes_rcvd":3034836316,"bytes_sent":7421687692,"dip":"154.203.92.216","packets_percent":90.03382594080253,"packets_rcvd":3525335,"packets_sent":6482049,"sip":"154.203.92.202"},{"bytes_percent":3.694747288655372,"bytes_rcvd":295781525,"bytes_sent":107400479,"dip":"154.203.92.82","packets_percent":8.253617723864517,"packets_rcvd":350343,"packets_sent":567058,"sip":"154.203.92.202"},{"bytes_percent":0.2233833034176123,"bytes_rcvd":19045457,"bytes_sent":5330805,"dip":"154.203.92.254","packets_percent":0.7214485326228068,"packets_rcvd":40071,"packets_sent":40119,"sip":"154.203.92.202"},{"bytes_percent":0.221909150747241,"bytes_rcvd":4293842,"bytes_sent":19921556,"dip":"154.203.92.202","packets_percent":0.9494349058014394,"packets_rcvd":51642,"packets_sent":53889,"sip":"154.203.92.156"},{"bytes_percent":0.03295062587390195,"bytes_rcvd":83492,"bytes_sent":3512180,"dip":"154.203.92.118","packets_percent":0.027512029090417053,"packets_rcvd":483,"packets_sent":2575,"sip":"154.203.92.156"},{"bytes_percent":0.0030061483115464355,"bytes_rcvd":231271,"bytes_sent":96769,"dip":"154.203.92.235","packets_percent":0.01109297968230354,"packets_rcvd":613,"packets_sent":620,"sip":"154.203.92.202"},{"bytes_percent":0.0004563289882994949,"bytes_rcvd":33491,"bytes_sent":16305,"dip":"154.203.14.202","packets_percent":0.0015744293952985558,"packets_rcvd":94,"packets_sent":81,"sip":"154.203.92.156"},{"bytes_percent":0.0002004709805614859,"bytes_rcvd":5031,"bytes_sent":16845,"dip":"154.203.92.100","packets_percent":0.0010976022070081361,"packets_rcvd":61,"packets_sent":61,"sip":"154.203.92.202"},{"bytes_percent":8.735095020625723e-05,"bytes_rcvd":1880,"bytes_sent":7652,"dip":"154.203.92.42","packets_percent":0.0003958565336750655,"packets_rcvd":22,"packets_sent":22,"sip":"154.203.92.202"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/proto,sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "proto,sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/proto,sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "proto,sip"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/proto,src_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "proto,src"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/proto,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "proto,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/proto_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "proto = UDP", "-n", "99999999", "-e", "json", "talk_conv"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/range_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"dport":[{"bytes":943394841,"bytes_percent":56.904750837207885,"dport":"443","packets":555801,"packets_percent":57.89991811937071},{"bytes":633314775,"bytes_percent":38.2009927409571,"dport":"22","packets":268569,"packets_percent":27.977860977942232},{"bytes":71429725,"bytes_percent":4.308578473024826,"dport":"80","packets":92741,"packets_percent":9.66118503980482},{"bytes":5293644,"bytes_percent":0.31930797132786154,"dport":"993","packets":13370,"packets_percent":1.3928040886144255},{"bytes":4158680,"bytes_percent":0.2508479365446092,"dport":"53","packets":27105,"packets_percent":2.823631624674196},{"bytes":207176,"bytes_percent":0.012496674930883347,"dport":"123","packets":2204,"packets_percent":0.2295991182727146},{"bytes":40970,"bytes_percent":0.002471274529473929,"dport":"587","packets":96,"packets_percent":0.010000687547268875},{"bytes":6770,"bytes_percent":0.0004083604726516597,"dport":"774","packets":41,"packets_percent":0.004271126973312748},{"bytes":2338,"bytes_percent":0.00014102611300732354,"dport":"67","packets":6,"packets_percent":0.0006250429717043047},{"bytes":78,"bytes_percent":4.704891708542018e-06,"dport":"23","packets":1,"packets_percent":0.0001041738286173841}],"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes":1657848997,"total_packets":959934}} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/sip,time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip,time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/sip_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "sip"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "src"], 4 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "talk_src"] 5 | ] 6 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/sipdip_sum.args.json: -------------------------------------------------------------------------------- 1 | [ 2 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "sip equals 154.203.92.216 and dip -eq 237.147.182.13", "-n", "99999999", "-e", "json", "talk_conv"], 3 | ["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "dip = 237.147.182.13 & sip = 154.203.92.216", "-n", "99999999", "-e", "json", "talk_conv"] 4 | ] 5 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/sipdip_sum.correctOutput.json: -------------------------------------------------------------------------------- 1 | {"ext_ips":[],"status":"ok","summary":{"interface":"eth1","total_bytes":837227983,"total_packets":407897},"talk_conv":[{"bytes":837227983,"bytes_percent":100,"dip":"237.147.182.13","packets":407897,"packets_percent":100,"sip":"154.203.92.216"}]} 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/snet.args.json: -------------------------------------------------------------------------------- 1 | [["-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-c", "snet = 154.203.92.0/24", "-n", "99999999", "-e", "json", "talk_conv"]] 2 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/output_consistency/time_sum.args.json: -------------------------------------------------------------------------------- 1 | [["-sum", "-i", "eth1", "-d", "$TESTDB", "-f", "1456428000", "-l", "1456473000", "-n", "99999999", "-e", "json", "time"]] -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/query/query_test.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // query_test.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, August 2015 6 | // Copyright (c) 2015 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package main 12 | 13 | import ( 14 | "encoding/json" 15 | "strings" 16 | "testing" 17 | ) 18 | 19 | var emptyOutputArgs = [][]string{ 20 | {"-i", "eth1", "-d", SMALL_GODB, "-f", "-30000d", "-c", "dport < 100 & dport > 100", "-e", "json", "talk_conv"}, 21 | // border case: 22 | // the value of the -l parameter forces us to consider the day 1456358400, 23 | // but day 1456358400 contains no blocks with timestamp < 1456428875 24 | // (= 1456428575 + DB_WRITEOUT_INTERVAL). 25 | {"-i", "eth1", "-d", SMALL_GODB, "-f", "-30000d", "-l", "1456428575", "-e", "json", "raw"}, 26 | } 27 | 28 | // Check that goQuery correctly handles the case where there is no output. 29 | func TestEmptyOutput(t *testing.T) { 30 | t.Parallel() 31 | 32 | checkDbExists(t, SMALL_GODB) 33 | 34 | for _, args := range emptyOutputArgs { 35 | cmd := callMain(args...) 36 | actualOutputJson, err := cmd.Output() 37 | if err != nil { 38 | t.Fatalf("Error running goQuery") 39 | } 40 | 41 | // We are running our real main() inside the test executable's main(). The latter always prints PASS\n 42 | // if there were no errors. This makes the JSON parser unhappy, so we remove it from the output. 43 | actualOutputJson = actualOutputJson[:len(actualOutputJson)-len("PASS\n")] 44 | 45 | var actualOutput map[string]string 46 | err = json.Unmarshal(actualOutputJson, &actualOutput) 47 | if err != nil { 48 | t.Log(actualOutputJson) 49 | t.Log(args) 50 | t.Fatalf("Failed to parse output as JSON: %s", err) 51 | } 52 | if actualOutput["status"] != "empty" || actualOutput["statusMessage"] != ERROR_NORESULTS { 53 | t.Fatalf("Unexpected output: %v", actualOutput) 54 | } 55 | } 56 | } 57 | 58 | var dnsArgs = []string{ 59 | "-i", "eth1", "-d", SMALL_GODB, "-f", "-30000d", "-c", "sip = 1b5ec0b902e689122ededcfac01ee69ed3c8422c.open.ch", "talk_conv", 60 | } 61 | 62 | // Checks whether name resolution for conditionals is attempted. 63 | func TestDNS(t *testing.T) { 64 | t.Parallel() 65 | 66 | checkDbExists(t, SMALL_GODB) 67 | 68 | output, err := callMain(dnsArgs...).CombinedOutput() 69 | if err != nil { 70 | t.Fatalf("Error running goQuery") 71 | } 72 | if !strings.Contains(string(output), "no such host") { 73 | t.Fatalf("Expected to get 'no such host' error.") 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/util/tunnel_info.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // tunnel_info.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | package util 12 | 13 | type TunnelInfo struct { 14 | PhysicalIface string 15 | Peer string 16 | } 17 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/util/tunnel_info_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // tunnel_info_public.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package util 14 | 15 | func TunnelInfos() map[string]TunnelInfo { 16 | return nil 17 | } 18 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/version/version.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // version.go 4 | // 5 | // Provides a single place to store/retrieve all version information 6 | // 7 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 8 | // Copyright (c) 2016 Open Systems AG, Switzerland 9 | // All Rights Reserved. 10 | // 11 | ///////////////////////////////////////////////////////////////////////////////// 12 | 13 | package version 14 | 15 | import ( 16 | "fmt" 17 | "runtime" 18 | ) 19 | 20 | // these variables are set during build by the command 21 | // go build -ldflags "-X OSAG/version.version=3.14 ..." 22 | var ( 23 | version = "unknown" 24 | commit = "unknown" 25 | builddate = "unknown" 26 | ) 27 | 28 | // Returns the version number of goProbe/goQuery, e.g. "2.1" 29 | func Version() string { 30 | return version 31 | } 32 | 33 | // Returns the git commit sha1 of goProbe/goQuery. If the build 34 | // was from a dirty tree, the hash will be prepended with a "!". 35 | func Commit() string { 36 | return commit 37 | } 38 | 39 | // Returns the date and time when goProbe/goQuery were built. 40 | func BuildDate() string { 41 | return builddate 42 | } 43 | 44 | // Returns ready-for-printing output for the -version target 45 | // containing the build kind, version number, commit hash, build date and 46 | // go version. 47 | func VersionText() string { 48 | return fmt.Sprintf( 49 | "%s version %s (commit id: %s, built on: %s) using go %s", 50 | BUILD_KIND, 51 | version, 52 | commit, 53 | builddate, 54 | runtime.Version(), 55 | ) 56 | } 57 | -------------------------------------------------------------------------------- /addon/gocode/src/OSAG/version/version_public.go: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // version_public.go 4 | // 5 | // Written by Lorenz Breidenbach lob@open.ch, February 2016 6 | // Copyright (c) 2016 Open Systems AG, Switzerland 7 | // All Rights Reserved. 8 | // 9 | ///////////////////////////////////////////////////////////////////////////////// 10 | 11 | // +build !OSAG 12 | 13 | package version 14 | 15 | const BUILD_KIND = "public" 16 | -------------------------------------------------------------------------------- /addon/gopacket-v1.1.15.patch: -------------------------------------------------------------------------------- 1 | Binary files gopacket/.git/index and gopacket_patched/.git/index differ 2 | Binary files gopacket/goimports and gopacket_patched/goimports differ 3 | diff -rupN gopacket/layers/enums.go gopacket_patched/layers/enums.go 4 | --- gopacket/layers/enums.go 2018-11-01 18:52:33.000000000 +1100 5 | +++ gopacket_patched/layers/enums.go 2018-11-01 19:00:49.000000000 +1100 6 | @@ -103,6 +103,7 @@ const ( 7 | LinkTypeSLIP LinkType = 8 8 | LinkTypePPP LinkType = 9 9 | LinkTypeFDDI LinkType = 10 10 | + LinkTypeOVPN LinkType = 12 11 | LinkTypePPP_HDLC LinkType = 50 12 | LinkTypePPPEthernet LinkType = 51 13 | LinkTypeATM_RFC1483 LinkType = 100 14 | @@ -375,6 +376,7 @@ func initActualTypeData() { 15 | LinkTypeMetadata[LinkTypeLoop] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeLoopback), Name: "Loop"} 16 | LinkTypeMetadata[LinkTypeIEEE802_11] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeDot11), Name: "802.11"} 17 | LinkTypeMetadata[LinkTypeRaw] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeIPv4or6), Name: "Raw"} 18 | + LinkTypeMetadata[LinkTypeOVPN] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeIPv4or6), Name: "OVPN"} // Open Systems addition for OpenVPN tunnels 19 | LinkTypeMetadata[LinkTypePFLog] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodePFLog), Name: "PFLog"} 20 | LinkTypeMetadata[LinkTypeIEEE80211Radio] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeRadioTap), Name: "RadioTap"} 21 | LinkTypeMetadata[LinkTypeLinuxUSB] = EnumMetadata{DecodeWith: gopacket.DecodeFunc(decodeUSB), Name: "USB"} 22 | diff -rupN gopacket/packet.go gopacket_patched/packet.go 23 | --- gopacket/packet.go 2018-11-01 18:52:33.000000000 +1100 24 | +++ gopacket_patched/packet.go 2018-11-01 19:00:40.000000000 +1100 25 | @@ -31,6 +31,8 @@ type CaptureInfo struct { 26 | Length int 27 | // InterfaceIndex 28 | InterfaceIndex int 29 | + // Addition to account for LIBPCAP direction patch 30 | + Inbound uint8 31 | // The packet source can place ancillary data of various types here. 32 | // For example, the afpacket source can report the VLAN of captured 33 | // packets this way. 34 | diff -rupN gopacket/pcap/pcap.go gopacket_patched/pcap/pcap.go 35 | --- gopacket/pcap/pcap.go 2018-11-01 18:52:33.000000000 +1100 36 | +++ gopacket_patched/pcap/pcap.go 2018-11-01 19:00:59.000000000 +1100 37 | @@ -414,6 +414,7 @@ func (p *Handle) getNextBufPtrLocked(ci 38 | ci.CaptureLength = int(p.pkthdr.caplen) 39 | ci.Length = int(p.pkthdr.len) 40 | ci.InterfaceIndex = p.deviceIndex 41 | + ci.Inbound = uint8(p.pkthdr.inbound) 42 | 43 | return nil 44 | case NextErrorNoMorePackets: 45 | -------------------------------------------------------------------------------- /addon/goprobe.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=goProbe Network Traffic Monitor 3 | After=syslog.target network.target 4 | 5 | [Service] 6 | Type=simple 7 | Environment=LD_LIBRARY_PATH=PREFIX/goProbe/lib 8 | PIDFile=/var/run/goprobe.pid 9 | ExecStartPre=/bin/rm -f /var/run/goprobe.pid 10 | ExecStartPre=/bin/rm -f PREFIX/goProbe/db/control.sock 11 | ExecStart=PREFIX/goProbe/bin/goProbe -config /opt/ntm/goProbe/etc/goprobe.conf & 12 | ExecReload=PREFIX/goProbe/shared/goprobe.targets reload 13 | ExecStop=/usr/bin/pkill -15 goProbe 14 | ExecStopPost=/bin/rm -f /var/run/goprobe.pid 15 | ExecStopPost=/bin/rm -f /opt/ntm/goProbe/db/control.sock 16 | Restart=on-failure 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /addon/goprobe.targets: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | case $1 in 4 | reload) 5 | /bin/echo "RELOAD" | /usr/bin/socat - UNIX-CONNECT:PREFIX/goProbe/db/control.sock > /dev/null 6 | ;; 7 | status) 8 | output=$( /bin/echo "STATUS" | /usr/bin/socat - UNIX-CONNECT:/opt/ntm/goProbe/db/control.sock | sed 's/DONE//g' ) 9 | echo "0 $output" | PREFIX/goProbe/shared/gp_status.pl 10 | ;; 11 | debug) 12 | output=$( /bin/echo "STATUS" | /usr/bin/socat - UNIX-CONNECT:/opt/ntm/goProbe/db/control.sock | sed 's/DONE//g' ) 13 | echo "1 $output" | PREFIX/goProbe/shared/gp_status.pl 14 | ;; 15 | *) 16 | ;; 17 | esac 18 | 19 | exit 0 20 | -------------------------------------------------------------------------------- /addon/gp_status.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | ############################################################################### 3 | # 4 | # gp_status.pl 5 | # 6 | # Written by Lennart Elsen lel@open.ch, December 2015 7 | # Copyright (c) 2015 Open Systems AG, Switzerland 8 | # All Rights Reserved. 9 | # 10 | # Helper script to correctly format goprobe's status output coming from the 11 | # control socket. 12 | # 13 | ################################################################################ 14 | use strict; 15 | use warnings; 16 | 17 | my $MAX_WIDTH = 8; 18 | 19 | my $SL_INDENT = 54; 20 | 21 | my $SL_NOCOLORS=0; 22 | 23 | my $SL_RED = ''; 24 | my $SL_GREEN = ''; 25 | my $SL_YELLOW = ''; 26 | my $SL_NORMAL = ''; 27 | 28 | if(!$ENV{'NOCOLORS'}) { 29 | $SL_RED =sprintf("%c[1;31m",27); 30 | $SL_GREEN =sprintf("%c[1;32m",27); 31 | $SL_YELLOW=sprintf("%c[1;33m",27); 32 | $SL_NORMAL=sprintf("%c[0;39m",27); 33 | } 34 | 35 | my $_status_open = 0; 36 | 37 | sub statusline { 38 | my $string = shift; 39 | my $dots = $SL_INDENT - length($string); 40 | $dots=1 if ($dots<1); 41 | printf("- %-s%-s",$string,"."x$dots); 42 | $_status_open = 1; 43 | } 44 | 45 | sub statusok { 46 | my $resultcode = shift; 47 | my $shortmessage = shift || ""; 48 | 49 | if($resultcode =~ /^(ok|success)$/) { 50 | printf("[ %sOK%s ] %s\n",$SL_GREEN,$SL_NORMAL,$shortmessage); 51 | } elsif($resultcode =~ /^(warn|warning)$/) { 52 | printf("[ %sATTN%s ] %s\n",$SL_YELLOW,$SL_NORMAL,$shortmessage); 53 | } else { 54 | printf("[%sFAILED%s] %s\n",$SL_RED,$SL_NORMAL,$shortmessage); 55 | } 56 | 57 | $_status_open = 0; 58 | } 59 | 60 | sub statusline_is_open { 61 | return $_status_open; 62 | } 63 | 64 | sub humanize { 65 | my $precision = shift; my $div = shift; my $count = 0; 66 | 67 | my %units = ( 68 | 1024 => ["B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"], 69 | 1000 => ["", "K", "M", "G", "T", "P", "E", "Z", "Y"], 70 | ); 71 | 72 | my @ret; 73 | foreach my $item ( @_ ){ 74 | $count=0; 75 | while ($item > $div) { 76 | $item /= $div; 77 | $count++; 78 | } 79 | 80 | my $fmt_item = ( $count == 0 ? $item : sprintf("%${precision}f %s", $item, @{$units{$div}}[$count]) ); 81 | 82 | my $spaces = $MAX_WIDTH - length($fmt_item); 83 | $fmt_item = sprintf("%-s%-s"," "x$spaces, $fmt_item); 84 | 85 | push(@ret, $fmt_item); 86 | } 87 | return @ret; 88 | } 89 | 90 | my $lnum=0; 91 | my ($detailed, $time_elapsed); 92 | my ($t_rcv_gp, $t_rcv_pcap, $t_drop_pcap, $t_ifdrop); 93 | my $iface_states; 94 | 95 | # this script reads from STDIN 96 | while(<>) { 97 | chomp($_); 98 | if ($lnum == 0) { 99 | ($detailed, $time_elapsed) = split(" ", $_); 100 | $lnum++; next; 101 | } 102 | 103 | my ($iface, $state, $rcv_gp, $rcv_pcap, $drop_pcap, $ifdrop) = split(" ", $_); 104 | $iface_states->{$iface} = { 105 | state => $state, 106 | rcv_gp => $rcv_gp, rcv_pcap => $rcv_pcap, 107 | drop_pcap => $drop_pcap, ifdrop => $ifdrop, 108 | }; 109 | 110 | $t_rcv_gp += $rcv_gp; 111 | $t_rcv_pcap += $rcv_pcap; 112 | $t_drop_pcap += $drop_pcap; 113 | $t_ifdrop += $ifdrop; 114 | 115 | $lnum++; 116 | } 117 | 118 | my $last_write = "${time_elapsed}s ago"; 119 | 120 | print "Interface Capture Statistics:\n 121 | last writeout: ", sprintf("%-s%-s", " "x($MAX_WIDTH-length($last_write)), $last_write)," 122 | packets received: ", humanize(".2", "1000", $t_rcv_gp)," 123 | dropped by pcap: ", humanize(".2", "1000", $t_drop_pcap)," 124 | dropped by iface: ", humanize(".2", "1000", $t_ifdrop),"\n\n"; 125 | 126 | # print detailed statistics 127 | if ($detailed) { 128 | # prepare header assumes that SL_INDENT = 54 from statusline 129 | my $spaces=66; 130 | my $header="PKTS RCV DROP IF DROP"; 131 | $header = sprintf("%-s%-s"," "x$spaces, $header); 132 | print "$header\n"; 133 | 134 | # prepare individual iface stats 135 | foreach my $iface (sort keys %{ $iface_states } ) { 136 | statusline("$iface "); 137 | my $stats = $iface_states->{$iface}; 138 | if ($stats->{'state'} eq "active") { 139 | statusok("ok", " " . 140 | join(" ", 141 | humanize(".2", "1000", 142 | $stats->{rcv_gp}, 143 | $stats->{drop_pcap}, 144 | $stats->{ifdrop}, 145 | ), 146 | ), 147 | ); 148 | } else { 149 | statusok("warn", "not capturing"); 150 | } 151 | } 152 | 153 | print "\n"; 154 | } 155 | 156 | 1; 157 | -------------------------------------------------------------------------------- /addon/libpcap-1.9.0.patch: -------------------------------------------------------------------------------- 1 | diff -rupN libpcap-1.9.0/pcap/pcap.h libpcap-1.9.0_patched/pcap/pcap.h 2 | --- libpcap-1.9.0/pcap/pcap.h 2018-07-23 03:08:39.000000000 +1000 3 | +++ libpcap-1.9.0_patched/pcap/pcap.h 2018-11-01 19:29:00.000000000 +1100 4 | @@ -200,6 +200,7 @@ struct pcap_pkthdr { 5 | struct timeval ts; /* time stamp */ 6 | bpf_u_int32 caplen; /* length of portion present */ 7 | bpf_u_int32 len; /* length this packet (off wire) */ 8 | + u_int8_t inbound; /* direction as seen from interface */ 9 | }; 10 | 11 | /* 12 | diff -rupN libpcap-1.9.0/pcap-linux.c libpcap-1.9.0_patched/pcap-linux.c 13 | --- libpcap-1.9.0/pcap-linux.c 2018-07-23 03:08:39.000000000 +1000 14 | +++ libpcap-1.9.0_patched/pcap-linux.c 2018-11-01 19:29:40.000000000 +1100 15 | @@ -4931,6 +4931,10 @@ static int pcap_handle_packet_mmap( 16 | 17 | /* if required build in place the sll header*/ 18 | sll = (void *)frame + TPACKET_ALIGN(handlep->tp_hdrlen); 19 | + 20 | + /* OSAG addition: store direction of packet */ 21 | + pcaphdr.inbound = ( sll->sll_pkttype == PACKET_OUTGOING ? 0 : 1 ); 22 | + 23 | if (handlep->cooked) { 24 | struct sll_header *hdrp; 25 | 26 | -------------------------------------------------------------------------------- /addon/serialize_ipprot_list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo -e "package goDB\n\nvar IPProtocols = map[int] string {" 4 | egrep -v "^#" /etc/protocols | egrep -v "^ip\s+0\s+IP" | egrep -v "^(\s+)?$" | sort -unk2 | awk '{print " " $2 ": \"" $3 "\","}' 5 | echo -e " 255: \"UNKNOWN\",\n}\n\nfunc GetIPProto(id int) string {\n return IPProtocols[id]\n}\n" 6 | 7 | echo -e "\nvar IPProtocolIDs = map[string] int {" 8 | egrep -v "^#" /etc/protocols | egrep -v "^ip\s+0\s+IP" | egrep -v "^(\s+)?$" | grep -v "for experimentation and testing" | sort -unk2 | awk '{print " \"" $3 "\": " $2 ","}' 9 | echo -e " \"UNKNOWN\": 255,\n}\n\nfunc GetIPProtoID(name string) (uint64, bool) {\n ret, ok := IPProtocolIDs[name]\n return uint64(ret), ok\n}\n" 10 | 11 | exit 0 12 | -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth0/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth0/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth1/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth1/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/eth2/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/eth2/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/summary.json: -------------------------------------------------------------------------------- 1 | {"interfaces":{"eth0":{"flowcount":11744,"traffic":8092397565,"begin":1456428875,"end":1456472675},"eth1":{"flowcount":8267,"traffic":12751591957,"begin":1456428875,"end":1456472675},"eth2":{"flowcount":345,"traffic":1166017,"begin":1456428875,"end":1456472675},"t_c1_fwde":{"flowcount":3046,"traffic":7466701514,"begin":1456428875,"end":1456472675},"t_c1_fwde1":{"flowcount":776,"traffic":91580365,"begin":1456428875,"end":1456472675},"tun_3g_c1_fw1":{"flowcount":147,"traffic":82629,"begin":1456428875,"end":1456472675},"tun_3g_c1_fwde":{"flowcount":147,"traffic":70585,"begin":1456428875,"end":1456472675}}} 2 | -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/t_c1_fwde1/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/t_c1_fwde1/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fw1/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fw1/1456444800/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456358400/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456358400/sip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/bytes_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/bytes_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/bytes_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/bytes_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/dip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/dip.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/dport.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/dport.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/l7proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/l7proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/pkts_rcvd.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/pkts_rcvd.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/pkts_sent.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/pkts_sent.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/proto.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/proto.gpf -------------------------------------------------------------------------------- /addon/testdb/tun_3g_c1_fwde/1456444800/sip.gpf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/open-ch/goProbe/c20b0bb68880a86dbd0cb07d293c4dcfa2599f71/addon/testdb/tun_3g_c1_fwde/1456444800/sip.gpf --------------------------------------------------------------------------------