From 8eb0f42e1bec937e7653fddb794fd98ea55c69fb Mon Sep 17 00:00:00 2001 From: "Marc W." <113890636+MarcWort@users.noreply.github.com> Date: Wed, 21 Aug 2024 09:05:11 +0200 Subject: [PATCH] fix: Allow use of valid Port 0 (#40259) * fix: Allow use of valid Port 0 Port 0 is a normal but reserved port. See: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml or RFC6335 Section 6 * Improve the changelog entry * fixup! fix: Allow use of valid Port 0 --------- Co-authored-by: Pierre HILBERT Co-authored-by: Denis Co-authored-by: Fae Charlton --- CHANGELOG.next.asciidoc | 1 + libbeat/processors/communityid/communityid.go | 4 ++-- .../communityid/communityid_test.go | 24 +++++++++---------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e594df1b8a2b..9b73c52df060 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -102,6 +102,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Fix parsing of RFC 3164 process IDs in syslog processor. {issue}38947[38947] {pull}38982[38982] - Rename the field "apache2.module.error" to "apache.module.error" in Apache error visualization. {issue}39480[39480] {pull}39481[39481] - Validate config of the `replace` processor {pull}40047[40047] +- Allow port number 0 in the community ID flowhash processor {pull}40259[40259] - Fix handling of escaped brackets in syslog structured data. {issue}40445[40445] {pull}40446[40446] - Update Go version to 1.22.6. {pull}40528[40528] diff --git a/libbeat/processors/communityid/communityid.go b/libbeat/processors/communityid/communityid.go index 9490b0414280..e2db51935a03 100644 --- a/libbeat/processors/communityid/communityid.go +++ b/libbeat/processors/communityid/communityid.go @@ -153,7 +153,7 @@ func (p *processor) buildFlow(event *beat.Event) *flowhash.Flow { return nil } sp, ok := tryToUint(v) - if !ok || sp < 1 || sp > 65535 { + if !ok || sp > 65535 { return nil } flow.SourcePort = uint16(sp) @@ -164,7 +164,7 @@ func (p *processor) buildFlow(event *beat.Event) *flowhash.Flow { return nil } dp, ok := tryToUint(v) - if !ok || dp < 1 || dp > 65535 { + if !ok || dp > 65535 { return nil } flow.DestinationPort = uint16(dp) diff --git a/libbeat/processors/communityid/communityid_test.go b/libbeat/processors/communityid/communityid_test.go index e84eb50bdae2..608787b9265d 100644 --- a/libbeat/processors/communityid/communityid_test.go +++ b/libbeat/processors/communityid/communityid_test.go @@ -67,12 +67,6 @@ func TestRun(t *testing.T) { testProcessor(t, 0, e, nil) }) - t.Run("invalid source port", func(t *testing.T) { - e := evt() - e.Put("source.port", 0) - testProcessor(t, 0, e, nil) - }) - t.Run("invalid source port1", func(t *testing.T) { e := evt() e.Put("source.port", 123456) @@ -85,12 +79,6 @@ func TestRun(t *testing.T) { testProcessor(t, 0, e, nil) }) - t.Run("invalid destination port", func(t *testing.T) { - e := evt() - e.Put("destination.port", 0) - testProcessor(t, 0, e, nil) - }) - t.Run("invalid destination port1", func(t *testing.T) { e := evt() e.Put("destination.port", 123456) @@ -142,6 +130,18 @@ func TestRun(t *testing.T) { testProcessor(t, 0, e, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI=") }) + t.Run("valid source port 0", func(t *testing.T) { + e := evt() + e.Put("source.port", 0) + testProcessor(t, 0, e, "1:yrNkRN7VyfVz1Wh12tjRHhxERxM=") + }) + + t.Run("valid destination port 0", func(t *testing.T) { + e := evt() + e.Put("destination.port", 0) + testProcessor(t, 0, e, "1:YaVkVTbWUkgn0a2QrblLOEsia9g=") + }) + t.Run("iana number", func(t *testing.T) { e := evt() e.Delete("network.transport")