fix: support all allowed protocol numbers (#111528)

* fix(CommunityIdProcessor): support all allowed protocol numbers

* fix(CommunityIdProcessor): update documentation

Author: pkoutsovasilis

docs/reference/ingest/processors/community-id.asciidoc

@@ -23,11 +23,12 @@ configuration is required.
 | `source_port`      | no       | `source.port` | Field containing the source port.
 | `destination_ip`   | no       | `destination.ip` | Field containing the destination IP address.
 | `destination_port` | no       | `destination.port` | Field containing the destination port.
-| `iana_number` | no | `network.iana_number` | Field containing the IANA number. The following protocol numbers are currently supported: `1` ICMP, `2` IGMP, `6` TCP, `17` UDP, `47` GRE, `58` ICMP IPv6, `88` EIGRP, `89` OSPF, `103` PIM, and `132` SCTP.
+| `iana_number` | no | `network.iana_number` | Field containing the IANA number.
 | `icmp_type`        | no       | `icmp.type`   | Field containing the ICMP type.
 | `icmp_code`        | no       | `icmp.code`   | Field containing the ICMP code.
-| `transport`        | no       | `network.transport` | Field containing the transport protocol.
-Used only when the `iana_number` field is not present.
+| `transport`        | no       | `network.transport` | Field containing the transport protocol name or number.
+Used only when the `iana_number` field is not present. The following protocol names are currently supported:
+`ICMP`, `IGMP`, `TCP`, `UDP`, `GRE`, `ICMP IPv6`, `EIGRP`, `OSPF`, `PIM`, and `SCTP`.
 | `target_field`     | no       | `network.community_id` | Output field for the community ID.
 | `seed`             | no       | `0`           | Seed for the community ID hash. Must be between
 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as

modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/CommunityIdProcessor.java

@@ -225,7 +225,7 @@ private static Flow buildFlow(
         }
         flow.protocol = Transport.fromObject(protocol);
 
-        switch (flow.protocol) {
+        switch (flow.protocol.getType()) {
             case Tcp, Udp, Sctp -> {
                 flow.sourcePort = parseIntFromObjectOrString(sourcePort.get(), "source port");
                 if (flow.sourcePort < 1 || flow.sourcePort > 65535) {
@@ -336,12 +336,12 @@ public CommunityIdProcessor create(
      */
     public static final class Flow {
 
-        private static final List<Transport> TRANSPORTS_WITH_PORTS = List.of(
-            Transport.Tcp,
-            Transport.Udp,
-            Transport.Sctp,
-            Transport.Icmp,
-            Transport.IcmpIpV6
+        private static final List<Transport.Type> TRANSPORTS_WITH_PORTS = List.of(
+            Transport.Type.Tcp,
+            Transport.Type.Udp,
+            Transport.Type.Sctp,
+            Transport.Type.Icmp,
+            Transport.Type.IcmpIpV6
         );
 
         InetAddress source;
@@ -362,20 +362,21 @@ boolean isOrdered() {
         }
 
         byte[] toBytes() {
-            boolean hasPort = TRANSPORTS_WITH_PORTS.contains(protocol);
+            Transport.Type protoType = protocol.getType();
+            boolean hasPort = TRANSPORTS_WITH_PORTS.contains(protoType);
             int len = source.getAddress().length + destination.getAddress().length + 2 + (hasPort ? 4 : 0);
             ByteBuffer bb = ByteBuffer.allocate(len);
 
             boolean isOneWay = false;
-            if (protocol == Transport.Icmp || protocol == Transport.IcmpIpV6) {
+            if (protoType == Transport.Type.Icmp || protoType == Transport.Type.IcmpIpV6) {
                 // ICMP protocols populate port fields with ICMP data
-                Integer equivalent = IcmpType.codeEquivalent(icmpType, protocol == Transport.IcmpIpV6);
+                Integer equivalent = IcmpType.codeEquivalent(icmpType, protoType == Transport.Type.IcmpIpV6);
                 isOneWay = equivalent == null;
                 sourcePort = icmpType;
                 destinationPort = equivalent == null ? icmpCode : equivalent;
             }
 
-            boolean keepOrder = isOrdered() || ((protocol == Transport.Icmp || protocol == Transport.IcmpIpV6) && isOneWay);
+            boolean keepOrder = isOrdered() || ((protoType == Transport.Type.Icmp || protoType == Transport.Type.IcmpIpV6) && isOneWay);
             bb.put(keepOrder ? source.getAddress() : destination.getAddress());
             bb.put(keepOrder ? destination.getAddress() : source.getAddress());
             bb.put(toUint16(protocol.getTransportNumber() << 8));
@@ -397,68 +398,99 @@ String toCommunityId(byte[] seed) {
         }
     }
 
-    public enum Transport {
-        Icmp(1),
-        Igmp(2),
-        Tcp(6),
-        Udp(17),
-        Gre(47),
-        IcmpIpV6(58),
-        Eigrp(88),
-        Ospf(89),
-        Pim(103),
-        Sctp(132);
-
-        private final int transportNumber;
+    static class Transport {
+        public enum Type {
+            Unknown(-1),
+            Icmp(1),
+            Igmp(2),
+            Tcp(6),
+            Udp(17),
+            Gre(47),
+            IcmpIpV6(58),
+            Eigrp(88),
+            Ospf(89),
+            Pim(103),
+            Sctp(132);
+
+            private final int transportNumber;
+
+            private static final Map<String, Type> TRANSPORT_NAMES;
+
+            static {
+                TRANSPORT_NAMES = new HashMap<>();
+                TRANSPORT_NAMES.put("icmp", Icmp);
+                TRANSPORT_NAMES.put("igmp", Igmp);
+                TRANSPORT_NAMES.put("tcp", Tcp);
+                TRANSPORT_NAMES.put("udp", Udp);
+                TRANSPORT_NAMES.put("gre", Gre);
+                TRANSPORT_NAMES.put("ipv6-icmp", IcmpIpV6);
+                TRANSPORT_NAMES.put("icmpv6", IcmpIpV6);
+                TRANSPORT_NAMES.put("eigrp", Eigrp);
+                TRANSPORT_NAMES.put("ospf", Ospf);
+                TRANSPORT_NAMES.put("pim", Pim);
+                TRANSPORT_NAMES.put("sctp", Sctp);
+            }
 
-        private static final Map<String, Transport> TRANSPORT_NAMES;
+            Type(int transportNumber) {
+                this.transportNumber = transportNumber;
+            }
 
-        static {
-            TRANSPORT_NAMES = new HashMap<>();
-            TRANSPORT_NAMES.put("icmp", Icmp);
-            TRANSPORT_NAMES.put("igmp", Igmp);
-            TRANSPORT_NAMES.put("tcp", Tcp);
-            TRANSPORT_NAMES.put("udp", Udp);
-            TRANSPORT_NAMES.put("gre", Gre);
-            TRANSPORT_NAMES.put("ipv6-icmp", IcmpIpV6);
-            TRANSPORT_NAMES.put("icmpv6", IcmpIpV6);
-            TRANSPORT_NAMES.put("eigrp", Eigrp);
-            TRANSPORT_NAMES.put("ospf", Ospf);
-            TRANSPORT_NAMES.put("pim", Pim);
-            TRANSPORT_NAMES.put("sctp", Sctp);
+            public int getTransportNumber() {
+                return transportNumber;
+            }
         }
 
-        Transport(int transportNumber) {
+        private Type type;
+        private int transportNumber;
+
+        Transport(int transportNumber, Type type) { // Change constructor to public
             this.transportNumber = transportNumber;
+            this.type = type;
+        }
+
+        Transport(Type type) { // Change constructor to public
+            this.transportNumber = type.getTransportNumber();
+            this.type = type;
+        }
+
+        public Type getType() {
+            return this.type;
         }
 
         public int getTransportNumber() {
             return transportNumber;
         }
 
         public static Transport fromNumber(int transportNumber) {
-            return switch (transportNumber) {
-                case 1 -> Icmp;
-                case 2 -> Igmp;
-                case 6 -> Tcp;
-                case 17 -> Udp;
-                case 47 -> Gre;
-                case 58 -> IcmpIpV6;
-                case 88 -> Eigrp;
-                case 89 -> Ospf;
-                case 103 -> Pim;
-                case 132 -> Sctp;
-                default -> throw new IllegalArgumentException("unknown transport protocol number [" + transportNumber + "]");
+            if (transportNumber < 0 || transportNumber >= 255) {
+                // transport numbers range https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+                throw new IllegalArgumentException("invalid transport protocol number [" + transportNumber + "]");
+            }
+
+            Type type = switch (transportNumber) {
+                case 1 -> Type.Icmp;
+                case 2 -> Type.Igmp;
+                case 6 -> Type.Tcp;
+                case 17 -> Type.Udp;
+                case 47 -> Type.Gre;
+                case 58 -> Type.IcmpIpV6;
+                case 88 -> Type.Eigrp;
+                case 89 -> Type.Ospf;
+                case 103 -> Type.Pim;
+                case 132 -> Type.Sctp;
+                default -> Type.Unknown;
             };
+
+            return new Transport(transportNumber, type);
         }
 
         public static Transport fromObject(Object o) {
             if (o instanceof Number number) {
                 return fromNumber(number.intValue());
             } else if (o instanceof String protocolStr) {
                 // check if matches protocol name
-                if (TRANSPORT_NAMES.containsKey(protocolStr.toLowerCase(Locale.ROOT))) {
-                    return TRANSPORT_NAMES.get(protocolStr.toLowerCase(Locale.ROOT));
+                if (Type.TRANSPORT_NAMES.containsKey(protocolStr.toLowerCase(Locale.ROOT))) {
+                    return new Transport(Type.TRANSPORT_NAMES.get(protocolStr.toLowerCase(Locale.ROOT)));
                 }
 
                 // check if convertible to protocol number

modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CommunityIdProcessorTests.java

@@ -166,14 +166,30 @@ public void testBeatsProtocolNumber() throws Exception {
         testCommunityIdProcessor(event, "1:D3t8Q1aFA6Ev0A/AO4i9PnU3AeI=");
     }
 
-    public void testBeatsIanaNumber() throws Exception {
+    public void testBeatsIanaNumberProtocolTCP() throws Exception {
         @SuppressWarnings("unchecked")
         var network = (Map<String, Object>) event.get("network");
         network.remove("transport");
-        network.put("iana_number", CommunityIdProcessor.Transport.Tcp.getTransportNumber());
+        network.put("iana_number", CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber());
         testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg=");
     }
 
+    public void testBeatsIanaNumberProtocolIPv4() throws Exception {
+        @SuppressWarnings("unchecked")
+        var network = (Map<String, Object>) event.get("network");
+        network.put("iana_number", "4");
+        network.remove("transport");
+        @SuppressWarnings("unchecked")
+        var source = (Map<String, Object>) event.get("source");
+        source.put("ip", "192.168.1.2");
+        source.remove("port");
+        @SuppressWarnings("unchecked")
+        var destination = (Map<String, Object>) event.get("destination");
+        destination.put("ip", "10.1.2.3");
+        destination.remove("port");
+        testCommunityIdProcessor(event, "1:KXQzmk3bdsvD6UXj7dvQ4bM6Zvw=");
+    }
+
     public void testIpv6() throws Exception {
         @SuppressWarnings("unchecked")
         var source = (Map<String, Object>) event.get("source");
@@ -201,10 +217,10 @@ public void testStringAndNumber() throws Exception {
         @SuppressWarnings("unchecked")
         var network = (Map<String, Object>) event.get("network");
         network.remove("transport");
-        network.put("iana_number", CommunityIdProcessor.Transport.Tcp.getTransportNumber());
+        network.put("iana_number", CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber());
         testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg=");
 
-        network.put("iana_number", Integer.toString(CommunityIdProcessor.Transport.Tcp.getTransportNumber()));
+        network.put("iana_number", Integer.toString(CommunityIdProcessor.Transport.Type.Tcp.getTransportNumber()));
         testCommunityIdProcessor(event, "1:LQU9qZlK+B5F3KDmev6m5PMibrg=");
 
         // protocol number
@@ -359,8 +375,13 @@ private void testCommunityIdProcessor(Map<String, Object> source, int seed, Stri
     }
 
     public void testTransportEnum() {
-        for (CommunityIdProcessor.Transport t : CommunityIdProcessor.Transport.values()) {
-            assertThat(CommunityIdProcessor.Transport.fromNumber(t.getTransportNumber()), equalTo(t));
+        for (CommunityIdProcessor.Transport.Type t : CommunityIdProcessor.Transport.Type.values()) {
+            if (t == CommunityIdProcessor.Transport.Type.Unknown) {
+                expectThrows(IllegalArgumentException.class, () -> CommunityIdProcessor.Transport.fromNumber(t.getTransportNumber()));
+                continue;
+            }
+
+            assertThat(CommunityIdProcessor.Transport.fromNumber(t.getTransportNumber()).getType(), equalTo(t));
         }
     }