Skip to content

Commit

Permalink
packetbeat: preparation for npcap addition (#29017) (#29186)
Browse files Browse the repository at this point in the history 
* packetbeat: run gofmt -s
* packetbeat/protos/tls: prep for gofumpt
* packetbeat: run gofumpt
* packetbeat: clean up lint

	Address the following output from staticcheck. Checked lines are fixed here.

	- [ ] beater/processor.go:143:15: error strings should not be capitalized (ST1005)
	- [ ] decoder/decoder.go:142:15: error strings should not be capitalized (ST1005)
	- [ ] flows/flowid_test.go:57:6: func addUDP is unused (U1000)
	- [x] flows/flows_test.go:58:2: this value of err is never used (SA4006)
	- [x] flows/flows_test.go:59:2: this value of err is never used (SA4006)
	- [x] flows/flows_test.go:60:2: this value of err is never used (SA4006)
	- [x] flows/flows_test.go:61:2: this value of err is never used (SA4006)
	- [x] flows/flows_test.go:62:2: this value of err is never used (SA4006)
	- [x] flows/worker.go:110:17: should use time.Until instead of t.Sub(time.Now()) (S1024)
	- [ ] pb/event.go:435:13: error strings should not be capitalized (ST1005)
	- [x] procs/procs.go:216:55: should use time.Since instead of time.Now().Sub (S1012)
	- [x] protos/amqp/amqp.go:90:5: should omit comparison to bool constant, can be simplified to !amqp.hideConnectionInformation (S1002)
	- [ ] protos/amqp/amqp_fields.go:48:4: this value of fields is never used (SA4006) **BUG**
	- [ ] protos/amqp/amqp_fields.go:73:4: this value of fields is never used (SA4006) **BUG**
	- [x] protos/amqp/amqp_parser.go:77:22: func (*amqpStream).prepareForNewMessage is unused (U1000)
	- [x] protos/amqp/amqp_parser.go:162:5: should omit comparison to bool constant, can be simplified to amqp.parseHeaders (S1002)
	- [x] protos/amqp/amqp_parser.go:345:12: should omit comparison to bool constant, can be simplified to m.isRequest (S1002)
	- [x] protos/amqp/amqp_parser.go:347:12: should omit comparison to bool constant, can be simplified to !m.isRequest (S1002)
	- [x] protos/amqp/amqp_parser.go:353:9: should omit comparison to bool constant, can be simplified to amqp.hideConnectionInformation (S1002)
	- [x] protos/amqp/amqp_test.go:672:2: this value of private is never used (SA4006)
	- [x] protos/amqp/amqp_test.go:739:2: this value of private is never used (SA4006)
	- [x] protos/cassandra/cassandra.go:203:25: func (*connection).dropStreams is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/array_decoder.go:29:6: func readInt is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:279:6: func getApacheCassandraType is unused (U1000)
	- [x] protos/cassandra/internal/gocql/marshal.go:352:7: receiver name should be a reflection of its identity; don't use generic names such as "this" or "self" (ST1006)
	- [ ] protos/cassandra/internal/gocql/marshal.go:569:2: const flagValues is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:570:2: const flagSkipMetaData is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:571:2: const flagPageSize is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:572:2: const flagWithPagingState is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:573:2: const flagWithSerialConsistency is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:574:2: const flagDefaultTimestamp is unused (U1000)
	- [ ] protos/cassandra/internal/gocql/marshal.go:575:2: const flagWithNameValues is unused (U1000)
	- [x] protos/cassandra/parser.go:72:2: field transactionTimeout is unused (U1000)
	- [ ] protos/cassandra/parser.go:79:22: error strings should not be capitalized (ST1005)
	- [x] protos/cassandra/pub.go:36:2: field ignoredOps is unused (U1000)
	- [ ] protos/dhcpv4/option_ip_addresses.go:42:15: error strings should not be capitalized (ST1005)
	- [x] protos/dns/dns.go:68:2: const query is unused (U1000)
	- [x] protos/dns/dns.go:69:2: const response is unused (U1000)
	- [x] protos/dns/dns.go:206:2: field responseTime is unused (U1000)
	- [x] protos/http/http.go:929:24: func (*messageList).last is unused (U1000)
	- [ ] protos/http/http_parser.go:264:18: error strings should not be capitalized (ST1005)
	- [ ] protos/http/http_parser.go:271:16: error strings should not be capitalized (ST1005)
	- [x] protos/http/http_test.go:59:22: func (*eventStore).empty is unused (U1000)
	- [x] protos/http/http_test.go:541:2: this value of msg is never used (SA4006)
	- [x] protos/http/http_test.go:647:2: this value of complete is never used (SA4006)
	- [x] protos/http/http_test.go:647:2: this value of ok is never used (SA4006)
	- [x] protos/http/http_test.go:653:2: this value of complete is never used (SA4006)
	- [x] protos/http/http_test.go:653:2: this value of ok is never used (SA4006)
	- [x] protos/http/http_test.go:658:2: this value of complete is never used (SA4006)
	- [x] protos/http/http_test.go:658:2: this value of ok is never used (SA4006)
	- [x] protos/http/http_test.go:673:2: this value of complete is never used (SA4006)
	- [x] protos/http/http_test.go:673:2: this value of ok is never used (SA4006)
	- [x] protos/icmp/icmp.go:260:25: func (*icmpPlugin).getTransaction is unused (U1000)
	- [ ] protos/icmp/message.go:93:2: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [ ] protos/icmp/message.go:104:2: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [ ] protos/icmp/message.go:115:2: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [ ] protos/icmp/message.go:136:2: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [ ] protos/icmp/message.go:147:2: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [x] protos/memcache/binary.go:31:6: type memcacheMagic is unused (U1000)
	- [x] protos/memcache/binary.go:60:2: var extraValue is unused (U1000)
	- [ ] protos/memcache/errors.go:26:5: var errNotImplemented is unused (U1000)
	- [ ] protos/memcache/errors.go:33:2: var errExpectedNumber is unused (U1000)
	- [ ] protos/memcache/errors.go:35:2: var errExpectedCRLF is unused (U1000)
	- [ ] protos/memcache/errors.go:54:2: var errResponseUnknownTransaction is unused (U1000)
	- [x] protos/memcache/parse.go:29:2: const codeSpace is unused (U1000)
	- [x] protos/memcache/parse.go:29:2: only the first constant in this group has an explicit type (SA9004)
	- [x] protos/memcache/parse.go:30:2: const codeTab is unused (U1000)
	- [x] protos/memcache/plugin_tcp.go:63:7: const defaultTCPTransDuration is unused (U1000)
	- [ ] protos/memcache/plugin_tcp.go:377:4: logp.WTF is deprecated: Use logp.NewLogger and its Panic or DPanic methods.  (SA1019)
	- [x] protos/memcache/text.go:410:6: func makeValue2Arg is unused (U1000)
	- [x] protos/mongodb/mongodb_parser.go:118:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:119:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:120:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:165:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:166:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:167:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:169:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:181:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:232:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:233:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:236:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:237:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:277:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:278:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:279:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:290:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:291:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:292:2: this value of err is never used (SA4006)
	- [ ] protos/mongodb/mongodb_parser.go:401:13: error strings should not be capitalized (ST1005)
	- [x] protos/mongodb/mongodb_parser.go:436:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_parser.go:461:2: this value of err is never used (SA4006)
	- [ ] protos/mongodb/mongodb_parser.go:470:24: error strings should not be capitalized (ST1005)
	- [x] protos/mongodb/mongodb_test.go:163:2: this value of err is never used (SA4006)
	- [x] protos/mongodb/mongodb_test.go:174:2: this value of err is never used (SA4006)
	- [x] protos/mysql/mysql.go:65:2: field fields is unused (U1000)
	- [x] protos/mysql/mysql.go:66:2: field rows is unused (U1000)
	- [x] protos/mysql/mysql.go:86:2: field params is unused (U1000)
	- [x] protos/mysql/mysql.go:944:4: empty branch (SA9003)
	- [x] protos/mysql/mysql_test.go:52:22: func (*eventStore).empty is unused (U1000)
	- [x] protos/mysql/mysql_test.go:679:3: this value of private is never used (SA4006)
	- [x] protos/nfs/xdr.go:43:15: func (*xdr).getInt is unused (U1000)
	- [x] protos/nfs/xdr.go:55:15: func (*xdr).getHyper is unused (U1000)
	- [x] protos/pgsql/pgsql.go:432:5: should omit nil check; len() for nil slices is defined as zero (S1009)
	- [x] protos/pgsql/pgsql_test.go:49:22: func (*eventStore).empty is unused (U1000)
	- [x] protos/protos_test.go:74:2: redundant return statement (S1023)
	- [x] protos/protos_test.go:103:2: redundant return statement (S1023)
	- [ ] protos/sip/parser.go:254:18: error strings should not be capitalized (ST1005)
	- [ ] protos/sip/parser.go:261:16: error strings should not be capitalized (ST1005)
	- [x] protos/tcp/tcp.go:291:6: func tcpSeqBefore is unused (U1000)
	- [ ] protos/tcp/tcp.go:309:17: error strings should not be capitalized (ST1005)
	- [x] protos/tcp/tcp_test.go:200:76: redundant return statement (S1023)
	- [ ] protos/thrift/thrift.go:272:10: error strings should not be capitalized (ST1005)
	- [ ] protos/thrift/thrift.go:279:10: error strings should not be capitalized (ST1005)
	- [x] protos/thrift/thrift_idl.go:52:28: should use make([]*string, max + 1) instead (S1019)
	- [ ] protos/thrift/thrift_idl.go:94:19: error strings should not be capitalized (ST1005)
	- [x] protos/thrift/thrift_test.go:125:2: this value of m is never used (SA4006)
	- [x] protos/thrift/thrift_test.go:133:2: this value of m is never used (SA4006)
	- [x] protos/thrift/thrift_test.go:153:2: this value of m is never used (SA4006)
	- [ ] protos/tls/alerts.go:72:15: error strings should not be capitalized (ST1005)
	- [ ] protos/tls/parse.go:21:2: package crypto/dsa is deprecated: DSA is a legacy algorithm, and modern alternatives such as Ed25519 (implemented by package crypto/ed25519) should be used instead. Keys with 1024-bit moduli (L1024N160 parameters) are cryptographically weak, while bigger keys are not widely supported. Note that FIPS 186-5 no longer approves DSA for signature generation.  (SA1019)
	- [x] protos/tls/parse.go:56:2: only the first constant in this group has an explicit type (SA9004)
	- [x] protos/tls/parse.go:65:2: only the first constant in this group has an explicit type (SA9004)
	- [x] protos/tls/parse_test.go:128:6: func mapInt is unused (U1000)
	- [x] protos/tls/parse_test.go:175:2: this value of err is never used (SA4006)
	- [x] protos/tls/tls.go:175:5: don't use Yoda conditions (ST1017)
	- [x] protos/tls/tls_test.go:327:2: this value of err is never used (SA4006)
	- [x] protos/tls/tls_test.go:390:2: this value of err is never used (SA4006)
	- [x] protos/tls/tls_test.go:402:2: this value of err is never used (SA4006)
	- [x] protos/tls/tls_test.go:434:2: this value of err is never used (SA4006)
	- [x] protos/tls/tls_test.go:441:2: this value of err is never used (SA4006)
	- [ ] protos/udp/udp.go:93:17: error strings should not be capitalized (ST1005)
	- [x] protos/udp/udp_test.go:81:2: redundant return statement (S1023)
	- [ ] scripts/mage/config.go:28:2: const configTemplateGlob is unused (U1000)
	- [ ] scripts/mage/package.go:69:4: the surrounding loop is unconditionally terminated (SA4004)
	- [ ] sniffer/afpacket.go:40:19: error strings should not be capitalized (ST1005)
	- [ ] sniffer/afpacket_nonlinux.go:36:14: error strings should not be capitalized (ST1005)
	- [ ] sniffer/afpacket_nonlinux.go:40:19: error strings should not be capitalized (ST1005)
	- [ ] sniffer/afpacket_nonlinux.go:44:9: error strings should not be capitalized (ST1005)
	- [x] sniffer/device.go:65:13: the argument is already a string, there's no need to use fmt.Sprintf (S1025)
	- [ ] sniffer/device.go:84:15: error strings should not be capitalized (ST1005)
	- [ ] sniffer/device.go:89:15: error strings should not be capitalized (ST1005)
	- [ ] sniffer/device.go:100:14: error strings should not be capitalized (ST1005)
	- [ ] sniffer/file.go:82:20: error strings should not be capitalized (ST1005)
	- [x] sniffer/sniffer.go:42:2: field dumper is unused (U1000)
	- [ ] sniffer/sniffer.go:150:10: error strings should not be capitalized (ST1005)
	- [ ] sniffer/sniffer.go:195:11: error strings should not be capitalized (ST1005)
	- [ ] sniffer/sniffer.go:226:15: error strings should not be capitalized (ST1005)
	- [ ] sniffer/sniffer.go:250:10: error strings should not be capitalized (ST1005)
	- [x] sniffer/sniffer_test.go:55:2: this value of blockSize is never used (SA4006)
	- [x] sniffer/sniffer_test.go:55:2: this value of frameSize is never used (SA4006)
	- [x] sniffer/sniffer_test.go:55:2: this value of numBlocks is never used (SA4006)
	- [x] sniffer/sniffer_test.go:61:2: this value of err is never used (SA4006)

* packetbeat/protos/amqp: clean up conditions
* packetbeat/protos/cassandra: simplify ignored operations check
* packetbeat/protos/icmp: simplify selector expression
* packetbeat/sniffer: improve device name formatting logic
* packetbeat/protos/amqp: clarify expectation for common.MapStr destination

	The previous code would drop data rather than fill the fields common.MapStr. This
	change clarifies that it is the caller's responsibility to provide a valid
	destination.

* packetbeat: apply condition simplification staticcheck quickfix suggestions

	- [ ] flows/table.go:88:21: could remove embedded field "rawFlowID" from selector (QF1008)
	- [x] pb/event.go:240:2: could use tagged switch on f.Network.Transport (QF1002)
	- [x] protos/cassandra/config.go:48:5: could apply De Morgan's law (QF1001)
	- [x] protos/cassandra/internal/gocql/array_decoder.go:166:5: could apply De Morgan's law (QF1001)
	- [x] protos/cassandra/internal/gocql/stream_decoder.go:152:5: could apply De Morgan's law (QF1001)
	- [ ] protos/dhcpv4/dhcpv4.go:80:11: could remove embedded field "dhcpv4Config" from selector (QF1008)
	- [ ] protos/memcache/memcache.go:183:5: could remove embedded field "tcpConfig" from selector (QF1008)
	- [x] protos/memcache/memcache.go:257:3: could use tagged switch on prev.command.code (QF1003)
	- [ ] protos/memcache/memcache.go:377:4: could remove embedded field "Transaction" from selector (QF1008)
	- [ ] protos/memcache/plugin_tcp.go:115:4: could remove embedded field "Stream" from selector (QF1008)
	- [ ] protos/memcache/plugin_tcp.go:443:9: could remove embedded field "Stream" from selector (QF1008)
	- [x] protos/mongodb/mongodb.go:345:4: could use tagged switch on t.method (QF1003)
	- [x] protos/mysql/mysql.go:688:4: could use tagged switch on msg.typ (QF1003)
	- [x] protos/mysql/mysql.go:698:3: could use tagged switch on msg.typ (QF1003)
	- [ ] protos/redis/redis.go:120:4: could remove embedded field "Stream" from selector (QF1008)
	- [ ] protos/redis/redis.go:237:4: could remove embedded field "Stream" from selector (QF1008)
	- [ ] protos/redis/redis_test.go:215:5: could remove embedded field "Stream" from selector (QF1008)
	- [ ] protos/redis/redis_test.go:255:6: could remove embedded field "Stream" from selector (QF1008)
	- [x] protos/sip/parser.go:272:5: could apply De Morgan's law (QF1001)
	- [ ] protos/tls/parse.go:552:18: could remove embedded field "Parameters" from selector (QF1008)
	- [ ] protos/tls/tls.go:226:4: could remove embedded field "Stream" from selector (QF1008)

	Embedded field selector simplification are not applied because in many cases these
	probably should not be embedded fields or they clarify the intention.

(cherry picked from commit 74bc6cd)

Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
  • Loading branch information
@mergify @efd6
mergify[bot] and efd6 committed Dec 1, 2021
1 parent 2472242 commit 0ab418c
Show file tree
Hide file tree
Showing 102 changed files with 835 additions and 730 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d

*Packetbeat*

- Prevent incorrect use of AMQP protocol parsing from causing silent failure. {pull}29017[29017]
- Fix error handling in MongoDB protocol parsing. {pull}29017[29017]

*Winlogbeat*

Expand Down
2 changes: 1 addition & 1 deletion packetbeat/cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ var RootCmd *cmd.BeatsRootCmd

// PacketbeatSettings contains the default settings for packetbeat
func PacketbeatSettings() instance.Settings {
var runFlags = pflag.NewFlagSet(Name, pflag.ExitOnError)
runFlags := pflag.NewFlagSet(Name, pflag.ExitOnError)
runFlags.AddGoFlag(flag.CommandLine.Lookup("I"))
runFlags.AddGoFlag(flag.CommandLine.Lookup("t"))
runFlags.AddGoFlag(flag.CommandLine.Lookup("O"))
Expand Down
4 changes: 2 additions & 2 deletions packetbeat/config/agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (i agentInput) addProcessorsAndIndex(cfg *common.Config) (*common.Config, e
mergeConfig, err := common.NewConfigFrom(common.MapStr{
"index": datastreamConfig.Datastream.Type + "-" + datastreamConfig.Datastream.Dataset + "-" + namespace,
"processors": append([]common.MapStr{
common.MapStr{
{
"add_fields": common.MapStr{
"target": "data_stream",
"fields": common.MapStr{
Expand All @@ -76,7 +76,7 @@ func (i agentInput) addProcessorsAndIndex(cfg *common.Config) (*common.Config, e
},
},
},
common.MapStr{
{
"add_fields": common.MapStr{
"target": "event",
"fields": common.MapStr{
Expand Down
3 changes: 2 additions & 1 deletion packetbeat/decoder/decoder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,8 @@ func New(
d := Decoder{
flows: f,
decoders: make(map[gopacket.LayerType]gopacket.DecodingLayer),
icmp4Proc: icmp4, icmp6Proc: icmp6, tcpProc: tcp, udpProc: udp}
icmp4Proc: icmp4, icmp6Proc: icmp6, tcpProc: tcp, udpProc: udp,
}
d.stD1Q.init(&d.d1q[0], &d.d1q[1])
d.stIP4.init(&d.ip4[0], &d.ip4[1])
d.stIP6.init(&d.ip6[0], &d.ip6[1])
Expand Down
6 changes: 5 additions & 1 deletion packetbeat/flows/flows_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,16 @@ func TestFlowsCounting(t *testing.T) {
assert.NoError(t, err)

uint1, err := module.NewUint("uint1")
assert.NoError(t, err)
uint2, err := module.NewUint("uint2")
assert.NoError(t, err)
int1, err := module.NewInt("int1")
assert.NoError(t, err)
int2, err := module.NewInt("int2")
assert.NoError(t, err)
float1, err := module.NewFloat("float1")
assert.NoError(t, err)
float2, err := module.NewFloat("float2")

assert.NoError(t, err)

pub := &flowsChan{make(chan []beat.Event, 1)}
Expand Down
2 changes: 1 addition & 1 deletion packetbeat/flows/worker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ func makeWorker(
if align > 0 {
// round time to nearest 10 seconds for alignment
aligned := time.Unix(((time.Now().Unix()+(align-1))/align)*align, 0)
waitStart := aligned.Sub(time.Now())
waitStart := time.Until(aligned)
debugf("worker wait start(%v): %v", aligned, waitStart)
if cont := w.sleep(waitStart); !cont {
return
Expand Down
8 changes: 3 additions & 5 deletions packetbeat/flows/worker_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,8 @@ import (
"github.com/elastic/beats/v7/packetbeat/procs"
)

var (
// Use `go test -data` to update sample event files.
dataFlag = flag.Bool("data", false, "Write updated data.json files")
)
// Use `go test -data` to update sample event files.
var dataFlag = flag.Bool("data", false, "Write updated data.json files")

func TestCreateEvent(t *testing.T) {
logp.TestingSetup()
Expand Down Expand Up @@ -124,7 +122,7 @@ func TestCreateEvent(t *testing.T) {
t.Fatal(err)
}

if err := ioutil.WriteFile("../_meta/sample_outputs/flow.json", output, 0644); err != nil {
if err := ioutil.WriteFile("../_meta/sample_outputs/flow.json", output, 0o644); err != nil {
t.Fatal(err)
}
}
Expand Down
10 changes: 5 additions & 5 deletions packetbeat/pb/event.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,14 +237,14 @@ func (f *Fields) ComputeValues(localIPs []net.IP, internalNetworks []string) err
}

// network.community_id
switch {
case f.Network.Transport == "udp":
switch f.Network.Transport {
case "udp":
flow.Protocol = 17
case f.Network.Transport == "tcp":
case "tcp":
flow.Protocol = 6
case f.Network.Transport == "icmp":
case "icmp":
flow.Protocol = 1
case f.Network.Transport == "ipv6-icmp":
case "ipv6-icmp":
flow.Protocol = 58
}
flow.ICMP.Type = f.ICMPType
Expand Down
4 changes: 2 additions & 2 deletions packetbeat/processor/add_kubernetes_metadata/indexers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ func init() {
// Register default indexers
cfg := common.NewConfig()

//Add IP Port Indexer as a default indexer
// Add IP Port Indexer as a default indexer
kubernetes.Indexing.AddDefaultIndexerConfig(kubernetes.IPPortIndexerName, *cfg)

formatCfg, err := common.NewConfigFrom(map[string]interface{}{
"format": "%{[ip]}:%{[port]}",
})
if err == nil {
//Add field matcher with field to lookup as metricset.host
// Add field matcher with field to lookup as metricset.host
kubernetes.Indexing.AddDefaultMatcherConfig(kubernetes.FieldFormatMatcherName, *formatCfg)
}
}
2 changes: 1 addition & 1 deletion packetbeat/procs/procs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ func (proc *ProcessesWatcher) updateMap(transport applayer.Transport) {
if logp.HasSelector("procsdetailed") {
start := time.Now()
defer func() {
logp.Debug("procsdetailed", "updateMap() took %v", time.Now().Sub(start))
logp.Debug("procsdetailed", "updateMap() took %v", time.Since(start))
}()
}

Expand Down
4 changes: 2 additions & 2 deletions packetbeat/procs/procs_linux_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,14 @@ func createFakeDirectoryStructure(prefix string, files []testProcFile) error {
var err error
for _, file := range files {
dir := filepath.Dir(file.path)
err = os.MkdirAll(filepath.Join(prefix, dir), 0755)
err = os.MkdirAll(filepath.Join(prefix, dir), 0o755)
if err != nil {
return err
}

if !file.isLink {
err = ioutil.WriteFile(filepath.Join(prefix, file.path),
[]byte(file.contents), 0644)
[]byte(file.contents), 0o644)
if err != nil {
return err
}
Expand Down
16 changes: 10 additions & 6 deletions packetbeat/procs/procs_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,17 @@ type extractor interface {
Size() int
}

type callbackFn func(net.IP, uint16, int)
type extractorFactory func(fn callbackFn) extractor
type (
callbackFn func(net.IP, uint16, int)
extractorFactory func(fn callbackFn) extractor
)

type tcpRowOwnerPIDExtractor callbackFn
type tcp6RowOwnerPIDExtractor callbackFn
type udpRowOwnerPIDExtractor callbackFn
type udp6RowOwnerPIDExtractor callbackFn
type (
tcpRowOwnerPIDExtractor callbackFn
tcp6RowOwnerPIDExtractor callbackFn
udpRowOwnerPIDExtractor callbackFn
udp6RowOwnerPIDExtractor callbackFn
)

var tablesByTransport = map[applayer.Transport][]struct {
family uint32
Expand Down
38 changes: 26 additions & 12 deletions packetbeat/procs/procs_windows_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,21 +42,33 @@ func TestParseTableRaw(t *testing.T) {
expected []portProcMapping
mustErr bool
}{
{"Empty table IPv4", IPv4,
"00000000", nil, false},
{"Empty table IPv6", IPv6,
"00000000", nil, false},
{"Short table (no length)", IPv4,
"000000", nil, true},
{"Short table (partial entry)", IPv6,
"01000000AAAAAAAAAAAAAAAAAAAA", nil, true},
{"One entry (IPv4)", IPv4,
{
"Empty table IPv4", IPv4,
"00000000", nil, false,
},
{
"Empty table IPv6", IPv6,
"00000000", nil, false,
},
{
"Short table (no length)", IPv4,
"000000", nil, true,
},
{
"Short table (partial entry)", IPv6,
"01000000AAAAAAAAAAAAAAAAAAAA", nil, true,
},
{
"One entry (IPv4)", IPv4,
"01000000" +
"77777777AAAAAAAA12340000BBBBBBBBFFFF0000CCCCCCCC",
[]portProcMapping{
{endpoint: endpoint{address: "170.170.170.170", port: 0x1234}, pid: int(pid)},
}, false},
{"Two entries (IPv6)", IPv6,
},
false,
},
{
"Two entries (IPv6)", IPv6,
"02000000" +
// First entry
"11112222333344445555666677778888F0F0F0F0" +
Expand All @@ -76,7 +88,9 @@ func TestParseTableRaw(t *testing.T) {
[]portProcMapping{
{endpoint: endpoint{address: "1111:2222:3333:4444:5555:6666:7777:8888", port: 0xABCD}, pid: 1},
{endpoint: endpoint{address: "aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa", port: 0}, pid: 0xffff},
}, false},
},
false,
},
} {
msg := fmt.Sprintf("Test case #%d: %s", idx+1, testCase.name)
table, err := hex.DecodeString(testCase.raw)
Expand Down
4 changes: 1 addition & 3 deletions packetbeat/procs/zsyscall_windows.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,7 @@ const (
errnoERROR_IO_PENDING = 997
)

var (
errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
)
var errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)

// errnoErr returns common boxed Errno values, to prevent
// allocations at runtime.
Expand Down
Loading

0 comments on commit 0ab418c

Please sign in to comment.