登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

sqos/beats

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
amqp_parser.go 8.81 KB
一键复制 编辑 原始数据 按行查看 历史
Andrew Kroh 提交于 2017-07-21 14:47 . Remove newlines at start and end of methods (#4670)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337
package amqp



import (

	"encoding/binary"

	"time"



	"github.com/elastic/beats/libbeat/common"

	"github.com/elastic/beats/libbeat/logp"

	"github.com/elastic/beats/packetbeat/procs"

)



func (amqp *amqpPlugin) amqpMessageParser(s *amqpStream) (ok bool, complete bool) {

	for s.parseOffset < len(s.data) {



		if len(s.data[s.parseOffset:]) < 8 {

			logp.Warn("AMQP message smaller than a frame, waiting for more data")

			return true, false

		}



		yes, version := isProtocolHeader(s.data[s.parseOffset:])

		if yes {

			debugf("Client header detected, version %d.%d.%d",

				version[0], version[1], version[2])

			s.parseOffset += 8

		}



		f, err := readFrameHeader(s.data[s.parseOffset:])

		if err {

			//incorrect header

			return false, false

		} else if f == nil {

			//header not complete

			return true, false

		}



		switch f.Type {

		case methodType:

			ok, complete = amqp.decodeMethodFrame(s, f.content)

		case headerType:

			ok = amqp.decodeHeaderFrame(s, f.content)

		case bodyType:

			ok, complete = s.decodeBodyFrame(f.content)

		case heartbeatType:

			detailedf("Heartbeat frame received")

		default:

			logp.Warn("Received unknown AMQP frame")

			return false, false

		}



		// cast should be safe because f.size should not be bigger than tcp.TCP_MAX_DATA_IN_STREAM

		s.parseOffset += 8 + int(f.size)

		if !ok {

			return false, false

		} else if complete {

			return true, true

		}

	}

	return ok, complete

}



func (s *amqpStream) prepareForNewMessage() {

	s.message = nil

}



func isProtocolHeader(data []byte) (isHeader bool, version string) {

	if (string(data[:4]) == "AMQP") && data[4] == 0 {

		return true, string(data[5:8])

	}

	return false, ""

}



//func to read a frame header and check if it is valid and complete

func readFrameHeader(data []byte) (ret *amqpFrame, err bool) {

	var frame amqpFrame



	frame.size = binary.BigEndian.Uint32(data[3:7])

	if len(data) < int(frame.size)+8 {

		logp.Warn("Frame shorter than declared size, waiting for more data")

		return nil, false

	}

	if data[frame.size+7] != frameEndOctet {

		logp.Warn("Missing frame end octet in frame, discarding it")

		return nil, true

	}

	frame.Type = frameType(data[0])

	if frame.size == 0 {

		//frame content is nil with hearbeat frames

		frame.content = nil

	} else {

		frame.content = data[7 : frame.size+7]

	}

	return &frame, false

}



/*

The Method Payload, according to official doc :

0           2           4

+----------+-----------+-------------- - -

| class-id | method-id | arguments...

+----------+-----------+-------------- - -

  short       short       ...

*/



func (amqp *amqpPlugin) decodeMethodFrame(s *amqpStream, buf []byte) (bool, bool) {

	if len(buf) < 4 {

		logp.Warn("Method frame too small, waiting for more data")

		return true, false

	}

	class := codeClass(binary.BigEndian.Uint16(buf[0:2]))

	method := codeMethod(binary.BigEndian.Uint16(buf[2:4]))

	arguments := buf[4:]

	s.message.parseArguments = amqp.parseArguments

	s.message.bodySize = uint64(len(buf[4:]))



	debugf("Received frame of class %d and method %d", class, method)



	fn, exists := amqp.methodMap[class][method]

	if !exists {

		logp.Debug("amqpdetailed", "Received unknown or not supported method")

		return false, false

	}



	return fn(s.message, arguments)

}



/*

Structure of a content header, according to official doc :

0           2        4          12               14

+----------+--------+-----------+----------------+------------- - -

| class-id | weight | body size | property flags | property list...

+----------+--------+-----------+----------------+------------- - -

  short      short   long long        short         remainder...

*/



func (amqp *amqpPlugin) decodeHeaderFrame(s *amqpStream, buf []byte) bool {

	if len(buf) < 14 {

		logp.Warn("Header frame too small, waiting for mode data")

		return true

	}

	s.message.bodySize = binary.BigEndian.Uint64(buf[4:12])

	debugf("Received Header frame. A message of %d bytes is expected", s.message.bodySize)



	if amqp.parseHeaders == true {

		err := getMessageProperties(s, buf[12:])

		if err {

			return false

		}

	}

	return true

}



/*

Structure of a body frame, according to official doc :

+-----------------------+ +-----------+

| Opaque binary payload | | frame-end |

+-----------------------+ +-----------+

*/



func (s *amqpStream) decodeBodyFrame(buf []byte) (ok bool, complete bool) {

	s.message.body = append(s.message.body, buf...)



	debugf("A body frame of %d bytes long has been transmitted",

		len(buf))

	//is the message complete ? If yes, let's publish it



	complete = uint64(len(s.message.body)) >= s.message.bodySize

	return true, complete

}



func hasProperty(prop, flag byte) bool {

	return (prop & flag) == flag

}



//function to get message content-type and content-encoding

func getMessageProperties(s *amqpStream, data []byte) bool {

	m := s.message



	//properties are coded in the two first bytes

	prop1 := data[0]

	prop2 := data[1]

	var offset uint32 = 2



	//while last bit set, we have another property flag field

	for lastbit := 1; data[lastbit]&1 == 1; {

		lastbit += 2

		offset += 2

	}



	if hasProperty(prop1, contentTypeProp) {

		contentType, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get content type in header frame")

			return true

		}

		m.fields["content-type"] = contentType

		offset = next

	}



	if hasProperty(prop1, contentEncodingProp) {

		contentEncoding, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get content encoding in header frame")

			return true

		}

		m.fields["content-encoding"] = contentEncoding

		offset = next

	}



	if hasProperty(prop1, headersProp) {

		headers := common.MapStr{}

		next, err, exists := getTable(headers, data, offset)

		if !err && exists {

			m.fields["headers"] = headers

		} else if err {

			logp.Warn("Failed to get headers")

			return true

		}

		offset = next

	}



	if hasProperty(prop1, deliveryModeProp) {

		if data[offset] == 1 {

			m.fields["delivery-mode"] = "non-persistent"

		} else if data[offset] == 2 {

			m.fields["delivery-mode"] = "persistent"

		}

		offset++

	}



	if hasProperty(prop1, priorityProp) {

		m.fields["priority"] = data[offset]

		offset++

	}



	if hasProperty(prop1, correlationIDProp) {

		correlationID, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get correlation-id in header frame")

			return true

		}

		m.fields["correlation-id"] = correlationID

		offset = next

	}



	if hasProperty(prop1, replyToProp) {

		replyTo, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get reply-to in header frame")

			return true

		}

		m.fields["reply-to"] = replyTo

		offset = next

	}



	if hasProperty(prop1, expirationProp) {

		expiration, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get expiration in header frame")

			return true

		}

		m.fields["expiration"] = expiration

		offset = next

	}



	if hasProperty(prop2, messageIDProp) {

		messageID, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get message id in header frame")

			return true

		}

		m.fields["message-id"] = messageID

		offset = next

	}



	if hasProperty(prop2, timestampProp) {

		t := time.Unix(int64(binary.BigEndian.Uint64(data[offset:offset+8])), 0)

		m.fields["timestamp"] = t.Format(amqpTimeLayout)

		offset += 8

	}



	if hasProperty(prop2, typeProp) {

		msgType, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get message type in header frame")

			return true

		}

		m.fields["type"] = msgType

		offset = next

	}



	if hasProperty(prop2, userIDProp) {

		userID, next, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get user id in header frame")

			return true

		}

		m.fields["user-id"] = userID

		offset = next

	}



	if hasProperty(prop2, appIDProp) {

		appID, _, err := getShortString(data, offset+1, uint32(data[offset]))

		if err {

			logp.Warn("Failed to get app-id in header frame")

			return true

		}

		m.fields["app-id"] = appID

	}

	return false

}



func (amqp *amqpPlugin) handleAmqp(m *amqpMessage, tcptuple *common.TCPTuple, dir uint8) {

	if amqp.mustHideCloseMethod(m) {

		return

	}

	debugf("A message is ready to be handled")

	m.tcpTuple = *tcptuple

	m.direction = dir

	m.cmdlineTuple = procs.ProcWatcher.FindProcessesTuple(tcptuple.IPPort())



	if m.method == "basic.publish" {

		amqp.handlePublishing(m)

	} else if m.method == "basic.deliver" || m.method == "basic.return" ||

		m.method == "basic.get-ok" {

		amqp.handleDelivering(m)

	} else if m.isRequest == true {

		amqp.handleAmqpRequest(m)

	} else if m.isRequest == false {

		amqp.handleAmqpResponse(m)

	}

}



func (amqp *amqpPlugin) mustHideCloseMethod(m *amqpMessage) bool {

	return amqp.hideConnectionInformation == true &&

		(m.method == "connection.close" || m.method == "channel.close") &&

		getReplyCode(m.fields) < uint16(300)

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/sqos/beats.git
git@gitee.com:sqos/beats.git
sqos
beats
beats
v6.1.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
A270a887 8829481 3d7a4017 8829481