forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 4
/
udp.go
97 lines (80 loc) · 2.51 KB
/
udp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package udp
import (
"fmt"
"github.com/elastic/beats/libbeat/common"
"github.com/elastic/beats/libbeat/logp"
"github.com/elastic/beats/packetbeat/flows"
"github.com/elastic/beats/packetbeat/protos"
)
type UDP struct {
protocols protos.Protocols
portMap map[uint16]protos.Protocol
}
type Processor interface {
Process(id *flows.FlowID, pkt *protos.Packet)
}
// decideProtocol determines the protocol based on the source and destination
// ports. If the protocol cannot be determined then protos.UnknownProtocol
// is returned.
func (udp *UDP) decideProtocol(tuple *common.IPPortTuple) protos.Protocol {
protocol, exists := udp.portMap[tuple.SrcPort]
if exists {
return protocol
}
protocol, exists = udp.portMap[tuple.DstPort]
if exists {
return protocol
}
return protos.UnknownProtocol
}
// Process handles UDP packets that have been received. It attempts to
// determine the protocol type and then invokes the associated
// UdpProtocolPlugin's ParseUDP method. If the protocol cannot be determined
// or the payload is empty then the method is a noop.
func (udp *UDP) Process(id *flows.FlowID, pkt *protos.Packet) {
protocol := udp.decideProtocol(&pkt.Tuple)
if protocol == protos.UnknownProtocol {
logp.Debug("udp", "unknown protocol")
return
}
plugin := udp.protocols.GetUDP(protocol)
if plugin == nil {
logp.Debug("udp", "Ignoring protocol for which we have no module loaded: %s", protocol)
return
}
if len(pkt.Payload) > 0 {
logp.Debug("udp", "Parsing packet from %v of length %d.",
pkt.Tuple.String(), len(pkt.Payload))
plugin.ParseUDP(pkt)
}
}
// buildPortsMap creates a mapping of port numbers to protocol identifiers. If
// any two UdpProtocolPlugins operate on the same port number then an error
// will be returned.
func buildPortsMap(plugins map[protos.Protocol]protos.UDPPlugin) (map[uint16]protos.Protocol, error) {
var res = map[uint16]protos.Protocol{}
for proto, protoPlugin := range plugins {
for _, port := range protoPlugin.GetPorts() {
oldProto, exists := res[uint16(port)]
if exists {
if oldProto == proto {
continue
}
return nil, fmt.Errorf("Duplicate port (%d) exists in %s and %s protocols",
port, oldProto, proto)
}
res[uint16(port)] = proto
}
}
return res, nil
}
// NewUdp creates and returns a new Udp.
func NewUDP(p protos.Protocols) (*UDP, error) {
portMap, err := buildPortsMap(p.GetAllUDP())
if err != nil {
return nil, err
}
udp := &UDP{protocols: p, portMap: portMap}
logp.Debug("udp", "Port map: %v", portMap)
return udp, nil
}