added timeframe flag + refactoring

alessio-perugini · May 11, 2020 · b6561db · b6561db
1 parent dcabba6
commit b6561db
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 54 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -7,7 +7,7 @@ import (
 	"log"
 	"net/url"
 	"os"
-	"os/signal"
+	"time"
 )
 
 var (
@@ -22,6 +22,7 @@ var (
 		SaveFilePath:       "./peng-port-scan.log",
 		UseInflux:          false,
 	}
+	timeFrame = "1m"
 
 	versionFlag bool
 	version     = "0.0.0"
@@ -43,6 +44,7 @@ func init() {
 	//other
 	flag.BoolVar(&versionFlag, "version", false, "output version")
 	flag.StringVar(&config.SaveFilePath, "saveResult", "", "path to save the peng result")
+	flag.StringVar(&timeFrame, "timeFrame", "1m", "interval time to detect scans")
 
 }
 
@@ -73,21 +75,21 @@ func flagConfig() {
 		log.Fatal("You must provide at least 1 method to send the data")
 	}
 
+	//Check timeFrame input to perform port scan detection
+	if v, err := time.ParseDuration(timeFrame); err != nil {
+		log.Fatal("Invalid interval format.")
+	} else if v.Seconds() <= 0 {
+		log.Fatal("Interval too short it must be at least 1 second long")
+	} else {
+		config.TimeFrame = v
+	}
+
 	fmt.Printf("%s\n", appString)
 }
 
 func main() {
 	flagConfig()
 
-	c := make(chan os.Signal, 1)
-	signal.Notify(c, os.Interrupt)
-	go func() {
-		for sig := range c {
-			fmt.Println("Signalllll: ", sig)
-			os.Exit(1)
-		}
-	}()
-
 	peng := p.New(&config)
 	peng.Start()
 }
diff --git a/inspection.go b/inspection.go
@@ -18,39 +18,38 @@ func (p *Peng) inspect(packet gopacket.Packet) {
 	}
 
 	ipv4, _ := ipv4Layer.(*layers.IPv4)
-	//TODO check if in the flow src and dst non sono entrambe nella mia lista d'ip locale
 	var packetDestToMyPc bool
 	for _, ip := range myIPs {
 		if ipv4.SrcIP.Equal(ip) {
 			break
 		}
 		if !packetDestToMyPc && ipv4.DstIP.Equal(ip) {
 			packetDestToMyPc = true
+			break
 		}
 	}
-	//Discard the request that doesn't contain my ip on destIp
 
 	if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
 		tcp, _ := tcpLayer.(*layers.TCP)
 		if tcp.SYN && !tcp.ACK {
 			fmt.Println(tcp.DstPort)
 			if packetDestToMyPc {
-				p.ServerFlowBtmp.addFlowPort(uint16(tcp.DstPort))
+				p.ServerFlowBtmp.addPortToBitmap(uint16(tcp.DstPort))
 			} else {
-				p.ClientFlowBtmp.addFlowPort(uint16(tcp.DstPort))
+				p.ClientFlowBtmp.addPortToBitmap(uint16(tcp.DstPort))
 			}
 		}
 	}
 }
 
-func (cf *ClientTraffic) addFlowPort(port uint16) {
+func (cf *ClientTraffic) addPortToBitmap(port uint16) {
 	err := cf.Portbitmap.AddPort(port)
 	if err != nil {
 		log.Println(err.Error())
 	}
 }
 
-func (sf *ServerTraffic) addFlowPort(port uint16) {
+func (sf *ServerTraffic) addPortToBitmap(port uint16) {
 	err := sf.Portbitmap.AddPort(port)
 	if err != nil {
 		log.Println(err.Error())

diff --git a/peng.go b/peng.go
@@ -9,6 +9,7 @@ import (
 	"github.com/influxdata/influxdb-client-go"
 	"log"
 	"os"
+	"os/signal"
 	"time"
 )
 
@@ -19,24 +20,12 @@ type Peng struct {
 	ServerFlowBtmp ServerTraffic
 }
 
-/*
-type Flow interface {
-	addFlowPort()
-	EntropyTotalStandard()
-	EntropyTotal()
-	EntropyOfEachBin()
-	printInfo()
-	entropyOfEachBin()
-}*/
-
 type ClientTraffic struct {
-	TimeFrame  time.Duration
 	Portbitmap *portbitmap.PortBitmap
 	peng       *Peng //TODO u sure?
 }
 
 type ServerTraffic struct {
-	TimeFrame  time.Duration
 	Portbitmap *portbitmap.PortBitmap
 	peng       *Peng //TODO u sure?
 }
@@ -52,6 +41,7 @@ type Config struct {
 	InfluxBucket       string
 	InfluxOrganization string
 	InfluxAuthToken    string
+	TimeFrame          time.Duration
 }
 
 func New(cfg *Config) *Peng {
@@ -64,11 +54,9 @@ func New(cfg *Config) *Peng {
 	var peng = Peng{
 		Config: cfg,
 		ClientFlowBtmp: ClientTraffic{
-			TimeFrame:  time.Minute,
 			Portbitmap: portbitmap.New(bitmapConfig),
 		},
 		ServerFlowBtmp: ServerTraffic{
-			TimeFrame:  time.Minute,
 			Portbitmap: portbitmap.New(bitmapConfig),
 		},
 	}
@@ -91,26 +79,37 @@ func (p *Peng) Start() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	defer pHandle.Close()
 
-	packet := gopacket.NewPacketSource(pHandle, pHandle.LinkType())
+	go func() {
+		defer pHandle.Close()
 
-	time.AfterFunc(10*time.Second, p.printInfoAndForceExit)
-	for packet := range packet.Packets() {
-		p.inspect(packet)
-		//TODO multithread?
-		//TODO proper handle termination
-		//TODO maybe use custom layers to avoid realloc for each packets (memory improvment)
-		//TODo maybe spawn goroutine foreach bitmap?
-	}
+		packet := gopacket.NewPacketSource(pHandle, pHandle.LinkType())
+
+		time.AfterFunc(p.Config.TimeFrame, p.printAllInfo)
+		for packet := range packet.Packets() {
+			p.inspect(packet)
+			//TODO maybe use custom layers to avoid realloc for each packets (memory improvment)
+		}
+	}()
+
+	// Wait for Ctrl-C
+	sig := make(chan os.Signal, 1024)
+	signal.Notify(sig, os.Interrupt)
+	<-sig
+	log.Println("got SIGTERM, closing handle")
+
+	// Close the handle
+	pHandle.Close()
 }
 
 func (cf *ClientTraffic) printInfo() {
 	var p = cf
 	binsEntropy := p.EntropyOfEachBin()
 	totalEntropy := p.EntropyTotal(binsEntropy)
-	totalStandardEntropy := p.EntropyTotalStandard(binsEntropy)
-	p.peng.PushToInfluxDb("client", totalEntropy) //TODO generalizzare meglio
+	influxField := map[string]interface{}{
+		"out": totalEntropy,
+	}
+	p.peng.PushToInfluxDb(influxField)
 
 	//Print some stats
 	fmt.Println(p.Portbitmap) //Print all bitmap
@@ -120,7 +119,6 @@ func (cf *ClientTraffic) printInfo() {
 	}
 	fmt.Println("EntropyOfEachBin: ", binsEntropy)
 	fmt.Println("EntropyTotal: ", totalEntropy)
-	fmt.Println("Total standard entropy: ", totalStandardEntropy)
 
 	p.Portbitmap.ClearAll()
 }
@@ -129,8 +127,11 @@ func (sf *ServerTraffic) printInfo() {
 	var p = sf
 	binsEntropy := p.EntropyOfEachBin()
 	totalEntropy := p.EntropyTotal(binsEntropy)
-	totalStandardEntropy := p.EntropyTotalStandard(binsEntropy)
-	p.peng.PushToInfluxDb("server", totalEntropy) //TODO generalizzare meglio
+	influxField := map[string]interface{}{
+		"in": totalEntropy,
+	}
+
+	p.peng.PushToInfluxDb(influxField)
 
 	//Print some stats
 	fmt.Println(p.Portbitmap) //Print all bitmap
@@ -140,19 +141,20 @@ func (sf *ServerTraffic) printInfo() {
 	}
 	fmt.Println("EntropyOfEachBin: ", binsEntropy)
 	fmt.Println("EntropyTotal: ", totalEntropy)
-	fmt.Println("Total standard entropy: ", totalStandardEntropy)
 
 	p.Portbitmap.ClearAll()
 }
 
-func (p *Peng) printInfoAndForceExit() {
+func (p *Peng) printAllInfo() {
+	fmt.Println("#[CLIENT]#")
 	p.ClientFlowBtmp.printInfo()
 	fmt.Println("\n#------------------------------------------------#")
+	fmt.Println("#[SERVER]#")
 	p.ServerFlowBtmp.printInfo()
-	os.Exit(1)
+	time.AfterFunc(p.Config.TimeFrame, p.printAllInfo)
 }
 
-func (p *Peng) PushToInfluxDb(typeName string, totalEntropy float64) {
+func (p *Peng) PushToInfluxDb(fields map[string]interface{}) {
 	if p.Config.InfluxAuthToken == "" {
 		return
 	}
@@ -165,12 +167,9 @@ func (p *Peng) PushToInfluxDb(typeName string, totalEntropy float64) {
 	point := influxdb2.NewPoint(
 		"system",
 		map[string]string{
-			"port-entropy": typeName,
-		},
-		map[string]interface{}{
-			"in":  totalEntropy,
-			"out": totalEntropy,
+			"entropy": "ports",
 		},
+		fields,
 		time.Now())
 
 	writeApi.WritePoint(point)