hyperscan to vectorscan for arm64 compatibility

Pwnzer0tt1 · Apr 28, 2023 · f4e90c5 · f4e90c5
1 parent 4fc5f0d
commit f4e90c5
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 67 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -3,3 +3,4 @@ pcaps/*.pcap
 pcaps/*.pcapng
 pcaps/processing/*.pcap
 pcaps/processing/*.pcapng
+Dockerfile
diff --git a/Dockerfile b/Dockerfile
@@ -1,23 +1,24 @@
-# Build backend with go
-FROM golang:1.16 AS BACKEND_BUILDER
-
-# Install tools and libraries
+#Build backend with go
+FROM debian:sid-slim AS BACKEND_BUILDER
 RUN apt-get update && \
-	DEBIAN_FRONTEND=noninteractive apt-get install -qq \
+    DEBIAN_FRONTEND=noninteractive apt-get install -qq curl golang-go
+
+#Install tools and libraries
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq \
 	git \
 	pkg-config \
 	libpcap-dev \
-	libhyperscan-dev
+	libvectorscan-dev
 
 WORKDIR /caronte
 
 COPY . ./
 
-RUN export VERSION=$(git describe --tags --abbrev=0) && \
-    go mod download && \
-    go build -ldflags "-X main.Version=$VERSION" && \
-	mkdir -p build && \
-	cp -r caronte pcaps/ scripts/ shared/ test_data/ build/
+RUN export VERSION=$(git describe --tags --abbrev=0)
+RUN go mod download
+RUN go build -ldflags "-X main.Version=$VERSION"
+RUN mkdir -p build 
+RUN cp -r caronte pcaps/ scripts/ shared/ test_data/ build/
 
 
 # Build frontend via yarn
@@ -31,17 +32,18 @@ RUN yarn install && yarn build --production=true
 
 
 # LAST STAGE
-FROM ubuntu:20.04
+FROM debian:sid-slim
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -qq curl golang-go
 
 COPY --from=BACKEND_BUILDER /caronte/build /opt/caronte
-
 COPY --from=FRONTEND_BUILDER /caronte-frontend/build /opt/caronte/frontend/build
 
 RUN apt-get update && \
 	DEBIAN_FRONTEND=noninteractive apt-get install -qq \
 	libpcap-dev \
-	libhyperscan-dev && \
-	rm -rf /var/lib/apt/lists/*
+	libvectorscan-dev &&\
+  rm -rf /var/lib/apt/lists/*
 
 ENV GIN_MODE release
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,22 +3,24 @@ services:
 
   mongo:
     image: mongo:4.4
-    networks:
-      - acheronet
     restart: unless-stopped
+    volumes:
+      - db:/data/db
 
   caronte:
-    image: ghcr.io/eciavatta/caronte:latest
+    #image: ghcr.io/pwnzer0tt1/caronte:latest
+    build: .
     ports:
       - "3333:3333"
     environment:
       MONGO_HOST: mongo
       MONGO_PORT: 27017
     depends_on:
       - mongo
-    networks:
-      - acheronet
+    links:
+      - mongo
     restart: unless-stopped
 
-networks:
-  acheronet:
+volumes:
+  db:
+    external: false
diff --git a/scripts/data.pcap b/scripts/data.pcap
diff --git a/scripts/feedCaronte.sh b/scripts/feedCaronte.sh
@@ -1,52 +1,46 @@
-#!/bin/bash - 
-#===============================================================================
-#
-#          FILE: feedCaronte.sh
-# 
-#         USAGE: ./feedCaronte.sh PCAP_DIR_PATH
-# 
-#   DESCRIPTION: 
-# 
-#       OPTIONS: ---
-#  REQUIREMENTS: inotify-tools, curl
-#          BUGS: ---
-#         NOTES: test in Debian Buster
-#        AUTHOR: Andrea Giovine (AG), 
-#  ORGANIZATION: 
-#       CREATED: 17/08/2020 16:36:57
-#      REVISION:  ---
-#===============================================================================
-
-set -o nounset                              # Treat unset variables as an error
-
-CHECK_INOTIFY=$(dpkg-query -W -f='${status}' 'inotify-tools')
-
-if [[ "$CHECK_INOTIFY" != 'install ok installed' ]]; then
-	echo "Install inotify-tools"
-	exit 1
-fi
-
-CHECK_CURL=$(dpkg-query -W -f='${Status}' 'curl')
+#!/usr/bin/env bash
 
-if [[ "$CHECK_CURL" != 'install ok installed' ]]; then
-	echo "Install curl"
-	exit 1
-fi
+#	.		TIMEOUT    CARONTE_IP
+#./caronte.sh 30 https://caronte.com game
 
-if [[ "$#" -ne 1 ]]; then
-	echo "Need 1 arg"
+if [[ "$#" -ne 3 ]]; then
+	echo "Usage: ./caronte.sh <timeout> <ip:port> <interface>"
 	exit 2
 fi
 
-PCAP_DIR="$1"
+PROC_TIMEOUT=$$
+UPLOAD_PROC=$$
+THIS_PROC=$$
 
-if [[ -z "$PCAP_DIR" ]]; then
-	echo "Need path to dir where are store pcaps"
-	exit 2
-fi
+trap 'echo; kill -9 $PROC_TIMEOUT; kill -9 $UPLOAD_PROC; kill -9 $THIS_PROC' INT
+
+TIMEOUT_TCPDUMP="$1"
+CARONTE_ADDR="$2"
+INTERFACE_NAME="$3"
+
+mkdir upload 2> /dev/null
+
+function get_pcaps {
+  while true; do
+	  timeout $TIMEOUT_TCPDUMP tcpdump -w "data.pcap" -i $INTERFACE_NAME port not 22 and port not 4444 &> /dev/null & PROC_TIMEOUT=$!
+    wait $PROC_TIMEOUT
+    mv data.pcap "upload/data-$(md5sum <<< date | awk '{ print $1 }').pcap"
+  done
+}
+
+function upload_pcaps { 
+  while true; do
+    files=`ls ./upload/*.pcap 2> /dev/null`
+    for file in $files
+    do
+      curl -F "file=@$file" -F "flush_all=true" "$CARONTE_ADDR/api/pcap/upload" && rm $file
+      echo
+    done
+    sleep `echo $TIMEOUT_TCPDUMP/2 | bc`
+  done
+}
+
+upload_pcaps & UPLOAD_PROC=$!
+
+get_pcaps
 
-inotifywait -m "$PCAP_DIR" -e close_write -e moved_to |
-           while read dir action file; do
-             echo "The file $file appeared in directory $dir via $action"
-             curl -F "file=@$file" "http://localhost:3333/api/pcap/upload"
-           done