private static HttpExportEntity Map(SnooperExportCollection exportCollection, HttpMessage httpExport)
{
var exportEntity = CreateAndSetupExportEntity <HttpExportEntity>(exportCollection, httpExport);
exportEntity.Type = (SByte)httpExport.Type;
exportEntity.Version = httpExport.Header?.HttpVersion;
exportEntity.HeaderFields = httpExport.Header?.Fields;
switch (httpExport.Header)
{
case HttpHeaderRequest headerRequest:
exportEntity.Method = headerRequest.Method.ToString();
exportEntity.Uri = headerRequest.RequestUri;
break;
case HttpHeaderResponse headerResponse:
exportEntity.StatusCode = headerResponse.StatusCode;
exportEntity.StatusMessage = headerResponse.StatusMessage;
break;
}
if (!httpExport.ShouldIgnorePayload)
{
exportEntity.Payload = httpExport.Content?.Payload;
exportEntity.PayloadIncomplete = httpExport.Content?.PayloadIncomplete ?? true;
}
return(exportEntity);
}
private static GenericExportEntity MapGenericExport(SnooperExportCollection exportCollection, SnooperExportBase exportBase)
{
var genericEntity = CreateAndSetupExportEntity <GenericExportEntity>(exportCollection, exportBase);
genericEntity.SerializedData = SnooperExportDataJsonSerializer.Serialize(exportBase);
return(genericEntity);
}
private void LogSnooperExportCollectionExceptions(SnooperExportCollection snooperExportCollection)
{
foreach (var export in snooperExportCollection.Exports.Where(export => export.ParsingFailed))
{
this._logger.Error(export.ParsingError, $"Snooper {snooperExportCollection.SnooperId} caused exception while parsing L7 conversation {export.Conversation}. Last PDU {export.Pdu}");
}
}
public SnooperExportCollection ProcessConversation(IL7Conversation conversation, Boolean stopProcessingAfterError = true)
{
this.CurrentL7Conversation = conversation;
this.PduReader = this.CreatePduReader();
var snooperExports = new List <SnooperExportBase>();
using (var snooperExportsEnumerator = this.ProcessConversation().GetEnumerator())
{
try
{
while (snooperExportsEnumerator.MoveNext())
{
var snooperExport = snooperExportsEnumerator.Current;
snooperExports.Add(snooperExport);
if (stopProcessingAfterError && snooperExport.ParsingFailed)
{
break;
}
}
}
catch (Exception e)
{
var unhandledExceptionExport = new SnooperUnhandledExceptionExport(this.PduReader, e);
snooperExports.Add(unhandledExceptionExport);
}
}
var snooperExportCollection = new SnooperExportCollection(this, snooperExports);
return(snooperExportCollection);
}
public async Task InsertAsync(SnooperExportCollection snooperExportCollection)
{
var snooperExportEntities = SnooperExportCollectionMapper.Map(snooperExportCollection);
var insertTasks = snooperExportEntities.Select(this.CreateInsertAsyncTask).ToArray();
await Task.WhenAll(insertTasks).ConfigureAwait(false);
await this._unitOfWork.SaveChangesAsync().ConfigureAwait(false);
}
private static SnooperExportEntityBase Map(SnooperExportCollection snooperExportCollection, SnooperExportBase exportBase)
{
switch (exportBase)
{
case HttpMessage httpExport:
return(Map(snooperExportCollection, httpExport));
case DnsMessage dnsExport:
return(Map(snooperExportCollection, dnsExport));
default:
return(MapGenericExport(snooperExportCollection, exportBase));
}
}
private static DnsExportEntity Map(SnooperExportCollection exportCollection, DnsMessage dnsExport)
{
var exportEntity = CreateAndSetupExportEntity <DnsExportEntity>(exportCollection, dnsExport);
exportEntity.TransactionId = dnsExport.TransactionId;
exportEntity.Type = (SByte)dnsExport.Type;
exportEntity.Queries = dnsExport.Queries.Select(dnsQuery => new DnsExportEntity.DnsQueryEntity
{
Name = dnsQuery.Name, Type = (SByte)dnsQuery.Type
}).ToList();
exportEntity.Answers = dnsExport.Answers.Select(dnsAnswer =>
{
var dnsAnswerEntity = new DnsExportEntity.DnsAnswerEntity
{
Type = (SByte)dnsAnswer.Type
};
switch (dnsAnswer)
{
case DnsAnswerA a:
dnsAnswerEntity.Address = a.Address;
break;
case DnsAnswerAAAA aaaa:
dnsAnswerEntity.Address = aaaa.Address;
break;
case DnsAnswerMX mx:
dnsAnswerEntity.Hostname = mx.Hostname;
break;
case DnsAnswerCNAME cname:
dnsAnswerEntity.Hostname = cname.Hostname;
break;
case DnsAnswerNS ns:
dnsAnswerEntity.Hostname = ns.Hostname;
break;
case DnsAnswerPTR ptr:
dnsAnswerEntity.Hostname = ptr.Hostname;
break;
}
return(dnsAnswerEntity);
}).ToList();
return(exportEntity);
}
public static IEnumerable <SnooperExportEntityBase> Map(SnooperExportCollection snooperExportCollection)
{
return(snooperExportCollection.Exports.Select(exportBase => Map(snooperExportCollection, exportBase)));
}
private static TSnooperExportEntity CreateAndSetupExportEntity <TSnooperExportEntity>(SnooperExportCollection exportCollection, SnooperExportBase exportBase) where TSnooperExportEntity : SnooperExportEntityBase, new() =>
new TSnooperExportEntity
{
Snooper = exportCollection.SnooperId,
L7ConversationId = exportBase.ConversationId,
Timestamp = exportBase.Timestamp,
Direction = (SByte)exportBase.Direction,
};
private async Task StoreSnooperExportCollectionAsync(ISnooperExportFacade snooperExportFacade, SnooperExportCollection snooperExportCollection)
{
try
{
await snooperExportFacade.InsertAsync(snooperExportCollection).ConfigureAwait(false);
}
catch (Exception e)
{
this._logger.Error(e, "SnooperExportCollection storage error");
throw;
}
}
public static String Serialize(SnooperExportCollection snooperExport) => JsonConvert.SerializeObject(snooperExport, Settings);
