youtubebeat/vendor/github.com/elastic/beats/packetbeat/protos/protos.go

// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

package protos

import (
	"errors"
	"fmt"
	"sort"
	"strings"
	"time"

	"github.com/elastic/beats/libbeat/beat"
	"github.com/elastic/beats/libbeat/common"
	"github.com/elastic/beats/libbeat/common/cfgwarn"
	"github.com/elastic/beats/libbeat/logp"
)

const (
	DefaultTransactionHashSize                 = 2 ^ 16
	DefaultTransactionExpiration time.Duration = 10 * time.Second
)

// ProtocolData interface to represent an upper
// protocol private data. Used with types like
// HttpStream, MysqlStream, etc.
type ProtocolData interface{}

type Packet struct {
	Ts      time.Time
	Tuple   common.IPPortTuple
	Payload []byte
}

var ErrInvalidPort = errors.New("port number out of range")

// Protocol Plugin Port configuration with validation on init
type PortsConfig struct {
	Ports []int
}

func (p *PortsConfig) Init(ports ...int) error {
	return p.Set(ports)
}

func (p *PortsConfig) Set(ports []int) error {
	if err := validatePorts(ports); err != nil {
		return err
	}
	p.Ports = ports
	return nil
}

func validatePorts(ports []int) error {
	for port := range ports {
		if port < 0 || port > 65535 {
			return ErrInvalidPort
		}
	}
	return nil
}

type Protocols interface {
	BpfFilter(withVlans bool, withICMP bool) string
	GetTCP(proto Protocol) TCPPlugin
	GetUDP(proto Protocol) UDPPlugin

	GetAllTCP() map[Protocol]TCPPlugin
	GetAllUDP() map[Protocol]UDPPlugin

	// Register(proto Protocol, plugin ProtocolPlugin)
}

// list of protocol plugins
type ProtocolsStruct struct {
	all map[Protocol]protocolInstance
	tcp map[Protocol]TCPPlugin
	udp map[Protocol]UDPPlugin
}

// Singleton of Protocols type.
var Protos = ProtocolsStruct{
	all: map[Protocol]protocolInstance{},
	tcp: map[Protocol]TCPPlugin{},
	udp: map[Protocol]UDPPlugin{},
}

type protocolInstance struct {
	client beat.Client
	plugin Plugin
}

type reporterFactory interface {
	CreateReporter(*common.Config) (func(beat.Event), error)
}

func (s ProtocolsStruct) Init(
	testMode bool,
	pub reporterFactory,
	configs map[string]*common.Config,
	listConfigs []*common.Config,
) error {
	if len(configs) > 0 {
		cfgwarn.Deprecate("7.0.0", "dictionary style protocols configuration has been deprecated. Please use list-style protocols configuration.")
	}

	for proto := range protocolSyms {
		logp.Debug("protos", "registered protocol plugin: %v", proto)
	}

	for name, config := range configs {
		if err := s.configureProtocol(testMode, pub, name, config); err != nil {
			return err
		}
	}

	for _, config := range listConfigs {
		module := struct {
			Name string `config:"type" validate:"required"`
		}{}
		if err := config.Unpack(&module); err != nil {
			return err
		}

		if err := s.configureProtocol(testMode, pub, module.Name, config); err != nil {
			return err
		}
	}

	return nil
}

func (s ProtocolsStruct) configureProtocol(
	testMode bool,
	pub reporterFactory,
	name string,
	config *common.Config,
) error {
	// XXX: icmp is special, ignore here :/
	if name == "icmp" {
		return nil
	}

	proto, exists := protocolSyms[name]
	if !exists {
		logp.Err("Unknown protocol plugin: %v", name)
		return nil
	}

	plugin, exists := protocolPlugins[proto]
	if !exists {
		logp.Err("Protocol plugin '%v' not registered (%v).", name, proto.String())
		return nil
	}

	if !config.Enabled() {
		logp.Info("Protocol plugin '%v' disabled by config", name)
		return nil
	}

	var client beat.Client
	results := func(beat.Event) {}
	if !testMode {
		var err error
		results, err = pub.CreateReporter(config)
		if err != nil {
			return err
		}
	}

	inst, err := plugin(testMode, results, config)
	if err != nil {
		logp.Err("Failed to register protocol plugin: %v", err)
		return err
	}

	s.register(proto, client, inst)
	return nil
}

func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin {
	plugin, exists := s.tcp[proto]
	if !exists {
		return nil
	}

	return plugin
}

func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin {
	plugin, exists := s.udp[proto]
	if !exists {
		return nil
	}

	return plugin
}

func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin {
	return s.tcp
}

func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin {
	return s.udp
}

// BpfFilter returns a Berkeley Packer Filter (BFP) expression that
// will match against packets for the registered protocols. If with_vlans is
// true the filter will match against both IEEE 802.1Q VLAN encapsulated
// and unencapsulated packets
func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string {
	// Sort the protocol IDs so that the return value is consistent.
	var protos []int
	for proto := range s.all {
		protos = append(protos, int(proto))
	}
	sort.Ints(protos)

	var expressions []string
	for _, key := range protos {
		proto := Protocol(key)
		plugin := s.all[proto].plugin
		for _, port := range plugin.GetPorts() {
			hasTCP := false
			hasUDP := false

			if _, present := s.tcp[proto]; present {
				hasTCP = true
			}
			if _, present := s.udp[proto]; present {
				hasUDP = true
			}

			var expr string
			if hasTCP && !hasUDP {
				expr = "tcp port %d"
			} else if !hasTCP && hasUDP {
				expr = "udp port %d"
			} else {
				expr = "port %d"
			}

			expressions = append(expressions, fmt.Sprintf(expr, port))
		}
	}

	if withICMP {
		expressions = append(expressions, "icmp", "icmp6")
	}

	filter := strings.Join(expressions, " or ")
	if withVlans {
		filter = fmt.Sprintf("%s or (vlan and (%s))", filter, filter)
	}
	return filter
}

func (s ProtocolsStruct) register(proto Protocol, client beat.Client, plugin Plugin) {
	if _, exists := s.all[proto]; exists {
		logp.Warn("Protocol (%s) plugin will overwritten by another plugin", proto.String())
	}

	s.all[proto] = protocolInstance{
		client: client,
		plugin: plugin,
	}

	success := false
	if tcp, ok := plugin.(TCPPlugin); ok {
		s.tcp[proto] = tcp
		success = true
	}
	if udp, ok := plugin.(UDPPlugin); ok {
		s.udp[proto] = udp
		success = true
	}
	if !success {
		logp.Warn("Protocol (%s) register failed, port: %v", proto.String(), plugin.GetPorts())
	}
}
Add generated youtubebeat files 2018-11-18 11:08:38 +01:00			`// Licensed to Elasticsearch B.V. under one or more contributor`
			`// license agreements. See the NOTICE file distributed with`
			`// this work for additional information regarding copyright`
			`// ownership. Elasticsearch B.V. licenses this file to you under`
			`// the Apache License, Version 2.0 (the "License"); you may`
			`// not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing,`
			`// software distributed under the License is distributed on an`
			`// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY`
			`// KIND, either express or implied. See the License for the`
			`// specific language governing permissions and limitations`
			`// under the License.`

			`package protos`

			`import (`
			`"errors"`
			`"fmt"`
			`"sort"`
			`"strings"`
			`"time"`

			`"github.com/elastic/beats/libbeat/beat"`
			`"github.com/elastic/beats/libbeat/common"`
			`"github.com/elastic/beats/libbeat/common/cfgwarn"`
			`"github.com/elastic/beats/libbeat/logp"`
			`)`

			`const (`
			`DefaultTransactionHashSize = 2 ^ 16`
			`DefaultTransactionExpiration time.Duration = 10 * time.Second`
			`)`

			`// ProtocolData interface to represent an upper`
			`// protocol private data. Used with types like`
			`// HttpStream, MysqlStream, etc.`
			`type ProtocolData interface{}`

			`type Packet struct {`
			`Ts time.Time`
			`Tuple common.IPPortTuple`
			`Payload []byte`
			`}`

			`var ErrInvalidPort = errors.New("port number out of range")`

			`// Protocol Plugin Port configuration with validation on init`
			`type PortsConfig struct {`
			`Ports []int`
			`}`

			`func (p *PortsConfig) Init(ports ...int) error {`
			`return p.Set(ports)`
			`}`

			`func (p *PortsConfig) Set(ports []int) error {`
			`if err := validatePorts(ports); err != nil {`
			`return err`
			`}`
			`p.Ports = ports`
			`return nil`
			`}`

			`func validatePorts(ports []int) error {`
			`for port := range ports {`
			`if port < 0 \|\| port > 65535 {`
			`return ErrInvalidPort`
			`}`
			`}`
			`return nil`
			`}`

			`type Protocols interface {`
			`BpfFilter(withVlans bool, withICMP bool) string`
			`GetTCP(proto Protocol) TCPPlugin`
			`GetUDP(proto Protocol) UDPPlugin`

			`GetAllTCP() map[Protocol]TCPPlugin`
			`GetAllUDP() map[Protocol]UDPPlugin`

			`// Register(proto Protocol, plugin ProtocolPlugin)`
			`}`

			`// list of protocol plugins`
			`type ProtocolsStruct struct {`
			`all map[Protocol]protocolInstance`
			`tcp map[Protocol]TCPPlugin`
			`udp map[Protocol]UDPPlugin`
			`}`

			`// Singleton of Protocols type.`
			`var Protos = ProtocolsStruct{`
			`all: map[Protocol]protocolInstance{},`
			`tcp: map[Protocol]TCPPlugin{},`
			`udp: map[Protocol]UDPPlugin{},`
			`}`

			`type protocolInstance struct {`
			`client beat.Client`
			`plugin Plugin`
			`}`

			`type reporterFactory interface {`
			`CreateReporter(*common.Config) (func(beat.Event), error)`
			`}`

			`func (s ProtocolsStruct) Init(`
			`testMode bool,`
			`pub reporterFactory,`
			`configs map[string]*common.Config,`
			`listConfigs []*common.Config,`
			`) error {`
			`if len(configs) > 0 {`
			`cfgwarn.Deprecate("7.0.0", "dictionary style protocols configuration has been deprecated. Please use list-style protocols configuration.")`
			`}`

			`for proto := range protocolSyms {`
			`logp.Debug("protos", "registered protocol plugin: %v", proto)`
			`}`

			`for name, config := range configs {`
			`if err := s.configureProtocol(testMode, pub, name, config); err != nil {`
			`return err`
			`}`
			`}`

			`for _, config := range listConfigs {`
			`module := struct {`
			Name string `config:"type" validate:"required"`
			`}{}`
			`if err := config.Unpack(&module); err != nil {`
			`return err`
			`}`

			`if err := s.configureProtocol(testMode, pub, module.Name, config); err != nil {`
			`return err`
			`}`
			`}`

			`return nil`
			`}`

			`func (s ProtocolsStruct) configureProtocol(`
			`testMode bool,`
			`pub reporterFactory,`
			`name string,`
			`config *common.Config,`
			`) error {`
			`// XXX: icmp is special, ignore here :/`
			`if name == "icmp" {`
			`return nil`
			`}`

			`proto, exists := protocolSyms[name]`
			`if !exists {`
			`logp.Err("Unknown protocol plugin: %v", name)`
			`return nil`
			`}`

			`plugin, exists := protocolPlugins[proto]`
			`if !exists {`
			`logp.Err("Protocol plugin '%v' not registered (%v).", name, proto.String())`
			`return nil`
			`}`

			`if !config.Enabled() {`
			`logp.Info("Protocol plugin '%v' disabled by config", name)`
			`return nil`
			`}`

			`var client beat.Client`
			`results := func(beat.Event) {}`
			`if !testMode {`
			`var err error`
			`results, err = pub.CreateReporter(config)`
			`if err != nil {`
			`return err`
			`}`
			`}`

			`inst, err := plugin(testMode, results, config)`
			`if err != nil {`
			`logp.Err("Failed to register protocol plugin: %v", err)`
			`return err`
			`}`

			`s.register(proto, client, inst)`
			`return nil`
			`}`

			`func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin {`
			`plugin, exists := s.tcp[proto]`
			`if !exists {`
			`return nil`
			`}`

			`return plugin`
			`}`

			`func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin {`
			`plugin, exists := s.udp[proto]`
			`if !exists {`
			`return nil`
			`}`

			`return plugin`
			`}`

			`func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin {`
			`return s.tcp`
			`}`

			`func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin {`
			`return s.udp`
			`}`

			`// BpfFilter returns a Berkeley Packer Filter (BFP) expression that`
			`// will match against packets for the registered protocols. If with_vlans is`
			`// true the filter will match against both IEEE 802.1Q VLAN encapsulated`
			`// and unencapsulated packets`
			`func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string {`
			`// Sort the protocol IDs so that the return value is consistent.`
			`var protos []int`
			`for proto := range s.all {`
			`protos = append(protos, int(proto))`
			`}`
			`sort.Ints(protos)`

			`var expressions []string`
			`for _, key := range protos {`
			`proto := Protocol(key)`
			`plugin := s.all[proto].plugin`
			`for _, port := range plugin.GetPorts() {`
			`hasTCP := false`
			`hasUDP := false`

			`if _, present := s.tcp[proto]; present {`
			`hasTCP = true`
			`}`
			`if _, present := s.udp[proto]; present {`
			`hasUDP = true`
			`}`

			`var expr string`
			`if hasTCP && !hasUDP {`
			`expr = "tcp port %d"`
			`} else if !hasTCP && hasUDP {`
			`expr = "udp port %d"`
			`} else {`
			`expr = "port %d"`
			`}`

			`expressions = append(expressions, fmt.Sprintf(expr, port))`
			`}`
			`}`

			`if withICMP {`
			`expressions = append(expressions, "icmp", "icmp6")`
			`}`

			`filter := strings.Join(expressions, " or ")`
			`if withVlans {`
			`filter = fmt.Sprintf("%s or (vlan and (%s))", filter, filter)`
			`}`
			`return filter`
			`}`

			`func (s ProtocolsStruct) register(proto Protocol, client beat.Client, plugin Plugin) {`
			`if _, exists := s.all[proto]; exists {`
			`logp.Warn("Protocol (%s) plugin will overwritten by another plugin", proto.String())`
			`}`

			`s.all[proto] = protocolInstance{`
			`client: client,`
			`plugin: plugin,`
			`}`

			`success := false`
			`if tcp, ok := plugin.(TCPPlugin); ok {`
			`s.tcp[proto] = tcp`
			`success = true`
			`}`
			`if udp, ok := plugin.(UDPPlugin); ok {`
			`s.udp[proto] = udp`
			`success = true`
			`}`
			`if !success {`
			`logp.Warn("Protocol (%s) register failed, port: %v", proto.String(), plugin.GetPorts())`
			`}`
			`}`