Skip to content

Cherry-pick #21221 to 7.x: [Packetbeat] New SIP protocol#21557

Merged
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21221_7.x
Oct 6, 2020
Merged

Cherry-pick #21221 to 7.x: [Packetbeat] New SIP protocol#21557
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21221_7.x

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented Oct 6, 2020
edited by zube bot
Loading

Cherry-pick of PR #21221 to 7.x branch. Original message:

This is a re-opening of #7181 to fix merge issues.

TODO:

  • Parse VIA
  • Parse Contact
  • Parse Auth
  • Parse SDP body

Thanks to @tj8000rpm for the original work.

From the original PR:

Hi all. I implemented a new protocol SIP to packetbeat. #152
The SIP(Session Initiation Protocol) is a communications protocol for signaling and controlling multimedia communication sessions. SIP is used many VoIP applications at not only enterprise uses but also telecom careers.

SIP is text-base protocol like HTTP. But SIP has various unique features like :

  • SIP is server-client model, but it roles may changes call by call.
  • SIP is request-response model, but server may (usualy) reply many responses for one request.
  • There many requests and responses in one call.
  • It is not know when the call will end.

Therefore, I implemented with following plans.

  • Published for each SIP message(request or response)
  • Additional timestamp to make it possible to keep message order
  • Parse and store each header field and SDP body(option)
  • Received raw message is stored as text value(option)

More detail is writen in README.md

@marc-gr @tj8000rpm
[Packetbeat] New SIP protocol (elastic#21221)
c0de28f 
* new protocol:sip:Make a directory and Readme file.

new protocol:sip:update include list

new protocol:sip:initial blank file

DNSをベースとしてまずはDNSでやっている内容を解析開始・・・コメント付け中。

読み進めた分更新

パーサの実装を開始

パーサをのデコーダをsipPlugin内に移設もろもろ

リクエスト、レスポンス判定を追加

SIPのパース, SDPのパース追加、パーサをいろいろばらばらに。醜い・・・

ヘッダパース系メソッドをsipMessageのメンバに変更

バッファリングの仕組みのプロトタイプ作成

ファイル分割、オブジェクト毎にファイルを分割。その他実装を進めているところ。とちゅう

publish methodの実装

一部エラーハンドリングを追加

TODO更新とデータ構造を追加

ヘッダ処理諸々追加,途中

README TODO更新
'

実働確認用に追加

フィールド名にsip.を付与、unixtimenanoをフィールドに追加(デフォルトのtimestampだとSIP信号を並び替えるのに精度不足なため。)

フィールド命名規則を更新

Added english description

change field name

align the indents

fields.yml update about timestamp

テストケース追加

added testcase

add testcases

add testcases and fixed some bug cases

add test cases

add testcase parseSIPHeaders

fixed bug cases.

comment and refactoring

update testcases

add monitoring element named 'sip.message_ignored'

move publish function call from expireBuffer to callback function when buffer expired.

add testcase, bufferExpire

remove unnecessary pkg

add testcase at publish method

add, edit and migrate test cases

modify time duration

change timer code

remove fragmneted process

translate comments

add linux amd64 binary

Comments translated

update informations

add windows bin

update TODO list

add no mandantory header parse check

Add compact-form test case

Add compact-form test case

Add compact-form test case

Add compact-form test case

support compact form

TODO list update

add sip uri parser

add detail mode

add binary

remove unnecessary file

bug fix:broken when response parse in detail mode

bug fix:detail mode

modify detail mode

modify detail mode

Update Readme about compact form and parse detail sip header and request-uri

Update Readme about compact form and parse detail sip header and request-uri

Update Readme about compact form and parse detail sip header and request-uri

Update Readme about compact form and parse detail sip header and request-uri

expand config parsing options

edit variable names

arrangement and add text README file

refine Readme message

update Readme text

update Readme on Configuration

Go coding style was checked with golint

Erase duplicate field in field.yml, move src and dst fields into sip filed

Update docs, fields.asciidoc

Update docs, fields.asciidoc

* Fixes and style changes

* Refactor to be more similar to http parser and add system tests

* Add event action

* Add related fields

* Update fields and docs

* Add sip to docs

* Add beta warning

* Parse SDP, Contact, Via and auth

* Add suggestions

Co-authored-by: tj8000rpm <t.j.8000rpm@gmail.com>
(cherry picked from commit 0dd2428)
@marc-gr marc-gr requested a review from a team as a code owner October 6, 2020 10:26
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 6, 2020

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 6, 2020

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21557 opened]

  • Start Time: 2020-10-06T10:27:16.734+0000

  • Duration: 41 min 14 sec

Test stats 🧪

Test Results
Failed 0
Passed 1079
Skipped 10
Total 1089

@marc-gr marc-gr merged commit 065c92a into elastic:7.x Oct 6, 2020
@marc-gr marc-gr deleted the backport_21221_7.x branch October 6, 2020 12:26
@zube zube bot removed the [zube]: Done label Jan 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@adriansr adriansr adriansr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marc-gr @elasticmachine @adriansr