public void TestStreamReaderMore()
        {
            var captureFile = this.PrepareCaptureForProcessing(Pcaps.Default.sip_caps_sip_rtcp_pcap);

            this.FrameworkController.ProcessCapture(captureFile);
            this._conversations = this.L7Conversations.Where(c => c.ApplicationTags.Contains("SIP")).ToArray();
            var    counter = 0;
            string line;

            foreach (var conversation in this._conversations)
            {
                var stream = new PDUStreamBasedProvider(conversation, EfcPDUProviderType.SingleMessage);
                var reader = new PDUStreamReader(stream, Encoding.ASCII);
                do
                {
                    counter++;
                    Console.WriteLine(counter + ". message ######### ");
                    do
                    {
                        line = reader.ReadLine();
                        Console.WriteLine(line);
                    } while(line != null);
                } while(reader.NewMessage());
            }
        }
Exemplo n.º 2
0
        protected override void ProcessConversation()
        {
            if (this.CurrentConversation == null)
            {
                return;
            }

            var stream = this.CurrentConversation.Key.IsSet
                ? new PDUDecrypterBase(this.CurrentConversation, EfcPDUProviderType.ContinueInterlay): new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.ContinueInterlay);

            // ASCII encoding
            //var reader = new PDUStreamReader(stream, Encoding.GetEncoding(437));
            var reader = new PDUStreamReader(stream, Encoding.ASCII, true);

            if (!this.ExportBaseDirectory.Exists)
            {
                this.ExportBaseDirectory.Create();
            }

            do
            {
                // Parse message
                this.OnBeforeProtocolParsing();
                var msg = new MQTTMsg(reader);
                if (msg.InvalidReason != null)
                {
                    var description = "Parsing of MQTT message failed";
                    if (msg.Frames != null)
                    {
                        description += ", frame numbers: " + string.Join(",", msg.Frames);
                    }
                    if (msg.InvalidReason != null)
                    {
                        description += ", reason: " + msg.InvalidReason;
                    }

                    this.SnooperExport.TimeStampFirst = msg.TimeStamp;
                    this.SnooperExport.AddExportReport(ExportReport.ReportLevel.Warn, this.Name, description, msg.ExportSources);
                    continue;
                }
                this.OnAfterProtocolParsing();

                // Export message
                this.OnBeforeDataExporting();

                this.SnooperExport.AddExportObject(msg);
                this.OnAfterDataExporting();
            } while(reader.NewMessage());

            // Sort messages in time
            //this.SnooperExport.ExportObjects.Sort((e1, e2) => DateTime.Compare(e1.TimeStamp, e2.TimeStamp));
        }
Exemplo n.º 3
0
        protected override void ProcessConversation()
        {
            Debug.WriteLine(@"SnooperPOP.ProcessConversation() called [" + this.CurrentConversation.SourceEndPoint + "->" + this.CurrentConversation.DestinationEndPoint + "]");

            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.SingleMessage);
            // now we can create a reader that will be reading from the stream we just created
            var reader = new PDUStreamReader(stream, Encoding.ASCII);

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new POPMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of POP message failed, frame numbers: " +
                        string.Join(",", message.Frames) + ": " +
                        message.InvalidReason,
                        message.ExportSources);
                    Debug.WriteLine(@"parsing of POP message failed, frame numbers: " +
                                    string.Join(",", message.Frames) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }

                // parsing done
                this.OnAfterProtocolParsing();

                // start processing
                this.OnBeforeDataExporting();

                var exportedObject = new SnooperExportedDataObjectPOP(this.SnooperExport);
                var addObject      = true;
                exportedObject.TimeStamp = message.Timestamp;

                // process parsed structure
                switch (message.Type)
                {
                case POPMsg.POPMsgType.USER:
                    //Debug.WriteLine("  user: "******"USER";
                    exportedObject.Value = message.MessageContent;
                    break;

                case POPMsg.POPMsgType.PASS:
                    //Debug.WriteLine("  password: "******"PASS";
                    exportedObject.Value = message.MessageContent;
                    break;

                case POPMsg.POPMsgType.RETR:
                    //Debug.WriteLine("  password: "******"  unknown type of FTP message");
                    addObject = false;
                    break;
                }
                //export
                if (addObject)
                {
                    //TODO there should be list of guids (frames, other objects)
                    foreach (var exportSource in message.ExportSources)
                    {
                        exportedObject.ExportSources.Add(exportSource);
                    }
                    this.SnooperExport.AddExportObject(exportedObject);
                }
                else
                {
                    this.SnooperExport.DiscardExportObject(exportedObject);
                }

                this.OnAfterDataExporting();

                //finalize processing of current message, moving to next one
                // IMPORTANT !!! this has to be called after each message successfully processed
                // so correct connections between exported data and exported reports can be kept
                //base.ProcessingDone();
            } while (reader.NewMessage());
        }
Exemplo n.º 4
0
        protected override void ProcessConversation()
        {
            Debug.WriteLine(@"SnooperSMTP.ProcessConversation() called [" + this.CurrentConversation.SourceEndPoint + "->" + this.CurrentConversation.DestinationEndPoint + "]");

            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.Breaked);
            // now we can create a reader that will be reading from the stream we just created
            var reader = new PDUStreamReader(stream, Encoding.ASCII);

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new SMTPMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of SMTP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " +
                        message.InvalidReason,
                        message.ExportSources);
                    Debug.WriteLine(@"parsing of SMTP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }

                // parsing done
                this.OnAfterProtocolParsing();

                // start processing
                this.OnBeforeDataExporting();

                // process parsed structure
                switch (message.Type)
                {
                case SMTPMsg.SMTPMsgType.MAIL:
                    var toBytes = Encoding.ASCII.GetBytes(message.MessageContent);

                    var exportedObject = new MIMEemail(this.SnooperExport, toBytes, EMailContentType.Whole);
                    exportedObject.EMailType = EMailType.SMTPOrgEmail;
                    exportedObject.TimeStamp = message.Timestamp;

                    foreach (var exportSource in message.ExportSources)
                    {
                        exportedObject.ExportSources.Add(exportSource);
                    }
                    this.SnooperExport.AddExportObject(exportedObject);
                    break;

                default:
                    break;
                }

                this.OnAfterDataExporting();
            } while (reader.NewMessage());
        }
Exemplo n.º 5
0
        protected override void ProcessConversation()
        {
            Console.WriteLine("SnooperHTTP.ProcessConversation() called");

            // we need a stream to read from
            var stream = this.CurrentConversation.Key.IsSet
                ? new PDUDecrypterBase(this.CurrentConversation, EfcPDUProviderType.Breaked)
                : new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.Breaked);

            // now we can create a reader that will be reading from the stream we just created
            // encoding set to codepage 437 as extended ascii
            var reader = new PDUStreamReader(stream, Encoding.GetEncoding(437));

            // create export directory if it doesn't exist
            if (!this.ExportBaseDirectory.Exists)
            {
                this.ExportBaseDirectory.Create();
            }

            HTTPMsg request = null;

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                var message = new HTTPMsg(reader, this.ExportBaseDirectory);
                if (!message.Valid)
                {
                    this.SnooperExport.TimeStampFirst = message.TimeStamp;
                    // parsing went wrong, we have to report it
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of HTTP message failed, frames: " + string.Join(",", message.Frames),
                        message.ExportSources);
                    Console.WriteLine("parsing of HTTP message failed, frame numbers: " + string.Join(",", message.Frames) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }

                // parsing done
                this.OnAfterProtocolParsing();

                // start processing and export
                this.OnBeforeDataExporting();
                SnooperExportedDataObjectHTTP exportedObject;
                // process parsed structure
                switch (message.MessageType)
                {
                case MessageType.REQUEST:
                    if (request != null)
                    {
                        /* export request with no response ?? */
                        exportedObject = new SnooperExportedDataObjectHTTP(this.SnooperExport)
                        {
                            TimeStamp = request.TimeStamp,
                            Message   = request
                        };
                        exportedObject.ExportSources.AddRange(request.ExportSources);
                        this.SnooperExport.AddExportObject(exportedObject);
                    }

                    request = message;
                    break;

                case MessageType.RESPONSE:
                    if (request != null)
                    {
                        message.PairMessages.Add(request);
                    }

                    request?.PairMessages.Add(message);

                    request = null;

                    /* always export with response message */

                    // export request
                    if (message.PairMessages.Any())
                    {
                        exportedObject = new SnooperExportedDataObjectHTTP(this.SnooperExport)
                        {
                            TimeStamp = message.PairMessages.First().TimeStamp,
                            Message   = message.PairMessages.First()
                        };
                        exportedObject.ExportSources.AddRange(message.ExportSources);
                        this.SnooperExport.AddExportObject(exportedObject);
                    }

                    // export response
                    exportedObject           = new SnooperExportedDataObjectHTTP(this.SnooperExport);
                    exportedObject.TimeStamp = message.TimeStamp;
                    exportedObject.Message   = message;
                    exportedObject.ExportSources.AddRange(message.ExportSources);
                    this.SnooperExport.AddExportObject(exportedObject);

                    break;
                }

                this.OnAfterDataExporting();

                //finalize processing of current message, moving to next one
                // IMPORTANT !!! this has to be called after each message successfully processed
                // so correct connections between exported data and exported reports can be kept
                //base.ProcessingDone();
            } while(reader.NewMessage());

            // export last request if needed
            if (request != null)
            {
                var exportedObject = new SnooperExportedDataObjectHTTP(this.SnooperExport)
                {
                    TimeStamp = request.TimeStamp,
                    Message   = request
                };
                exportedObject.ExportSources.AddRange(request.ExportSources);
                this.SnooperExport.AddExportObject(exportedObject);
            }
        }
Exemplo n.º 6
0
        protected override void ProcessConversation()
        {
            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.Mixed);
            // now we can create a reader that will be reading from the stream we just created
            var reader = new PDUStreamReader(stream, Encoding.GetEncoding(437), true);

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new DNSParseMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of DNS message failed, frame numbers: " +
                        string.Join(",", message.Frames) + ": " +
                        message.InvalidReason,
                        message.ExportSources);
                    Console.WriteLine(@"parsing of DNS message failed, frame numbers: " +
                                      string.Join(",", message.Frames) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }

                // parsing done
                this.OnAfterProtocolParsing();

                // start processing
                this.OnBeforeDataExporting();

                var exportedObject = new SnooperExportedDataObjectDNS(this.SnooperExport)
                {
                    TimeStamp  = message.Timestamp,
                    MessageId  = message.MessageId,
                    Flags      = message.Flags,
                    Queries    = message.Queries,
                    Answer     = message.Answer,
                    Authority  = message.Authority,
                    Additional = message.Additional
                };

                //export
                foreach (var exportSource in message.ExportSources)
                {
                    exportedObject.ExportSources.Add(exportSource);
                }
                this.SnooperExport.AddExportObject(exportedObject);


                this.OnAfterDataExporting();

                //finalize processing of current message, moving to next one
                // IMPORTANT !!! this has to be called after each message successfully processed
                // so correct connections between exported data and exported reports can be kept
                //base.ProcessingDone();
            } while (reader.NewMessage());
        }
Exemplo n.º 7
0
        protected override void ProcessConversation()
        {
            {
                var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.SingleMessage);
                var reader = new PDUStreamReader(stream, Encoding.Default);
                do
                {
                    this.OnBeforeProtocolParsing();
                    //Parse protocol....
                    SIPMsg _message;
                    _message = new SIPMsg(reader);

                    if (!_message.Valid)
                    {
                        this.SnooperExport.TimeStampFirst = _message.Timestamp;
                        this.SnooperExport.AddExportReport(
                            ExportReport.ReportLevel.Warn,
                            this.Name,
                            "parsing of SIP message failed, frame numbers: " + string.Join(",", _message.Frames) + ": " +
                            _message.InvalidReason,
                            _message.ExportSources);
                        Console.WriteLine("parsing of SIP message failed, frame numbers: " + string.Join(",", _message.Frames) + ": " + _message.InvalidReason);
                        continue;
                    }
                    this.OnAfterProtocolParsing();
                    //Console.WriteLine("successful parsing: frame " + string.Join(",", _message.FrameNumbers.ToArray()));
                    //Do some magic...
                    SIPEvent _event;
                    if (this._eventsDictionary.TryGetValue(_message.Headers.CallID, out _event))
                    {
                        //Event already present
                        switch (_event.Type)
                        {
                        case SIPEventType.Authentization:
                            //Console.WriteLine("authentication "+_message.Headers.CallID+" present");
                            _event.Update(_message);
                            break;

                        case SIPEventType.Call:
                            //Console.WriteLine("call "+_message.Headers.CallID+" present");
                            _event.Update(_message);
                            break;

                        case SIPEventType.Unknown:
                            var oldEvent = _event as SIPUnknownEvent;
                            if (this.PossibleCall(_message))
                            {
                                this._eventsDictionary.Remove(_message.Headers.CallID);
                                this.SnooperExport.DiscardExportObject(_event);
                                _event = new SIPCall(this.SnooperExport);
                                this._eventsDictionary.Add(_message.Headers.CallID, _event);
                                _event.UpdateFromUnkownEvent(oldEvent);
                            }
                            else if (this.PossibleAuthentization(_message))
                            {
                                this._eventsDictionary.Remove(_message.Headers.CallID);
                                this.SnooperExport.DiscardExportObject(_event);
                                _event = new SIPAuthentization(this.SnooperExport);
                                this._eventsDictionary.Add(_message.Headers.CallID, _event);
                                _event.UpdateFromUnkownEvent(oldEvent);
                            }
                            _event.Update(_message);
                            break;

                        default:
                            Console.WriteLine("unknown event " + _message.Headers.CallID + " present");
                            //TODO throw some exception
                            break;
                        }
                    }
                    else
                    {
                        //New event, create
                        if (_message.Type == SIPMsg.SIPMsgType.Request && _message.RequestLine.Method == "REGISTER")
                        {
                            _event = new SIPAuthentization(this.SnooperExport);
                            this._eventsDictionary.Add(_message.Headers.CallID, _event);

                            //Console.WriteLine("authentication " + _message.Headers.CallID + " added");
                            _event.Update(_message);
                        }
                        else if (_message.Type == SIPMsg.SIPMsgType.Request && _message.RequestLine.Method == "INVITE")
                        {
                            _event = new SIPCall(this.SnooperExport);
                            this._eventsDictionary.Add(_message.Headers.CallID, _event);

                            //Console.WriteLine("call " + _message.Headers.CallID + " added");
                            _event.Update(_message);
                        }
                        else                     // type can't be easily decided
                        {
                            if (this.PossibleCall(_message))
                            {
                                _event = new SIPCall(this.SnooperExport);
                            }
                            else if (this.PossibleAuthentization(_message))
                            {
                                _event = new SIPAuthentization(this.SnooperExport);
                            }
                            else
                            {
                                _event = new SIPUnknownEvent(this.SnooperExport);
                            }
                            this._eventsDictionary.Add(_message.Headers.CallID, _event);
                            _event.Update(_message);
                        }
                    }
                    //        this.eventExporter.AddExportedData(); //Export some meaningful message, object, what so ever...
                    //        this.eventExporter.AddExportReport(); //Export problem, exception some meaningful note that will be part of exported data object or export report in case that no data were exported between two escalation of BeforeProtocolParsing
                    //Console.WriteLine(_message.ToString());
                } while(reader.NewMessage());

                //Export
                this.OnBeforeDataExporting();
                var _callCounter = 0;
                foreach (var kvp in this._eventsDictionary)
                {
                    if (kvp.Value.Type == SIPEventType.Unknown)
                    {
                        this.SnooperExport.DiscardExportObject(kvp.Value);
                    }
                    else
                    {
                        if (kvp.Value is SIPCall)
                        {
                            // Process RTP flows of every call
                            var s = kvp.Value as SIPCall;
                            //s.CallId = _callCounter.ToString();
                            // Pass it inside the call
                            //s.SetExportedPayloads(this.ProcessRTP(s.RTPAddresses, _callCounter.ToString()));
                            ++_callCounter;
                        }

                        //Console.WriteLine("event " + kvp.Key);
                        //Console.WriteLine(kvp.Value.ToString());

                        kvp.Value.ExportValidity = ExportValidity.ValidWhole;

                        //TODO there should be list of guids (frames, other objects)
                        //kvp.Value.ExportSources.Add(this.CurrentConversation); //todo switch to used PDUs
                        this.SnooperExport.AddExportObject(kvp.Value);
                    }
                }
                this.OnAfterDataExporting();
                //Clean event dictionary
                this._eventsDictionary.Clear();
            }
        }
Exemplo n.º 8
0
        protected override void ProcessConversation()
        {
            Console.WriteLine(@"SnooperFTP.ProcessConversation() called");

            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.SingleMessage);
            // now we can create a reader that will be reading from the stream we just created
            var reader = new PDUStreamReader(stream, Encoding.ASCII);

            // create export directory if it doesn't exist
            //if (!Directory.Exists(base.ExportBaseDirectory.FullName))
            //{
            //    Directory.CreateDirectory(base.ExportBaseDirectory.FullName);
            //}

            var dataFileName = this.GetDataFileName(this.ExportBaseDirectory.FullName);

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new FTPMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of FTP message failed, frame numbers: " +
                        string.Join(",", message.Frames) + ": " +
                        message.InvalidReason,
                        message.ExportSources);
                    Console.WriteLine(@"parsing of FTP message failed, frame numbers: " +
                                      string.Join(",", message.Frames) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }

                // parsing done
                this.OnAfterProtocolParsing();

                // start processing
                this.OnBeforeDataExporting();

                var exportedObject = new SnooperExportedDataObjectFTP(this.SnooperExport);
                var addObject      = true;
                exportedObject.TimeStamp = message.Timestamp;

                // process parsed structure
                switch (message.Type)
                {
                case FTPMsg.FTPMsgType.USER:
                    //Console.WriteLine("  user: "******"USER";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.LIST:
                    //Console.WriteLine("  directory listing");
                    exportedObject.Command = "DIRECTORY LIST";
                    break;

                case FTPMsg.FTPMsgType.PASS:
                    //Console.WriteLine("  password: "******"PASSWORD";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.DELE:
                    //Console.WriteLine("  deleted file: " + _message.MessageContent);
                    exportedObject.Command = "DELETED FILE";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.PORT:
                    //Console.WriteLine("  new connection address: " + _message.MessageContent);
                    exportedObject.Command = "PORT";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.PWD:
                    //Console.WriteLine("  directory path: " + _message.MessageContent);
                    exportedObject.Command = "PATH";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.RETR:
                    //Console.WriteLine("  downloaded file: " + _message.MessageContent);
                    exportedObject.Command = "DOWNLOAD";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.STOR:
                    //Console.WriteLine("  uploaded file: " + _message.MessageContent);
                    exportedObject.Command = "UPLOAD";
                    exportedObject.Value   = message.MessageContent;
                    break;

                case FTPMsg.FTPMsgType.DATA:
                    var file = new FileStream(dataFileName, FileMode.Append);
                    file.Write(message.DataContent, 0, message.DataContent.Length);
                    file.Close();
                    //Console.WriteLine("  data dumped to " + _dataFileName);
                    exportedObject.Command = "DATA";
                    exportedObject.Value   = dataFileName;
                    break;

                default:
                    //Console.WriteLine("  unknown type of FTP message");
                    addObject = false;
                    break;
                }
                //export
                if (addObject)
                {
                    //TODO there should be list of guids (frames, other objects)
                    foreach (var exportSource in message.ExportSources)
                    {
                        exportedObject.ExportSources.Add(exportSource);
                    }
                    this.SnooperExport.AddExportObject(exportedObject);
                }
                else
                {
                    this.SnooperExport.DiscardExportObject(exportedObject);
                }

                this.OnAfterDataExporting();

                //finalize processing of current message, moving to next one
                // IMPORTANT !!! this has to be called after each message successfully processed
                // so correct connections between exported data and exported reports can be kept
                //base.ProcessingDone();
            } while (reader.NewMessage());
        }
Exemplo n.º 9
0
        protected override void ProcessConversation()
        {
            this._messageBuffer = new List <XMPPMsg>();
            Debug.WriteLine(@"SnooperXMPP.ProcessConversation() called [" + this.CurrentConversation.SourceEndPoint + "->" + this.CurrentConversation.DestinationEndPoint + "]");

            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.Breaked);
            // now we can create a reader that will be reading from the stream we just created
            var reader = new PDUStreamReader(stream, Encoding.UTF8);

            this.OnBeforeProtocolParsing();
            //////////////////////////////////
            // reader will spawn messages, cycle through them
            do
            {
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new XMPPMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    this.SnooperExport.AddExportReport(ExportReport.ReportLevel.Warn, this.Name,
                                                       "parsing of XMPP message failed, frame numbers: " + message.Frames.ToArray() + ": " + message.InvalidReason, message.ExportSources);
                    // skip processing, go to next message
                    continue;
                }

                // process parsed structure
                switch (message.MsgType)
                {
                case XMPPMsgType.MSG:
                    this._messageBuffer.Add(message);
                    string sender;
                    string receiver;
                    if (message.Direction == DaRFlowDirection.down)
                    {
                        sender   = message.From ?? string.Empty;
                        receiver = message.To ?? string.Empty;
                    }
                    else
                    {
                        sender   = message.To ?? string.Empty;
                        receiver = message.From ?? string.Empty;
                    }

                    if (sender.Length > this._sender.Length)
                    {
                        this._sender = sender;
                    }
                    if (receiver.Length > this._reciever.Length)
                    {
                        this._reciever = receiver;
                    }

                    break;
                }
            } while(reader.NewMessage());
            //////////////////////////////////
            this.OnAfterProtocolParsing();

            // start processing
            this.OnBeforeDataExporting();

            foreach (var msg in this._messageBuffer)
            {
                if (msg.MsgBody.IsNullOrEmpty())
                {
                    continue;
                }
                var exportedObject = new SnooperExportedObjectXMPP(this.SnooperExport)
                {
                    TimeStamp = msg.Timestamp,
                    Message   = msg.MsgBody
                };
                if (msg.Direction == DaRFlowDirection.down)
                {
                    exportedObject.Sender   = this._sender;
                    exportedObject.Receiver = this._reciever;
                }
                else
                {
                    exportedObject.Receiver = this._sender;
                    exportedObject.Sender   = this._reciever;
                }
                exportedObject.ExportSources.AddRange(msg.ExportSources);
                this.SnooperExport.AddExportObject(exportedObject);
            }

            this.OnAfterDataExporting();
        }
Exemplo n.º 10
0
        public L7DvbS2GseDecapsulatorBlock()
        {
            this._outputBuffer = new BufferBlock <PmFrameBase>();
            this._decapsulator = new ActionBlock <L7Conversation>(async l7Conversation =>
            {
                var stream = new PDUStreamBasedProvider(l7Conversation, EfcPDUProviderType.ContinueInterlay);
                var reader = new PDUStreamReader(stream, Encoding.GetEncoding(437), true)
                {
                    ReadBigEndian = true
                };

                var gseReassembler = new GseReassemblingDecapsulator();
                while (!reader.EndOfStream)
                {
                    try
                    {
                        var bb = BaseBandFrame.Parse(reader);

                        // It's important to get `reader.PDUStreamBasedProvider.GetCurrentPDU()` after parsing Base-Band frame.
                        // During reading, its value is set to the last read PDU. If we would call it before Base-Band parsing,
                        // retrieved value would not be current PDU, but the previous one.
                        // frames encapsulating parsed Base-Band
                        var pdu = reader.PDUStreamBasedProvider.GetCurrentPDU();
                        if (pdu == null)
                        {
                            break;
                        }
                        var frames = ImmutableList.CreateRange(pdu.FrameList);

                        // Reassemble any fragmented GSE packets and obtain decapsulated frames, if any of them have been just finished.
                        var decapsulatedFrames = gseReassembler.Process(bb, frames);
                        foreach (var f in decapsulatedFrames)
                        {
                            this._outputBuffer.Post(f);
                        }
                    }
                    catch (InvalidPacketFormatException)
                    {
                        // Current PDU of l7Conversation does not contain DVB-S2 Base Band Frame.
                    }
                    catch (NotImplementedException)
                    {
                        // NOTE: Only Generic Continuous Stream Input is supported at this moment.
                    }

                    // move to the next message
                    if (!reader.NewMessage())
                    {
                        break;
                    }
                }
            });
            this._decapsulator.Completion.ContinueWith(t =>
            {
                if (t.IsFaulted)
                {
                    ((IDataflowBlock)this._outputBuffer).Fault(t.Exception);
                }
                else
                {
                    this._outputBuffer.Complete();
                }
            });
        }
Exemplo n.º 11
0
        protected override void ProcessConversation()
        {
            Console.WriteLine("SnooperBTC.ProcessConversation() called");

            // we need a stream to read from
            var stream = new PDUStreamBasedProvider(this.CurrentConversation, EfcPDUProviderType.SingleMessage);
            //var stream = new PDUStreamBasedProvider(base.CurrentConversation, EFcPDUProviderType.ContinueInterlay);
            // now we can create a reader that will be reading from the stream we just created
            //var reader = new PDUStreamReader(stream, Encoding.GetEncoding(437));
            var reader = new PDUStreamReader(stream, Encoding.Default, true);

            //var reader = new PDUStreamReader(stream);
            //var reader = new PDUStreamReader(stream);
            //reader.Reset();

            // reader will spawn messages, cycle through them
            do
            {
                this.OnBeforeProtocolParsing();
                // parse protocol

                // this is self parsing message, it just needs a reader to get data from
                var message = new BTCMsg(reader);
                if (!message.Valid)
                {
                    // parsing went wrong, we have to report it
                    this.SnooperExport.TimeStampFirst = message.Timestamp;
                    if (message.ExportSources == null || message.ExportSources.Count == 0)
                    {
                        Console.WriteLine("EMPTY SOURCES parsing of BTC message failed, frame numbers: "
                                          + string.Join(",", message.Frames) + ": " +
                                          message.InvalidReason);
                    }
                    this.SnooperExport.AddExportReport(
                        ExportReport.ReportLevel.Warn,
                        this.Name,
                        "parsing of BTC message failed, frames: "
                        + string.Join(",", message.Frames) + ": " +
                        message.InvalidReason,
                        message.ExportSources);
                    //Console.WriteLine(@"parsing of BTC message failed, frame numbers: " +
                    //	string.Join(",", message.FrameNumbers.ToArray()) + ": " + message.InvalidReason);
                    // skip processing, go to next message
                    continue;
                }
                // parsing done
                this.OnAfterProtocolParsing();

                // start processing
                this.OnBeforeDataExporting();

                /*var exportedObject = new SnooperExportedDataObjectBTC(this.SnooperExport);
                 * var addObject = true;
                 * exportedObject.TimeStamp = message.Timestamp;*/
                SnooperExportedDataObjectBTC pendingObject = null;
                switch (message.Type)
                {
                case BTCMsg.BTCMsgType.Version:
                    pendingObject = (from obj in this._pendingObjects
                                     where obj.Type == SnooperExportedDataObjectBTCType.Version_Verack
                                     select obj).FirstOrDefault();
                    if (pendingObject == null)                            // first message "version" in the stream
                    {
                        pendingObject                = new SnooperExportedDataObjectBTC(this.SnooperExport);
                        pendingObject.TimeStamp      = message.Timestamp;
                        pendingObject.Type           = SnooperExportedDataObjectBTCType.Version_Verack;
                        pendingObject.State          = SnooperExportedDataObjectBTCState.VersionReceived;
                        pendingObject.ExportValidity = ExportValidity.ValidFragment;
                        pendingObject.ClientAddress  = message.SourceAddress;
                        pendingObject.ServerAddress  = message.DestinationAddress;
                        foreach (var exportSource in message.ExportSources)
                        {
                            pendingObject.ExportSources.Add(exportSource);
                        }
                        if (!pendingObject.UserAgents.Contains(message.UserAgent))
                        {
                            pendingObject.UserAgents.Add(message.UserAgent);
                        }
                        this._pendingObjects.Add(pendingObject);
                    }
                    else
                    {
                        foreach (var exportSource in message.ExportSources)
                        {
                            if (!pendingObject.ExportSources.Contains(exportSource))
                            {
                                pendingObject.ExportSources.Add(exportSource);
                            }
                        }
                        if (pendingObject.State == SnooperExportedDataObjectBTCState.VerackReceived)
                        {
                            pendingObject.State          = SnooperExportedDataObjectBTCState.VersionAndVerackReceived;
                            pendingObject.ExportValidity = ExportValidity.ValidWhole;
                            if (!pendingObject.UserAgents.Contains(message.UserAgent))
                            {
                                pendingObject.UserAgents.Add(message.UserAgent);
                            }
                        }
                    }
                    break;

                case BTCMsg.BTCMsgType.Verack:
                    pendingObject = (from obj in this._pendingObjects
                                     where obj.Type == SnooperExportedDataObjectBTCType.Version_Verack
                                     select obj).FirstOrDefault();
                    if (pendingObject == null)                            // there is no object of type SnooperExportedDataObjectBTCType.Version_Verack created meaning message "version" is either lost or will come later
                    {
                        pendingObject                = new SnooperExportedDataObjectBTC(this.SnooperExport);
                        pendingObject.TimeStamp      = message.Timestamp;
                        pendingObject.Type           = SnooperExportedDataObjectBTCType.Version_Verack;
                        pendingObject.State          = SnooperExportedDataObjectBTCState.VerackReceived;
                        pendingObject.ExportValidity = ExportValidity.ValidFragment;
                        pendingObject.ClientAddress  = message.DestinationAddress;
                        pendingObject.ServerAddress  = message.SourceAddress;
                        foreach (var exportSource in message.ExportSources)
                        {
                            pendingObject.ExportSources.Add(exportSource);
                        }
                        if (!pendingObject.UserAgents.Contains(message.UserAgent))
                        {
                            pendingObject.UserAgents.Add(message.UserAgent);
                        }
                        this._pendingObjects.Add(pendingObject);
                    }
                    else                             // object already exists
                    {
                        foreach (var exportSource in message.ExportSources)
                        {
                            if (!pendingObject.ExportSources.Contains(exportSource))
                            {
                                pendingObject.ExportSources.Add(exportSource);
                            }
                        }
                        if (pendingObject.State == SnooperExportedDataObjectBTCState.VersionReceived)
                        {
                            pendingObject.State          = SnooperExportedDataObjectBTCState.VersionAndVerackReceived;
                            pendingObject.ExportValidity = ExportValidity.ValidWhole;
                        }
                    }
                    break;

                case BTCMsg.BTCMsgType.Tx:
                    pendingObject                = new SnooperExportedDataObjectBTC(this.SnooperExport);
                    pendingObject.TimeStamp      = message.Timestamp;
                    pendingObject.Type           = SnooperExportedDataObjectBTCType.Tx;
                    pendingObject.ExportValidity = ExportValidity.ValidWhole;
                    pendingObject.ClientAddress  = message.DestinationAddress;
                    pendingObject.ServerAddress  = message.SourceAddress;
                    foreach (var exportSource in message.ExportSources)
                    {
                        pendingObject.ExportSources.Add(exportSource);
                    }
                    this._pendingObjects.Add(pendingObject);
                    break;

                case BTCMsg.BTCMsgType.Other:
                    // do nothing
                    break;
                }

                //export

                /*if (addObject)
                 * {
                 *      //TODO there should be list of guids (frames, other objects)
                 *      exportedObject.Source.Add(new Guid());
                 *      this.SnooperExport.AddExportObject(exportedObject);
                 * }
                 * else
                 * {
                 *      this.SnooperExport.DiscardExportObject(exportedObject);
                 * }
                 *
                 * base.OnAfterDataExporting();*/

                //} while(reader.NewMessage());
                if (reader.EndOfPDU)
                {
                    try
                    {
                        reader.NewMessage();
                    } catch (InvalidOperationException) { }
                }
            } while (!reader.EndOfStream);

            if (this._pendingObjects.Count > 0)
            {
                this.OnBeforeDataExporting();

                foreach (var pendingObject in this._pendingObjects)
                {
                    this.SnooperExport.AddExportObject(pendingObject);
                }
                this._pendingObjects.Clear();

                this.OnAfterDataExporting();
            }
        }