ip_proto plugin

sipcapture · Jun 18, 2024 · 3625673 · 3625673
1 parent c5e3cff
commit 3625673
Show file tree

Hide file tree

Showing 4 changed files with 124 additions and 0 deletions.
diff --git a/plugins/filters/ip_proto/README.md b/plugins/filters/ip_proto/README.md
@@ -0,0 +1,19 @@
+paStash IP Port to Protocol filter (rust)
+---
+
+Status : functional, experimental plugin.
+
+## IP Proto Filter
+
+Resolves a port number to IP protocol
+
+##### Example
+```
+filter {
+  ip_proto {
+    source_field => l4_dst_port
+    target_field => proto
+    custom => "8883:mqtt,1194:ovpn"
+  }
+}
+```
diff --git a/plugins/filters/ip_proto/filter_ipproto.js b/plugins/filters/ip_proto/filter_ipproto.js
@@ -0,0 +1,80 @@
+/*
+   Port to Protocol plugin for @pastash/pastash
+   (C) 2024 QXIP BV
+*/
+
+var base_filter = require('@pastash/pastash').base_filter,
+  util = require('util'),
+  logger = require('@pastash/pastash').logger;
+
+function FilterIPProto() {
+  base_filter.BaseFilter.call(this);
+  this.mergeConfig({
+    name: 'ip_proto',
+    optional_params: ['target_field', 'custom'],
+    host_field: 'source_field',
+    debug: false,
+    default_values: {
+      'debug': false,
+      'custom': false,
+    },
+    start_hook: this.start.bind(this)
+  });
+}
+
+var ipProto = {
+	1:   "icmp",
+	2:   "igmp",
+	6:   "tcp",
+	9:   "egp",
+	17:  "udp",
+	27:  "rdp",
+	41:  "encap-v6",
+	47:  "gre",
+	53:  "dns",
+	56:  "tlsp",
+	58:  "icmp-v6",
+	80:  "http",
+	89:  "ospf",
+	94:  "ipip",
+	123: "ntp",
+	132: "sctp",
+	443: "https",
+};
+
+util.inherits(FilterIPProto, base_filter.BaseFilter);
+
+FilterIPProto.prototype.start = function(callback) {
+ if (!this.target_field) {
+    this.target_field = this.source_field;
+  }
+  if (this.custom) {
+    var pairs = this.custom.split(',');
+    pairs.forEach(pair => {
+        let [ip, proto] = pair.split(':');
+        ipProto.push({ ip: parseInt(ip), proto: proto });
+    });
+  }
+
+  logger.info('Initializing IP protocol filter from', this.source_field, 'to', this.target_field);
+  callback();
+};
+
+FilterIPProto.prototype.process = function(data) {
+  var x = parseInt(data[this.source_field]);
+  if (x) {
+    try {
+      var result = ipProto[x];
+      if (result !== undefined && result !== null && (typeof result === 'string' || ! isNaN(result)) && result !== Infinity) {
+        data[this.target_field] = result;
+      }
+    }
+    catch(err) {
+    }
+  }
+  return data;
+};
+
+exports.create = function() {
+  return new FilterIPProto();
+};
diff --git a/plugins/filters/ip_proto/package-lock.json b/plugins/filters/ip_proto/package-lock.json
diff --git a/plugins/filters/ip_proto/package.json b/plugins/filters/ip_proto/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "@pastash/filter_ipproto",
+  "version": "1.0.0",
+  "description": "Port to Protocol plugin for @pastash/pastash",
+  "main": "filter_ipproto.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "Lorenzo Mangani <[email protected]>",
+  "license": "ISC",
+  "dependencies": {}
+}