diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 00383fb51cfc..de0d40f4909e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -96,6 +96,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - `event.category` no longer contains the value `network_traffic` because this is not a valid ECS event category value. {pull}20556[20556] - Remove deprecated TLS fields in favor of tls.server.x509 and tls.client.x509 ECS fields. {pull}28487[28487] - HTTP: The field `http.request.method` will maintain its original case. {pull}28620[28620] +- Unify gopacket dependencies. {pull}29167[29167] *Winlogbeat* diff --git a/NOTICE.txt b/NOTICE.txt index e4d0e19c26ca..8f660fe88437 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -10146,12 +10146,12 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- -Dependency : github.com/adriansr/gopacket -Version: v1.1.18-0.20200327165309-dd62abfa8a41 +Dependency : github.com/elastic/gopacket +Version: v1.1.20-0.20211202005954-d412fca7f83a Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/adriansr/gopacket@v1.1.18-0.20200327165309-dd62abfa8a41/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/gopacket@v1.1.20-0.20211202005954-d412fca7f83a/LICENSE: Copyright (c) 2012 Google, Inc. All rights reserved. Copyright (c) 2009-2011 Andreas Krennmair. All rights reserved. @@ -14841,44 +14841,6 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------- -Dependency : github.com/tsg/gopacket -Version: v0.0.0-20200626092518-2ab8e397a786 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/tsg/gopacket@v0.0.0-20200626092518-2ab8e397a786/LICENSE: - -Copyright (c) 2012 Google, Inc. All rights reserved. -Copyright (c) 2009-2011 Andreas Krennmair. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Andreas Krennmair, Google, nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -------------------------------------------------------------------------------- Dependency : github.com/ugorji/go/codec Version: v1.1.8 diff --git a/go.mod b/go.mod index c47fcd15bc8b..5330c1dc46dc 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( github.com/gomodule/redigo v1.8.3 github.com/google/flatbuffers v1.12.1 github.com/google/go-cmp v0.5.6 - github.com/google/gopacket v1.1.18-0.20191009163724-0ad7f2610e34 + github.com/google/gopacket v1.1.19 github.com/google/uuid v1.3.0 github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75 github.com/gorilla/mux v1.7.3 @@ -148,7 +148,6 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.0 github.com/tsg/go-daemon v0.0.0-20200207173439-e704b93fd89b - github.com/tsg/gopacket v0.0.0-20200626092518-2ab8e397a786 github.com/ugorji/go/codec v1.1.8 github.com/urso/sderr v0.0.0-20210525210834-52b04e8f5c71 github.com/vmware/govmomi v0.0.0-20170802214208-2cad15190b41 @@ -292,7 +291,7 @@ replace ( github.com/fsnotify/fsevents => github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 github.com/fsnotify/fsnotify => github.com/adriansr/fsnotify v1.4.8-0.20211018144411-a81f2b630e7c github.com/golang/glog => github.com/elastic/glog v1.0.1-0.20210831205241-7d8b5c89dfc4 - github.com/google/gopacket => github.com/adriansr/gopacket v1.1.18-0.20200327165309-dd62abfa8a41 + github.com/google/gopacket => github.com/elastic/gopacket v1.1.20-0.20211202005954-d412fca7f83a github.com/insomniacslk/dhcp => github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 // indirect github.com/tonistiigi/fifo => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c ) diff --git a/go.sum b/go.sum index 3ba3d94b54e4..64389aae72c6 100644 --- a/go.sum +++ b/go.sum @@ -169,8 +169,6 @@ github.com/StackExchange/wmi v0.0.0-20170221213301-9f32b5905fd6/go.mod h1:3eOhrU github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/adriansr/fsnotify v1.4.8-0.20211018144411-a81f2b630e7c h1:LpOCwE9oTg0+1Dm8rB06dKxQs7yu5tdnM6A/Zm/juQQ= github.com/adriansr/fsnotify v1.4.8-0.20211018144411-a81f2b630e7c/go.mod h1:onXS6zmTa1LJcurVsOkzywEV/Q3pdEqqu362/8OQzAI= -github.com/adriansr/gopacket v1.1.18-0.20200327165309-dd62abfa8a41 h1:9OmEpkkO4vm8Wz+JKWHDLZdzYrqXr4dovxIJDkTltKE= -github.com/adriansr/gopacket v1.1.18-0.20200327165309-dd62abfa8a41/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc h1:9iW/Fbn/R/nyUOiqo6AgwBe8uirqUIoTGF3vKG8qjoc= github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc/go.mod h1:zj8LBEnWBDOVEIJt8LvaRvDG5ARAoa5dBeHaB472NRc= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= @@ -535,6 +533,8 @@ github.com/elastic/go-ucfg v0.8.3/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+F github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUtJm0= github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= +github.com/elastic/gopacket v1.1.20-0.20211202005954-d412fca7f83a h1:8WfL/X6fK11iyX5t3Dd9dDMMNqPfEZNc//JsWGIhEgQ= +github.com/elastic/gopacket v1.1.20-0.20211202005954-d412fca7f83a/go.mod h1:riddUzxTSBpJXk3qBHtYr4qOhFhT6k/1c0E3qkQjQpA= github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4= github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= github.com/elastic/sarama v1.19.1-0.20210823122811-11c3ef800752 h1:5/RUNg7rkIvayjPhAIoI3v8p45NfWcfWs5DZSElycis= @@ -1496,8 +1496,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tsg/go-daemon v0.0.0-20200207173439-e704b93fd89b h1:X/8hkb4rQq3+QuOxpJK7gWmAXmZucF0EI1s1BfBLq6U= github.com/tsg/go-daemon v0.0.0-20200207173439-e704b93fd89b/go.mod h1:jAqhj/JBVC1PwcLTWd6rjQyGyItxxrhpiBl8LSuAGmw= -github.com/tsg/gopacket v0.0.0-20200626092518-2ab8e397a786 h1:B/IVHYiI0d04dudYw+CvCAGqSMq8d0yWy56eD6p85BQ= -github.com/tsg/gopacket v0.0.0-20200626092518-2ab8e397a786/go.mod h1:RIkfovP3Y7my19aXEjjbNd9E5TlHozzAyt7B8AaEcwg= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/uber-go/tally v3.3.15+incompatible/go.mod h1:YDTIBxdXyOU/sCWilKB4bgyufu1cEi0jdVnRdxvjnmU= github.com/uber/athenadriver v1.1.4/go.mod h1:tQjho4NzXw55LGfSZEcETuYydpY1vtmixUabHkC1K/E= @@ -1527,6 +1525,7 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vmware/govmomi v0.0.0-20170802214208-2cad15190b41 h1:NeNpIvfvaFOh0BH7nMEljE5Rk/VJlxhm58M41SeOD20= github.com/vmware/govmomi v0.0.0-20170802214208-2cad15190b41/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/willf/bitset v1.1.3/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= diff --git a/libbeat/common/flowhash/communityid_test.go b/libbeat/common/flowhash/communityid_test.go index 7972fd24c27a..4398d60d946d 100644 --- a/libbeat/common/flowhash/communityid_test.go +++ b/libbeat/common/flowhash/communityid_test.go @@ -31,10 +31,11 @@ import ( "testing" "time" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" + "github.com/google/gopacket/pcap" + "github.com/stretchr/testify/assert" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" - "github.com/tsg/gopacket/pcap" ) const ( @@ -42,9 +43,7 @@ const ( goldenDir = "testdata/golden" ) -var ( - update = flag.Bool("update", false, "updates the golden files") -) +var update = flag.Bool("update", false, "updates the golden files") func TestPCAPFiles(t *testing.T) { pcaps, err := filepath.Glob(filepath.Join(pcapDir, "*.pcap")) diff --git a/libbeat/common/seccomp/seccomp-profiler-allow.txt b/libbeat/common/seccomp/seccomp-profiler-allow.txt index a166cf6f7dac..e22f3db0eef1 100644 --- a/libbeat/common/seccomp/seccomp-profiler-allow.txt +++ b/libbeat/common/seccomp/seccomp-profiler-allow.txt @@ -9,7 +9,7 @@ access open stat -# cgo tsg/gopacket +# cgo google/gopacket poll fcntl64 diff --git a/packetbeat/beater/worker.go b/packetbeat/beater/worker.go index 5dd6a5144541..2c7f1d7eff60 100644 --- a/packetbeat/beater/worker.go +++ b/packetbeat/beater/worker.go @@ -18,7 +18,7 @@ package beater import ( - "github.com/tsg/gopacket/layers" + "github.com/google/gopacket/layers" "github.com/elastic/beats/v7/packetbeat/config" "github.com/elastic/beats/v7/packetbeat/decoder" diff --git a/packetbeat/decoder/decoder.go b/packetbeat/decoder/decoder.go index ae8eeb9d84bb..025b0899d00a 100644 --- a/packetbeat/decoder/decoder.go +++ b/packetbeat/decoder/decoder.go @@ -20,15 +20,15 @@ package decoder import ( "fmt" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/packetbeat/flows" "github.com/elastic/beats/v7/packetbeat/protos" "github.com/elastic/beats/v7/packetbeat/protos/icmp" "github.com/elastic/beats/v7/packetbeat/protos/tcp" "github.com/elastic/beats/v7/packetbeat/protos/udp" - - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" ) var debugf = logp.MakeDebug("decoder") @@ -313,6 +313,11 @@ func (d *Decoder) onICMPv6(packet *protos.Packet) { } if d.icmp6Proc != nil { + // google/gopacket treats the first four bytes + // after the typo, code and checksum as part of + // the payload. So drop those bytes. + // See https://github.com/google/gopacket/pull/423/ + d.icmp6.Payload = d.icmp6.Payload[4:] packet.Payload = d.icmp6.Payload packet.Tuple.ComputeHashables() d.icmp6Proc.ProcessICMPv6(d.flowID, &d.icmp6, packet) diff --git a/packetbeat/decoder/decoder_test.go b/packetbeat/decoder/decoder_test.go index 8e6fad990a8f..19cf7e51ab27 100644 --- a/packetbeat/decoder/decoder_test.go +++ b/packetbeat/decoder/decoder_test.go @@ -28,9 +28,9 @@ import ( "github.com/elastic/beats/v7/packetbeat/flows" "github.com/elastic/beats/v7/packetbeat/protos" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" "github.com/stretchr/testify/assert" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" ) type TestIcmp4Processor struct { diff --git a/packetbeat/decoder/util.go b/packetbeat/decoder/util.go index 4afa18262b78..ad53199ccceb 100644 --- a/packetbeat/decoder/util.go +++ b/packetbeat/decoder/util.go @@ -17,7 +17,7 @@ package decoder -import "github.com/tsg/gopacket" +import "github.com/google/gopacket" // implement DecodingLayer with support of switching between multiple layers to // remember outter layer results diff --git a/packetbeat/protos/icmp/icmp.go b/packetbeat/protos/icmp/icmp.go index c204b819adbc..d6804322c43e 100644 --- a/packetbeat/protos/icmp/icmp.go +++ b/packetbeat/protos/icmp/icmp.go @@ -21,6 +21,8 @@ import ( "net" "time" + "github.com/google/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/ecs" "github.com/elastic/beats/v7/libbeat/logp" @@ -30,8 +32,6 @@ import ( "github.com/elastic/beats/v7/packetbeat/pb" "github.com/elastic/beats/v7/packetbeat/procs" "github.com/elastic/beats/v7/packetbeat/protos" - - "github.com/tsg/gopacket/layers" ) type icmpPlugin struct { diff --git a/packetbeat/protos/icmp/icmp_test.go b/packetbeat/protos/icmp/icmp_test.go index a74e097fe047..6b03139396cb 100644 --- a/packetbeat/protos/icmp/icmp_test.go +++ b/packetbeat/protos/icmp/icmp_test.go @@ -25,6 +25,9 @@ import ( "net" "testing" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" @@ -32,9 +35,6 @@ import ( "github.com/elastic/beats/v7/packetbeat/procs" "github.com/elastic/beats/v7/packetbeat/protos" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" - "github.com/stretchr/testify/assert" ) diff --git a/packetbeat/protos/icmp/message.go b/packetbeat/protos/icmp/message.go index 873809a212a9..425505deffb9 100644 --- a/packetbeat/protos/icmp/message.go +++ b/packetbeat/protos/icmp/message.go @@ -21,7 +21,7 @@ import ( "encoding/binary" "time" - "github.com/tsg/gopacket/layers" + "github.com/google/gopacket/layers" "github.com/elastic/beats/v7/libbeat/logp" ) diff --git a/packetbeat/protos/icmp/message_test.go b/packetbeat/protos/icmp/message_test.go index 6ebc00fe3514..8f8ac56e3eed 100644 --- a/packetbeat/protos/icmp/message_test.go +++ b/packetbeat/protos/icmp/message_test.go @@ -23,7 +23,7 @@ package icmp import ( "testing" - "github.com/tsg/gopacket/layers" + "github.com/google/gopacket/layers" "github.com/stretchr/testify/assert" ) @@ -113,5 +113,5 @@ func TestIcmpMessageHumanReadableICMPv6(t *testing.T) { tuple := &icmpTuple{icmpVersion: 6} msg := &icmpMessage{Type: layers.ICMPv6TypeDestinationUnreachable, code: 3} - assert.Equal(t, "DestinationUnreachable(Address)", humanReadable(tuple, msg)) + assert.Equal(t, "DestinationUnreachable(AddressUnreachable)", humanReadable(tuple, msg)) } diff --git a/packetbeat/protos/icmp/transaction_test.go b/packetbeat/protos/icmp/transaction_test.go index 3c1f7fe64c54..1846b19e6719 100644 --- a/packetbeat/protos/icmp/transaction_test.go +++ b/packetbeat/protos/icmp/transaction_test.go @@ -23,7 +23,7 @@ package icmp import ( "testing" - "github.com/tsg/gopacket/layers" + "github.com/google/gopacket/layers" "github.com/stretchr/testify/assert" ) diff --git a/packetbeat/protos/tcp/tcp.go b/packetbeat/protos/tcp/tcp.go index 51ac46346a08..c275925cbcf7 100644 --- a/packetbeat/protos/tcp/tcp.go +++ b/packetbeat/protos/tcp/tcp.go @@ -22,14 +22,14 @@ import ( "sync" "time" + "github.com/google/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/libbeat/monitoring" "github.com/elastic/beats/v7/packetbeat/flows" "github.com/elastic/beats/v7/packetbeat/protos" - - "github.com/tsg/gopacket/layers" ) const TCPMaxDataInStream = 10 * (1 << 20) diff --git a/packetbeat/protos/tcp/tcp_test.go b/packetbeat/protos/tcp/tcp_test.go index 5678924a7d6a..31aba7f39e40 100644 --- a/packetbeat/protos/tcp/tcp_test.go +++ b/packetbeat/protos/tcp/tcp_test.go @@ -26,12 +26,13 @@ import ( "testing" "time" + "github.com/google/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/packetbeat/procs" "github.com/elastic/beats/v7/packetbeat/protos" "github.com/stretchr/testify/assert" - "github.com/tsg/gopacket/layers" ) // Test Constants diff --git a/packetbeat/sniffer/afpacket_linux.go b/packetbeat/sniffer/afpacket_linux.go index 5d4c60c53132..1660daefe0dc 100644 --- a/packetbeat/sniffer/afpacket_linux.go +++ b/packetbeat/sniffer/afpacket_linux.go @@ -26,15 +26,18 @@ import ( "time" "unsafe" - "github.com/elastic/beats/v7/libbeat/logp" + "github.com/google/gopacket" + "github.com/google/gopacket/afpacket" + "github.com/google/gopacket/layers" + "github.com/google/gopacket/pcap" + "golang.org/x/net/bpf" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/afpacket" - "github.com/tsg/gopacket/layers" + "github.com/elastic/beats/v7/libbeat/logp" ) type afpacketHandle struct { TPacket *afpacket.TPacket + frameSize int promiscPreviousState bool promiscPreviousStateDetected bool device string @@ -61,6 +64,7 @@ func newAfpacketHandle(device string, snaplen int, block_size int, num_blocks in h := &afpacketHandle{ promiscPreviousState: promiscEnabled, + frameSize: snaplen, device: device, promiscPreviousStateDetected: autoPromiscMode && err == nil, } @@ -87,8 +91,21 @@ func (h *afpacketHandle) ReadPacketData() (data []byte, ci gopacket.CaptureInfo, return h.TPacket.ReadPacketData() } -func (h *afpacketHandle) SetBPFFilter(expr string) (_ error) { - return h.TPacket.SetBPFFilter(expr) +func (h *afpacketHandle) SetBPFFilter(expr string) error { + prog, err := pcap.CompileBPFFilter(layers.LinkTypeEthernet, h.frameSize, expr) + if err != nil { + return err + } + p := make([]bpf.RawInstruction, len(prog)) + for i, ins := range prog { + p[i] = bpf.RawInstruction{ + Op: ins.Code, + Jt: ins.Jt, + Jf: ins.Jf, + K: ins.K, + } + } + return h.TPacket.SetBPF(p) } func (h *afpacketHandle) LinkType() layers.LinkType { diff --git a/packetbeat/sniffer/afpacket_nonlinux.go b/packetbeat/sniffer/afpacket_nonlinux.go index 67e32e9b2671..9c3558c19f8f 100644 --- a/packetbeat/sniffer/afpacket_nonlinux.go +++ b/packetbeat/sniffer/afpacket_nonlinux.go @@ -24,8 +24,8 @@ import ( "fmt" "time" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" ) type afpacketHandle struct{} diff --git a/packetbeat/sniffer/device.go b/packetbeat/sniffer/device.go index fbe23d5ce2cc..3ec52f8d8e21 100644 --- a/packetbeat/sniffer/device.go +++ b/packetbeat/sniffer/device.go @@ -23,7 +23,7 @@ import ( "strconv" "strings" - "github.com/tsg/gopacket/pcap" + "github.com/google/gopacket/pcap" "github.com/elastic/beats/v7/libbeat/logp" ) diff --git a/packetbeat/sniffer/device_test.go b/packetbeat/sniffer/device_test.go index 189bc92a9cd7..e7bb9cfee5a4 100644 --- a/packetbeat/sniffer/device_test.go +++ b/packetbeat/sniffer/device_test.go @@ -22,7 +22,7 @@ import ( "reflect" "testing" - "github.com/tsg/gopacket/pcap" + "github.com/google/gopacket/pcap" ) var formatDeviceNamesTests = []struct { diff --git a/packetbeat/sniffer/file.go b/packetbeat/sniffer/file.go index b112e4c90edb..ec0d16f554d7 100644 --- a/packetbeat/sniffer/file.go +++ b/packetbeat/sniffer/file.go @@ -22,9 +22,9 @@ import ( "io" "time" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" - "github.com/tsg/gopacket/pcap" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" + "github.com/google/gopacket/pcap" "github.com/elastic/beats/v7/libbeat/logp" ) diff --git a/packetbeat/sniffer/sniffer.go b/packetbeat/sniffer/sniffer.go index 07a7e3096a9b..de0a1683a5f8 100644 --- a/packetbeat/sniffer/sniffer.go +++ b/packetbeat/sniffer/sniffer.go @@ -25,9 +25,10 @@ import ( "syscall" "time" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/layers" - "github.com/tsg/gopacket/pcap" + "github.com/google/gopacket" + "github.com/google/gopacket/layers" + "github.com/google/gopacket/pcap" + "github.com/google/gopacket/pcapgo" "github.com/elastic/beats/v7/libbeat/common/atomic" "github.com/elastic/beats/v7/libbeat/logp" @@ -139,24 +140,22 @@ func New( // Run opens the sniffing device and processes packets being read from that device. // Worker instances are instantiated as needed. func (s *Sniffer) Run() error { - var ( - counter = 0 - dumper *pcap.Dumper - ) - handle, err := s.open() if err != nil { return fmt.Errorf("Error starting sniffer: %s", err) } defer handle.Close() + var w *pcapgo.Writer if s.config.Dumpfile != "" { - dumper, err = openDumper(s.config.Dumpfile, handle.LinkType()) + f, err := os.Create(s.config.Dumpfile) if err != nil { return err } + defer f.Close() - defer dumper.Close() + w = pcapgo.NewWriterNanos(f) + w.WriteFileHeader(65535, handle.LinkType()) } worker, err := s.factory(handle.LinkType()) @@ -172,6 +171,7 @@ func (s *Sniffer) Run() error { } defer s.state.Store(snifferInactive) + var packets int for s.state.Load() == snifferActive { if s.config.OneAtATime { fmt.Println("Press enter to read packet") @@ -191,7 +191,7 @@ func (s *Sniffer) Run() error { } s.state.Store(snifferInactive) - return fmt.Errorf("Sniffing error: %s", err) + return fmt.Errorf("Sniffing error: %w", err) } if len(data) == 0 { @@ -199,12 +199,16 @@ func (s *Sniffer) Run() error { continue } - if dumper != nil { - dumper.WritePacketData(data, ci) + packets++ + + if w != nil { + err = w.WritePacket(ci, data) + if err != nil { + return fmt.Errorf("failed to write packet %d: %w", packets, err) + } } - counter++ - logp.Debug("sniffer", "Packet number: %d", counter) + logp.Debug("sniffer", "Packet number: %d", packets) worker.OnPacket(data, &ci) } @@ -263,20 +267,8 @@ func validatePcapFilter(expr string) error { if expr == "" { return nil } - - // Open a dummy pcap handle to compile the filter - p, err := pcap.OpenDead(layers.LinkTypeEthernet, 65535) - if err != nil { - return fmt.Errorf("OpenDead: %s", err) - } - - defer p.Close() - - _, err = p.NewBPF(expr) - if err != nil { - return fmt.Errorf("invalid filter '%s': %v", expr, err) - } - return nil + _, err := pcap.NewBPF(layers.LinkTypeEthernet, 65535, expr) + return err } func openPcap(filter string, cfg *config.InterfacesConfig) (snifferHandle, error) { @@ -316,12 +308,3 @@ func openAFPacket(filter string, cfg *config.InterfacesConfig) (snifferHandle, e return h, nil } - -func openDumper(file string, linkType layers.LinkType) (*pcap.Dumper, error) { - p, err := pcap.OpenDead(linkType, 65535) - if err != nil { - return nil, err - } - - return p.NewDumper(file) -} diff --git a/packetbeat/tests/system/test_0050_icmp.py b/packetbeat/tests/system/test_0050_icmp.py index c0f876c1b734..05b21b845eda 100644 --- a/packetbeat/tests/system/test_0050_icmp.py +++ b/packetbeat/tests/system/test_0050_icmp.py @@ -82,10 +82,10 @@ def assert_common_icmp4_fields(self, obj): assert obj["related.ip"] == ["10.0.0.1", "10.0.0.2"] assert obj["path"] == "10.0.0.2" assert obj["status"] == "OK" - assert obj["icmp.request.message"] == "EchoRequest(0)" + assert obj["icmp.request.message"] == "EchoRequest" assert obj["icmp.request.type"] == 8 assert obj["icmp.request.code"] == 0 - assert obj["icmp.response.message"] == "EchoReply(0)" + assert obj["icmp.response.message"] == "EchoReply" assert obj["icmp.response.type"] == 0 assert obj["icmp.response.code"] == 0 @@ -95,9 +95,9 @@ def assert_common_icmp6_fields(self, obj): assert obj["client.ip"] == "::1" assert obj["path"] == "::2" assert obj["status"] == "OK" - assert obj["icmp.request.message"] == "EchoRequest(0)" + assert obj["icmp.request.message"] == "EchoRequest" assert obj["icmp.request.type"] == 128 assert obj["icmp.request.code"] == 0 - assert obj["icmp.response.message"] == "EchoReply(0)" + assert obj["icmp.response.message"] == "EchoReply" assert obj["icmp.response.type"] == 129 assert obj["icmp.response.code"] == 0 diff --git a/x-pack/filebeat/input/netflow/netflow_test.go b/x-pack/filebeat/input/netflow/netflow_test.go index f1c138989c08..caaa438ebf36 100644 --- a/x-pack/filebeat/input/netflow/netflow_test.go +++ b/x-pack/filebeat/input/netflow/netflow_test.go @@ -16,9 +16,9 @@ import ( "strings" "testing" + "github.com/google/gopacket" + "github.com/google/gopacket/pcap" "github.com/stretchr/testify/assert" - "github.com/tsg/gopacket" - "github.com/tsg/gopacket/pcap" "gopkg.in/yaml.v2" "github.com/elastic/beats/v7/libbeat/beat" @@ -201,7 +201,7 @@ func getFlowsFromDat(t testing.TB, name string, testCase TestCase) TestResult { flow.Fields.Delete("event.created") ev[i] = flow } - //return TestResult{Name: name, Error: err.Error(), Events: flowsToEvents(flows)} + // return TestResult{Name: name, Error: err.Error(), Events: flowsToEvents(flows)} events = append(events, ev...) } }