elastic · kruskall · Mar 18, 2025 · Feb 4, 2025 · Feb 4, 2025 · Feb 4, 2025
diff --git a/libbeat/common/flowhash/README.md b/libbeat/common/flowhash/README.md
@@ -17,7 +17,7 @@ func ExampleCommunityIDHash() {
 		DestinationPort: 53,
 		Protocol:        17,
 	}
-	fmt.Println(flowhash.CommunityID.Hash(flow))
+	fmt.Println(flowhash.Hash(flow))
 	// Output: 1:R7iR6vkxw+jaz3wjDfWMWooBdfc=
 }
 ```
@@ -19,8 +19,6 @@ package flowhash
 
 import (
 	"crypto"
-	// import crypto/sha1 so that the SHA1 algorithm is available.
-	_ "crypto/sha1"
 	"encoding/binary"
 	"net"
 )
@@ -31,9 +29,12 @@ type communityIDHasher struct {
 	hash    crypto.Hash
 }
 
-// CommunityID is a flow hasher instance using the default values
-// in the community ID specification.
-var CommunityID = NewCommunityID(0, Base64Encoding, crypto.SHA1)
+// Hash returns the hash of the given flow.
+// It uses an hasher with the default values in the community ID specification.
+// An empty string is returned if the hasher is not available.
+func Hash(flow Flow) string {
+	return hashFlow(flow)
+}
 
 // NewCommunityID allows to instantiate a flow hasher with custom settings.
 func NewCommunityID(seed uint16, encoder Encoding, hash crypto.Hash) Hasher {

@@ -0,0 +1,24 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build requirefips
+
+package flowhash
+
+func hashFlow(flow Flow) string {
+	return ""
+}
@@ -0,0 +1,28 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+//go:build !requirefips
+
+package flowhash
+
+import "crypto"
+
+var communityID = NewCommunityID(0, Base64Encoding, crypto.SHA1)
+
+func hashFlow(flow Flow) string {
+	return communityID.Hash(flow)
+}
@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package flowhash
 
 import (
@@ -176,7 +178,7 @@ func getFlowsFromPCAP(t testing.TB, name, pcapFile string) []string {
 					}
 				}
 			}
-			flowID = CommunityID.Hash(flow)
+			flowID = Hash(flow)
 			flowStr = flowToString(flow)
 		}
 

diff --git a/libbeat/common/flowhash/examples/example.go b/libbeat/common/flowhash/examples/example.go
@@ -24,7 +24,7 @@ import (
 	"github.com/elastic/beats/v7/libbeat/common/flowhash"
 )
 
-// ExampleCommunityIDHash shows example usage for flowhash.CommunityID.Hash()
+// ExampleCommunityIDHash shows example usage for flowhash.Hash()
 func ExampleCommunityIDHash() {
 	flow := flowhash.Flow{
 		SourceIP:        net.ParseIP("10.1.2.3"),
@@ -33,6 +33,6 @@ func ExampleCommunityIDHash() {
 		DestinationPort: 53,
 		Protocol:        17,
 	}
-	fmt.Println(flowhash.CommunityID.Hash(flow))
+	fmt.Println(flowhash.Hash(flow))
 	// Output: 1:R7iR6vkxw+jaz3wjDfWMWooBdfc=
 }
@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package communityid
 
 import (
@@ -66,10 +68,7 @@ func New(cfg *cfg.C) (beat.Processor, error) {
 }
 
 func newFromConfig(c config) (*processor, error) {
-	hasher := flowhash.CommunityID
-	if c.Seed != 0 {
-		hasher = flowhash.NewCommunityID(c.Seed, flowhash.Base64Encoding, crypto.SHA1)
-	}
+	hasher := flowhash.NewCommunityID(c.Seed, flowhash.Base64Encoding, crypto.SHA1)
 
 	return &processor{
 		config: c,

@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !requirefips
+
 package communityid
 
 import (

@@ -443,9 +443,11 @@ func createEvent(watcher *procs.ProcessesWatcher, ts time.Time, f *biFlow, isOve
 		}
 
 		if v, found := stats["bytes"]; found {
+			//nolint:errcheck // ignore
 			totalBytes += v.(uint64)
 		}
 		if v, found := stats["packets"]; found {
+			//nolint:errcheck // ignore
 			totalPackets += v.(uint64)
 		}
 	}
@@ -461,15 +463,18 @@ func createEvent(watcher *procs.ProcessesWatcher, ts time.Time, f *biFlow, isOve
 		}
 
 		if v, found := stats["bytes"]; found {
+			//nolint:errcheck // ignore
 			totalBytes += v.(uint64)
 		}
 		if v, found := stats["packets"]; found {
+			//nolint:errcheck // ignore
 			totalPackets += v.(uint64)
 		}
 	}
 	if communityID.Protocol > 0 && len(communityID.SourceIP) > 0 && len(communityID.DestinationIP) > 0 {
-		hash := flowhash.CommunityID.Hash(communityID)
-		network["community_id"] = hash
+		if hash := flowhash.Hash(communityID); hash != "" {
+			network["community_id"] = hash
+		}
 	}
 	network["bytes"] = totalBytes
 	network["packets"] = totalPackets

diff --git a/packetbeat/pb/event.go b/packetbeat/pb/event.go
@@ -249,7 +249,7 @@ func (f *Fields) ComputeValues(localIPs []net.IP, internalNetworks []string) err
 	flow.ICMP.Type = f.ICMPType
 	flow.ICMP.Code = f.ICMPCode
 	if flow.Protocol > 0 && len(flow.SourceIP) > 0 && len(flow.DestinationIP) > 0 {
-		f.Network.CommunityID = flowhash.CommunityID.Hash(flow)
+		f.Network.CommunityID = flowhash.Hash(flow)
 	}
 
 	// network.type

@@ -962,13 +962,6 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) {
 			"transport": f.proto.String(),
 			"packets":   f.local.packets + f.remote.packets,
 			"bytes":     f.local.bytes + f.remote.bytes,
-			"community_id": flowhash.CommunityID.Hash(flowhash.Flow{
-				SourceIP:        localAddr.IP,
-				SourcePort:      uint16(localAddr.Port),
-				DestinationIP:   remoteAddr.IP,
-				DestinationPort: uint16(remoteAddr.Port),
-				Protocol:        uint8(f.proto),
-			}),
 		},
 		"event": mapstr.M{
 			"kind":     "event",
@@ -984,6 +977,16 @@ func (f *flow) toEvent(final bool) (ev mb.Event, err error) {
 			"complete": f.complete,
 		},
 	}
+	if communityid := flowhash.Hash(flowhash.Flow{
+		SourceIP:        localAddr.IP,
+		SourcePort:      uint16(localAddr.Port),
+		DestinationIP:   remoteAddr.IP,
+		DestinationPort: uint16(remoteAddr.Port),
+		Protocol:        uint8(f.proto),
+	}); communityid != "" {
+		(root["network"].(mapstr.M))["community_id"] = communityid
+	}
+
 	var errs multierror.Errors
 	rootPut := func(key string, value interface{}) {
 		if _, err := root.Put(key, value); err != nil {

@@ -327,13 +327,15 @@ func flowToBeatEvent(flow record.Record, internalNetworks []string) beat.Event {
 		ecsNetwork["name"] = ssid
 	}
 
-	ecsNetwork["community_id"] = flowhash.CommunityID.Hash(flowhash.Flow{
+	if communityid := flowhash.Hash(flowhash.Flow{
 		SourceIP:        srcIP,
 		SourcePort:      srcPort,
 		DestinationIP:   dstIP,
 		DestinationPort: dstPort,
 		Protocol:        uint8(protocol),
-	})
+	}); communityid != "" {
+		ecsNetwork["community_id"] = communityid
+	}
 
 	if len(ecsFlow) > 0 {
 		event.Fields["flow"] = ecsFlow