[fix,improvment] Added mongodb, using l9 0.6.0

go.mod

@@ -3,7 +3,7 @@ module github.com/LeakIX/l9tcpid
 go 1.11
 
 require (
-	github.com/LeakIX/l9format v0.0.0-20201211151519-3fa809c99f79
+	github.com/LeakIX/l9format v0.6.0
 	github.com/Machiel/slugify v1.0.1 // indirect
 	github.com/PuerkitoBio/goquery v1.6.0
 	github.com/RumbleDiscovery/jarm-go v0.0.5-0.20201125030722-2ca10cdc1b63

go.sum

@@ -1,5 +1,11 @@
 github.com/LeakIX/l9format v0.0.0-20201211151519-3fa809c99f79 h1:3xN3a351xZYUxLMMmm84oI66839a5YonIuVIU8nFv3s=
 github.com/LeakIX/l9format v0.0.0-20201211151519-3fa809c99f79/go.mod h1:UJJb5cEIdbCv59AmmFYtp53kdzIyC5cfV1urqxVyZEo=
+github.com/LeakIX/l9format v0.0.0-20201214174715-7e7020617c77 h1:jqcaPTKqAnJLmDaP5yzow+7YTm8gaZW0R95KPZ9ph/4=
+github.com/LeakIX/l9format v0.0.0-20201214174715-7e7020617c77/go.mod h1:UJJb5cEIdbCv59AmmFYtp53kdzIyC5cfV1urqxVyZEo=
+github.com/LeakIX/l9format v0.0.0-20201215003031-c4aac012e2ba h1:M17b81QRO1Blo5lmHEtbhG36ZUA025eEapbhIDEzQMs=
+github.com/LeakIX/l9format v0.0.0-20201215003031-c4aac012e2ba/go.mod h1:g/Lf4+9A69MaI9F6bJS6UcEbvSbv1NS5rLx/vLpHnYw=
+github.com/LeakIX/l9format v0.6.0 h1:VcjKDz5fyTmMGl/Vsdm1QE/72EZAj0wDjXTom93N+IE=
+github.com/LeakIX/l9format v0.6.0/go.mod h1:g/Lf4+9A69MaI9F6bJS6UcEbvSbv1NS5rLx/vLpHnYw=
 github.com/Machiel/slugify v1.0.1 h1:EfWSlRWstMadsgzmiV7d0yVd2IFlagWH68Q+DcYCm4E=
 github.com/Machiel/slugify v1.0.1/go.mod h1:fTFGn5uWEynW4CUMG7sWkYXOf1UgDxyTM3DbR6Qfg3k=
 github.com/PuerkitoBio/goquery v1.6.0 h1:j7taAbelrdcsOlGeMenZxc2AWXD5fieT1/znArdnx94=

identifiers/http/stock.go → identifiers/http/elasticsearch.go

@@ -12,4 +12,5 @@ func IdentifyElasticSearch(event *l9format.L9Event, body string, document *goque
 		return true
 	}
 	return false
-}
+}
+

identifiers/tcp/stock.go

@@ -22,6 +22,18 @@ func IdentifyHttp(event *l9format.L9Event, bannerBytes []byte, bannerPrintables
 	}
 	return false
 }
+
+func IdentifyMongoDb(event *l9format.L9Event, _ []byte, bannerPrintables []string) bool {
+	if event.HasTransport("http") &&
+		strings.Contains(event.Summary, "MongoDB over HTTP") &&
+		strings.Contains(event.Summary, "native driver port") {
+		event.Protocol = "mongo"
+		event.RemoveTransport("http")
+		return true
+	}
+	return false
+}
+
 func IdentifyMysql(event *l9format.L9Event, bannerBytes []byte, bannerPrintables []string) bool {
 	if strings.Contains(event.Summary, "mysql_native_password") ||
 		(len(bannerBytes) > 16 && bannerBytes[1] == 0x00 && bannerBytes[2] == 0x00 &&

service_map.go

@@ -20,6 +20,7 @@ var TCPIdentifiers = []TcpIdentifier{
 	tcp.IdentifyRedis,
 	tcp.IdentifyRTSP,
 	tcp.IdentifyTelnet,
+	tcp.IdentifyMongoDb,
 }
 
 var HttpIdentifiers = []HttpIdentifier{

tcpid.go

@@ -18,14 +18,25 @@ type TcpIdCommand struct {
 }
 func (cmd *TcpIdCommand) Run() error {
 	cmd.ThreadManager = goccm.New(cmd.MaxThreads)
+	defer cmd.ThreadManager.WaitAllDone()
 	if !cmd.Debug {
 		log.SetOutput(ioutil.Discard)
 	}
-	stdinScanner := bufio.NewScanner(os.Stdin)
+	stdinReader := bufio.NewReaderSize(os.Stdin, 256*1024)
 	stdoutEncoder := json.NewEncoder(os.Stdout)
-	for stdinScanner.Scan() {
+	for {
+		bytes, isPrefix, err := stdinReader.ReadLine()
+		if err != nil {
+			if err.Error() == "EOF" {
+				break
+			}
+			log.Fatal(err)
+		}
+		if isPrefix == true {
+			log.Fatal("Event is too big")
+		}
 		event := &l9format.L9Event{}
-		err := json.Unmarshal(stdinScanner.Bytes(), event)
+		err = json.Unmarshal(bytes, event)
 		event.AddSource("l9tcpid")
 		event.EventType = "service"
 		event.Protocol = "tcp"
@@ -41,7 +52,7 @@ func (cmd *TcpIdCommand) Run() error {
 			if len(event.Summary) > 0 {
 				err = stdoutEncoder.Encode(event)
 				if err != nil {
-					panic(err)
+					log.Fatal(err)
 				}
 			}
 			if err != nil {
@@ -50,7 +61,6 @@ func (cmd *TcpIdCommand) Run() error {
 			cmd.ThreadManager.Done()
 		}(event)
 	}
-	cmd.ThreadManager.WaitAllDone()
 	return nil
 }