MCPcopy
hub / github.com/dreadl0ck/netcap / SaveConversation

Function SaveConversation

decoder/stream/utils/save_conversation.go:70–232  ·  view source on GitHub ↗

SaveConversation will save TCP / UDP conversations to disk this also invokes the harvesters on the conversation banner The communityID parameter is the Corelight Community ID v1 for the connection, calculated once at the stream level and passed through to harvesters.

(proto string, conversation core.DataFragments, ident string, firstPacket time.Time, transport gopacket.Flow, communityID string)

Source from the content-addressed store, hash-verified

68// The communityID parameter is the Corelight Community ID v1 for the connection,
69// calculated once at the stream level and passed through to harvesters.
70func SaveConversation(proto string, conversation core.DataFragments, ident string, firstPacket time.Time, transport gopacket.Flow, communityID string) error {
71 // prevent processing zero bytes
72 if len(conversation) == 0 || conversation.Size() == 0 {
73 return nil
74 }
75
76 // fmt.Println("saving conv", conversation.size(), ident)
77
78 banner := createBannerFromConversation(conversation)
79 secret.RunHarvesters(banner, transport, ident, firstPacket, communityID)
80
81 // Run network discovery extractors and enrich device profiles
82 if DeviceEnricher != nil {
83 srcIP := conversation.SourceIP()
84 if srcIP != "" {
85 for _, r := range discovery.RunDiscovery(banner, transport, ident, firstPacket, srcIP) {
86 DeviceEnricher(r.SourceIP, r.Hostnames, r.DeviceTypes, r.Roles, r.OS)
87 }
88 }
89 }
90
91 if !decoderconfig.Instance.SaveConns {
92 return nil
93 }
94
95 var (
96 typ = getServiceName(banner, transport, proto)
97
98 // path for storing the data
99 root = filepath.Join(decoderconfig.Instance.Out, strings.ToLower(proto), typ)
100
101 // file basename
102 base = filepath.Clean(path.Base(utils.CleanIdent(ident))) + binaryFileExtension
103 )
104
105 // make sure root path exists
106 err := os.MkdirAll(root, defaults.DirectoryPermission)
107 if err != nil {
108 reassemblyLog.Warn("failed to create directory",
109 zap.String("path", root),
110 zap.Int("perm", defaults.DirectoryPermission),
111 )
112 }
113
114 base = path.Join(root, base)
115
116 reassemblyLog.Info("saveConversation", zap.String("base", base))
117
118 Stats.Lock()
119 switch proto {
120 case protoTCP:
121 Stats.SavedTCPConnections++
122 case protoUDP:
123 Stats.SavedUDPConnections++
124 }
125 Stats.Unlock()
126
127retry:

Callers

nothing calls this directly

Calls 15

RunHarvestersFunction · 0.92
RunDiscoveryFunction · 0.92
CleanIdentFunction · 0.92
SourceIPMethod · 0.80
IntMethod · 0.80
getServiceNameFunction · 0.70
InfoMethod · 0.65
DirectionMethod · 0.65
WriteMethod · 0.65
RawMethod · 0.65
ContextMethod · 0.65

Tested by

no test coverage detected