Is the document of develop a new protocol up to date

jerome_tan · February 15, 2017, 11:26am

Is the document "https://www.elastic.co/guide/en/beats/packetbeat/current/protocol-modules.html" up to date? In the document

All protocol modules implement the TcpProtocolPlugin or the UdpProtocolPlugin (or both) from the following listing (found in beats/packetbeat/protos/protos.go).

// Functions to be exported by a protocol plugin
type ProtocolPlugin interface {
        // Called to initialize the Plugin
        Init(test_mode bool, results publish.Transactions) error

        // Called to return the configured ports
        GetPorts() []int
}

type TcpProtocolPlugin interface {
        ProtocolPlugin

        // Called when TCP payload data is available for parsing.
        Parse(pkt *Packet, tcptuple *common.TcpTuple,
                dir uint8, private ProtocolData) ProtocolData

        // Called when the FIN flag is seen in the TCP stream.
        ReceivedFin(tcptuple *common.TcpTuple, dir uint8,
                private ProtocolData) ProtocolData

        // Called when a packets are missing from the tcp
        // stream.
        GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int,
                private ProtocolData) (priv ProtocolData, drop bool)

        // ConnectionTimeout returns the per stream connection timeout.
        // Return <=0 to set default tcp module transaction timeout.
        ConnectionTimeout() time.Duration
}

type UdpProtocolPlugin interface {
        ProtocolPlugin

        // ParseUdp is invoked when UDP payload data is available for parsing.
        ParseUdp(pkt *Packet)
}

I can't find the code in beats/packetbeat/protos/protos.go.

tudor · February 15, 2017, 11:51am

Looks like those moved in registry.go. Could you open a ticket so that we fix the docs, please?

The guide should be mostly up-to-date, if you find other bugs please report them. I recommend following the master version of the docs if you plan to work agains Packetbeat master.

jerome_tan · February 15, 2017, 12:14pm

The same, I can't find the following code from file: config/config.go

type Protocols struct {
        Icmp     Icmp
        Dns      Dns
        Http     Http
        Memcache Memcache
        Mysql    Mysql
        Mongodb  Mongodb
        Pgsql    Pgsql
        Redis    Redis
        Thrift   Thrift
}

And protos/protos.go does not contain the code:

// Protocol constants.
const (
        UnknownProtocol Protocol = iota
    HttpProtocol
    MysqlProtocol
    RedisProtocol
    PgsqlProtocol
    ThriftProtocol
    MongodbProtocol
    DnsProtocol
    MemcacheProtocol)

// Protocol names
var ProtocolNames = []string{
        "unknown",
        "http",
        "mysql",
        "redis",
        "pgsql",
        "thrift",
        "mongodb",
        "dns",
        "memcache",
}

ruflin · February 16, 2017, 2:51pm

@steffens Can you check the above?

steffens · February 16, 2017, 5:22pm

beat version? Are you using the master branch? The doc is clearly outdated and mostly fits packetbeat 1.x .

We used to have a code generator for packetbeat TCP protocols. I can't currently find it in master branch, but in 5.2 release branch: https://github.com/elastic/beats/tree/5.2/generate/packetbeat/tcp-protocol

The generator contains a tutorial style readme with code for a sample server you can test with (e.g. telnet to sample server and capture traffic with packetbeat).

system · March 16, 2017, 5:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.