Match endpoints by destination port

intel/entity.go

@@ -37,9 +37,12 @@ type Entity struct {
 	// Protocol is the protcol number used by the connection.
 	Protocol uint8
 
-	// Port is the destination port of the connection
+	// Port is the remote port of the connection
 	Port uint16
 
+	// dstPort is the destination port of the connection
+	dstPort uint16
+
 	// Domain is the target domain of the connection.
 	Domain string
 
@@ -92,6 +95,16 @@ func (e *Entity) Init() *Entity {
 	return e
 }
 
+// AddDstPort adds the destination port.
+func (e *Entity) AddDstPort(dstPort uint16) {
+	e.dstPort = dstPort
+}
+
+// AddDstPort adds the destination port.
+func (e *Entity) DstPort() uint16 {
+	return e.dstPort
+}
+
 // FetchData fetches additional information, meant to be called before persisting an entity record.
 func (e *Entity) FetchData(ctx context.Context) {
 	e.getLocation(ctx)

network/connection.go

@@ -128,6 +128,7 @@ func NewConnectionFromFirstPacket(pkt packet.Packet) *Connection {
 			Protocol: uint8(pkt.Info().Protocol),
 			Port:     pkt.Info().SrcPort,
 		}
+		entity.AddDstPort(pkt.Info().DstPort)
 
 	} else {
 
@@ -137,6 +138,7 @@ func NewConnectionFromFirstPacket(pkt packet.Packet) *Connection {
 			Protocol: uint8(pkt.Info().Protocol),
 			Port:     pkt.Info().DstPort,
 		}
+		entity.AddDstPort(entity.Port)
 
 		// check if we can find a domain for that IP
 		ipinfo, err := resolver.GetIPInfo(proc.LocalProfileKey, pkt.Info().Dst.String())

profile/endpoints/endpoint.go

@@ -70,11 +70,11 @@ func (ep *EndpointBase) matchesPPP(entity *intel.Entity) (result EPResult) {
 	// only check if port is defined
 	if ep.StartPort > 0 {
 		// if port is unknown, return Undeterminable
-		if entity.Port == 0 {
+		if entity.DstPort() == 0 {
 			return Undeterminable
 		}
 		// if port does not match, return NoMatch
-		if entity.Port < ep.StartPort || entity.Port > ep.EndPort {
+		if entity.DstPort() < ep.StartPort || entity.DstPort() > ep.EndPort {
 			return NoMatch
 		}
 	}