diff --git a/.clang-format b/.clang-format index ba68f4877..2507b44e8 100644 --- a/.clang-format +++ b/.clang-format @@ -6,6 +6,7 @@ AlwaysBreakBeforeMultilineStrings: true AlignAfterOpenBracket: AlwaysBreak AllowAllArgumentsOnNextLine: false AllowAllParametersOfDeclarationOnNextLine: false +AllowShortIfStatementsOnASingleLine: Never AllowShortFunctionsOnASingleLine: Inline AlwaysBreakTemplateDeclarations: Yes BinPackArguments: false @@ -23,6 +24,16 @@ SpaceAfterTemplateKeyword: false SpaceInEmptyBlock: false SpacesInContainerLiterals: false PointerAlignment: Left -UseTab: false -IndentWidth: 4 +TabWidth: '4' +UseTab: ForContinuationAndIndentation + +SortIncludes: true +IncludeBlocks: Regroup +IncludeCategories: + - Regex: '^"(.*)"$' + Priority: 1 + - Regex: '^<[^>]*\.(h|hpp)>$' + Priority: 3 + - Regex: '^<.*>$' + Priority: 2 ... diff --git a/.clang-tidy b/.clang-tidy new file mode 100644 index 000000000..b06611ac6 --- /dev/null +++ b/.clang-tidy @@ -0,0 +1,75 @@ +--- +Checks: ' + -*, + bugprone-*, + clang-analyzer-*, + clang-diagnostic-*, + concurrency-mt-unsafe, + cppcoreguidelines-no-malloc, + misc-*, + modernize-*, + performance-*, + readability-*, + -misc-include-cleaner, + -misc-new-delete-overloads, + -misc-no-recursion, + -misc-use-anonymous-namespace, + -modernize-use-trailing-return-type, + -modernize-use-nodiscard, + -modernize-avoid-c-arrays, + -bugprone-easily-swappable-parameters, + -bugprone-multi-level-implicit-pointer-conversion, + -performance-enum-size, + -readability-avoid-nested-conditional-operator' +FormatStyle: file +WarningsAsErrors: '*' + +CheckOptions: + - key: readability-identifier-naming.ClassCase + value: 'CamelCase' + - key: readability-identifier-naming.ClassConstantCase + value: 'UPPER_CASE' + - key: readability-identifier-naming.ClassMemberCase + value: 'camelBack' + - key: readability-identifier-naming.ClassMemberPrefix + value: 's_' + - key: readability-identifier-naming.ClassMethodCase + value: 'camelBack' + - key: readability-identifier-naming.ConstantMemberCase + value: 'UPPER_CASE' + - key: readability-identifier-naming.EnumConstantCase + value: 'UPPER_CASE' + - key: readability-identifier-naming.FunctionCase + value: 'camelBack' + - key: readability-identifier-naming.GlobalVariablePrefix + value: 'g_' + - key: readability-identifier-naming.GlobalConstantPrefix + value: '' + - key: readability-identifier-naming.MacroDefinitionCase + value: 'UPPER_CASE' + - key: readability-identifier-naming.MemberCase + value: 'camelBack' + - key: readability-identifier-naming.NamespaceCase + value: 'lower_case' + - key: readability-identifier-naming.ParameterCase + value: 'camelBack' + - key: readability-identifier-naming.PrivateMemberPrefix + value: 'm_' + - key: readability-identifier-naming.ProtectedMemberPrefix + value: 'm_' + - key: readability-identifier-naming.StructCase + value: 'CamelCase' + - key: readability-identifier-naming.TypeAliasCase + value: 'CamelCase' + - key: readability-identifier-naming.TypeAliasIgnoredRegexp + value: '^.*_type$|^.*_category$|^.*reference$|^.*iterator$|^.*pointer$' + - key: readability-identifier-naming.VariableCase + value: 'camelBack' + + - key: misc-non-private-member-variables-in-classes.IgnoreClassesWithAllMemberVariablesBeingPublic + value: True + - key: readability-magic-numbers.IgnorePowersOf2IntegerValues + value: True + - key: readability-magic-numbers.IgnoredIntegerValues + value: '0;1;2;3;4;255;65535;4294967295' +... diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..a6b5dddad --- /dev/null +++ b/.editorconfig @@ -0,0 +1,17 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true +charset = utf-8 + +[Makefile] +indent_style = tab + +[{CMakeLists.txt,*.cmake}] +indent_style = tab + +[*.{yaml,yml}] +indent_style = space +indent_size = 2 diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml new file mode 100644 index 000000000..bc600623c --- /dev/null +++ b/.github/actions/install-dependencies/action.yml @@ -0,0 +1,83 @@ +name: 'Install Dependencies' +description: 'Install required dependencies in container' + +inputs: + clang-tools: + description: 'Install clang & clang-tools-extra' + required: false + default: false + + pcap: + description: 'Install libpcap-devel' + required: false + default: false + + nfb: + description: 'Install nfb-framework dependencies' + required: false + default: false + + dpdk: + description: 'Install DPDK dependencies' + required: false + default: false + + nemea: + description: 'Install NEMEA dependencies' + required: false + default: false + + tests: + description: 'Install dependencies for tests' + required: false + default: false + +runs: + using: 'composite' + steps: + - name: Install build dependencies + shell: bash + run: | + dnf config-manager --set-enabled ol9_codeready_builder + dnf install -y dnf-plugins-core epel-release + dnf install -y make gcc-c++ cmake3 git rpm-build + dnf install -y fuse3-devel openssl-devel gcc-toolset-14-libatomic-devel libunwind-devel lz4-devel + + - name: Install clang tools + if: ${{ inputs.clang-tools == 'true' }} + shell: bash + run: | + dnf install -y clang clang-tools-extra + + - name: Install libpcap-devel + if: ${{ inputs.pcap == 'true' }} + shell: bash + run: | + dnf install -y libpcap-devel + + - name: Install nfb-framework dependencies + if: ${{ inputs.nfb == 'true' }} + shell: bash + run: | + dnf copr enable @CESNET/nfb-framework + dnf install -y nfb-framework numactl-devel + + - name: Install DPDK dependencies + if: ${{ inputs.dpdk == 'true' }} + shell: bash + run: | + dnf install -y dpdk-devel + + - name: Install NEMEA dependencies + if: ${{ inputs.nemea == 'true' }} + shell: bash + run: | + dnf copr enable @CESNET/NEMEA-stable + dnf install -y nemea-framework-devel + + - name: Install dependencies for tests + if: ${{ inputs.tests == 'true' }} + shell: bash + run: | + dnf copr enable @CESNET/NEMEA-stable + dnf install -y nemea-modules diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..ab5bc1480 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,34 @@ +name: build + +on: + workflow_call: + inputs: + os: + required: true + type: string + +jobs: + build: + runs-on: ubuntu-latest + container: ${{ inputs.os }} + steps: + - name: Install git + run: dnf install -y git + - name: Check out repository code + uses: actions/checkout@v4 + - name: Install dependencies + uses: ./.github/actions/install-dependencies + with: + pcap: true + dpdk: true + nfb: true + - name: Mark github workspace as safe + run: git config --system --add safe.directory $PWD + - name: Create build directory + run: mkdir build + - name: Configure CMake + run: | + cd build + cmake3 .. -DCMAKE_BUILD_TYPE=Debug -DENABLE_INPUT_PCAP=ON -DENABLE_INPUT_DPDK=ON -DENABLE_INPUT_NFB=ON -DENABLE_PROCESS_EXPERIMENTAL=ON + - name: make + run: make diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml deleted file mode 100644 index cb4919c48..000000000 --- a/.github/workflows/c-cpp.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Build and Checks - -on: - push: - branches: '*' - pull_request: - branches: '*' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - submodules: recursive - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get -y install git build-essential autoconf libtool libpcap-dev pkg-config libxml2-dev libunwind-dev libfuse3-dev fuse3 cmake liblz4-dev - ( git clone --depth 1 https://github.com/CESNET/nemea-framework /tmp/nemea-framework; cd /tmp/nemea-framework; ./bootstrap.sh &&./configure --bindir=/usr/bin/nemea/ -q &&make -j10 && sudo make install; sudo ldconfig) - ( git clone --depth 1 https://github.com/CESNET/nemea-modules /tmp/nemea-modules; cd /tmp/nemea-modules; ./bootstrap.sh &&./configure --bindir=/usr/bin/nemea/ -q &&make -j10 && sudo make install; ) - ( git clone -b release --depth 1 https://github.com/CESNET/telemetry /tmp/telemetry; cd /tmp/telemetry; mkdir build && cd build; cmake -DCMAKE_INSTALL_PREFIX=/usr .. &&make -j10 && sudo make install; ) - - name: autoreconf - run: autoreconf -i - - name: configure - run: ./configure --with-raw --with-pcap --with-nemea --with-gtest - - name: make - run: make - - name: make check - run: make check - - name: make distcheck - run: make distcheck - - name: configure with debug - run: ./configure --with-raw --with-pcap --with-nemea --with-gtest --enable-debug CXXFLAGS=-coverage CFLAGS=-coverage LDFLAGS=-lgcov - - name: rebuild and check - run: make clean; make check - - uses: codecov/codecov-action@v4 - with: - flags: tests # optional - name: ipfixprobe # optional - fail_ci_if_error: true # optional (default = false) - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - gcov: true diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 000000000..eaa63905c --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,27 @@ +name: check + +on: [workflow_call] + +jobs: + clang-checks: + runs-on: ubuntu-latest + container: oraclelinux:9 + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Install dependencies + uses: ./.github/actions/install-dependencies + with: + clang-tools: true + pcap: true + - name: make format-check + run: make format + + editor-config: + runs-on: ubuntu-latest + container: mstruebing/editorconfig-checker + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Check editorconfig + run: ec --exclude .git --exclude tests/functional/inputs diff --git a/.github/workflows/ciEntryPoint.yml b/.github/workflows/ciEntryPoint.yml new file mode 100644 index 000000000..ba4f9065e --- /dev/null +++ b/.github/workflows/ciEntryPoint.yml @@ -0,0 +1,56 @@ +name: Continuous Integration pipeline + +on: push + +jobs: + check: + uses: ./.github/workflows/check.yml + build-os-matrix: + needs: check + runs-on: ubuntu-latest + outputs: + os: ${{ steps.os.outputs.os }} + steps: + - name: Build OS Array + id: os + run: | + osArray=() + osArray+=("oraclelinux:9") + osArray=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${osArray[@]}") + echo "Updated os list: $osArray" + echo "os=$osArray" >> $GITHUB_OUTPUT + build: + needs: [build-os-matrix] + strategy: + matrix: + os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} + uses: ./.github/workflows/build.yml + with: + os: ${{ matrix.os }} + + make-tests: + needs: [build-os-matrix] + strategy: + matrix: + os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} + uses: ./.github/workflows/tests.yml + with: + os: ${{ matrix.os }} + + rpm-build: + needs: [build-os-matrix] + strategy: + matrix: + os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} + uses: ./.github/workflows/rpm-build.yml + with: + os: ${{ matrix.os }} + + rpm-install: + needs: [build-os-matrix, rpm-build] + strategy: + matrix: + os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} + uses: ./.github/workflows/rpm-install.yml + with: + os: ${{ matrix.os }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 00e4d2194..000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '33 12 * * 6' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get -y install git build-essential autoconf libtool libpcap-dev pkg-config libxml2-dev libfuse3-dev fuse3 cmake liblz4-dev - ( git clone --depth 1 https://github.com/CESNET/nemea-framework /tmp/nemea-framework; cd /tmp/nemea-framework; ./bootstrap.sh &&./configure --bindir=/usr/bin/nemea/ -q &&make -j10 && sudo make install; sudo ldconfig) - ( git clone -b release --depth 1 https://github.com/CESNET/telemetry /tmp/telemetry; cd /tmp/telemetry; mkdir build && cd build; cmake -DCMAKE_INSTALL_PREFIX=/usr .. &&make -j10 && sudo make install; ) - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - #- name: Autobuild - # uses: github/codeql-action/autobuild@v2 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - name: Build - run: | - autoreconf -i - ./configure --with-nemea - make - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml deleted file mode 100644 index 779022b6d..000000000 --- a/.github/workflows/coverity.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: coverity - -on: - push: - branches: 'coverity' - pull_request: - branches: 'master' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get -y install git build-essential autoconf libtool libpcap-dev pkg-config libxml2-dev libfuse3-dev fuse3 cmake liblz4-dev - ( git clone --depth 1 https://github.com/CESNET/nemea-framework /tmp/nemea-framework; cd /tmp/nemea-framework; ./bootstrap.sh &&./configure --bindir=/usr/bin/nemea/ -q &&make -j10 && sudo make install; sudo ldconfig) - ( git clone --depth 1 https://github.com/CESNET/nemea-modules /tmp/nemea-modules; cd /tmp/nemea-modules; ./bootstrap.sh &&./configure --bindir=/usr/bin/nemea/ -q &&make -j10 && sudo make install; ) - ( git clone -b release --depth 1 https://github.com/CESNET/telemetry /tmp/telemetry; cd /tmp/telemetry; mkdir build && cd build; cmake -DCMAKE_INSTALL_PREFIX=/usr .. &&make -j10 && sudo make install; ) - - name: autoreconf - run: autoreconf -i - - name: configure - run: ./configure --with-nemea - - uses: vapier/coverity-scan-action@v1 - with: - email: cejkat@cesnet.cz - token: ${{ secrets.COVERITY_SCAN_TOKEN }} diff --git a/.github/workflows/rpm-build.yml b/.github/workflows/rpm-build.yml new file mode 100644 index 000000000..79d94c4a2 --- /dev/null +++ b/.github/workflows/rpm-build.yml @@ -0,0 +1,52 @@ +name: rpm-build + +on: + workflow_call: + inputs: + os: + required: true + type: string + +jobs: + rpm-build: + runs-on: ubuntu-latest + container: ${{ inputs.os }} + steps: + - name: Install git + run: dnf install -y git + - name: Check out repository code + uses: actions/checkout@v4 + - name: Install dependencies + uses: ./.github/actions/install-dependencies + with: + pcap: true + dpdk: true + nfb: true + nemea: true + + - name: Mark github workspace as safe + run: git config --system --add safe.directory $PWD + - name: Create build directory + run: mkdir build + - name: Configure CMake to make rpm + run: | + cd build + cmake3 .. -DCMAKE_BUILD_TYPE=Release -DENABLE_INPUT_PCAP=ON -DENABLE_INPUT_DPDK=ON -DENABLE_INPUT_NFB=ON -DENABLE_PROCESS_EXPERIMENTAL=ON + make rpm + - name: make rpm-msec + run: make rpm-msec + - name: make rpm-nemea + run: | + cd build + cmake3 .. -DCMAKE_BUILD_TYPE=Release -DENABLE_OUTPUT_UNIREC=ON + make rpm-nemea + - name: extract artifact name + run: | + OS=${{ inputs.os }} + echo "artifactName=$(echo ${OS/:/}-rpm)" >> $GITHUB_ENV + - name: upload RPM artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ env.artifactName }} + path: ./build/pkg/rpm/rpmbuild/RPMS/x86_64 + retention-days: 1 diff --git a/.github/workflows/rpm-install.yml b/.github/workflows/rpm-install.yml new file mode 100644 index 000000000..21949816e --- /dev/null +++ b/.github/workflows/rpm-install.yml @@ -0,0 +1,33 @@ +name: rpm-install + +on: + workflow_call: + inputs: + os: + required: true + type: string + +jobs: + rpm-install: + runs-on: ubuntu-latest + container: ${{ inputs.os }} + steps: + - name: Install dependencies + run: | + dnf config-manager --set-enabled ol9_codeready_builder + dnf install -y dnf-plugins-core epel-release + dnf copr enable @CESNET/nfb-framework + dnf copr enable @CESNET/NEMEA-stable + - name: extract artifact name + run: | + OS=${{ inputs.os }} + echo "artifactName=$(echo ${OS/:/}-rpm)" >> $GITHUB_ENV + - name: download RPM artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.artifactName }} + - name: install RPM artifact + run: | + dnf install -y $(ls *.rpm | grep -Ev 'ipfixprobe-msec|ipfixprobe-nemea|ipfixprobe-output-unirec|debuginfo|debugsource') + dnf install -y $(ls ipfixprobe-msec-*.rpm | grep -Ev 'debuginfo|debugsource') --allowerasing + dnf install -y $(ls ipfixprobe-nemea-*.rpm ipfixprobe-output-unirec*.rpm | grep -Ev 'debuginfo|debugsource') --allowerasing diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..34933eee8 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,36 @@ +name: build + +on: + workflow_call: + inputs: + os: + required: true + type: string + +jobs: + tests: + runs-on: ubuntu-latest + container: ${{ inputs.os }} + steps: + - name: Install git + run: dnf install -y git + - name: Check out repository code + uses: actions/checkout@v4 + - name: Install dependencies + uses: ./.github/actions/install-dependencies + with: + pcap: true + nemea: true + tests: true + - name: Mark github workspace as safe + run: git config --system --add safe.directory $PWD + - name: Create build directory + run: mkdir build + - name: Configure CMake + run: | + cd build + cmake3 .. -DENABLE_NEMEA=ON -DENABLE_INPUT_PCAP=ON -DENABLE_OUTPUT_UNIREC=ON -DENABLE_PROCESS_EXPERIMENTAL=ON -DENABLE_TESTS=ON + - name: make tests + run: | + make + make tests diff --git a/.gitignore b/.gitignore index 4c9d4ebba..88e0a554c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,123 +1,9 @@ -# http://www.gnu.org/software/automake -Makefile.in -/ar-lib -/mdate-sh -/py-compile -/test-driver -/ylwrap -.deps/ -nfbCInterface/.deps/ -.dirstamp +# Default build directory +build/ -# http://www.gnu.org/software/autoconf +# Visual Studio files +.vscode/ -autom4te.cache -/autoscan.log -/autoscan-*.log -/aclocal.m4 -/compile -/config.guess -/config.h.in -/config.log -/config.status -/config.sub -/configure -/configure.scan -/depcomp -/install-sh -/missing -/stamp-h1 - -# https://www.gnu.org/software/libtool/ - -/ltmain.sh - -# http://www.gnu.org/software/texinfo - -/texinfo.tex - -# http://www.gnu.org/software/m4/ - -m4/libtool.m4 -m4/ltoptions.m4 -m4/ltsugar.m4 -m4/ltversion.m4 -m4/lt~obsolete.m4 - -# Generated Makefile -# (meta build system like autotools, -# can automatically generate from config.status script -# (which is called by configure script)) -Makefile - -# Prerequisites -*.d - -# Compiled Object files -*.slo -*.lo -*.o -*.obj - -# Precompiled Headers -*.gch -*.pch - -# Compiled Dynamic libraries -*.so -*.dylib -*.dll - -# Fortran module files -*.mod -*.smod - -# Compiled Static libraries -*.lai -*.la -*.a -*.lib - -# Executables -*.exe -*.out -*.app - - -# Generated Ipfixprobe Files -config.h -.idea/ -ipfixprobe.bash -ipfixprobe.spec -libtool -fields.c -fields.h -ipfixprobe-nemea.* -ipfixprobe -ipfixprobe_stats -ipfixprobe-*.tar.gz - -# Test Outputs -tests/*/*.log -tests/*/*.trs -tests/output/ -tests/functional/output -# Unit test binaries -tests/unit/byte_utils -tests/unit/flowifc -tests/unit/options -tests/unit/unirec -tests/unit/utils - -# Mac Finder metafile -**/.DS_Store - -# vscode settings files -.vscode - -# jekyll files -docs/_site/ -docs/.sass-cache/ -docs/.jekyll-metadata/ -docs/.jekyll-cache/ \ No newline at end of file +# Clangd cache files +.clang/ diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 8cf8b5e33..000000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "googletest"] - path = googletest - url = https://github.com/google/googletest.git diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 1ba5f2bff..000000000 --- a/.travis.yml +++ /dev/null @@ -1,36 +0,0 @@ -language: c -compiler: - - gcc - -env: - global: - # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created - # via the "travis encrypt" command using the project repo's public key - - secure: "Xa7VWMjBIw16U/WN0AzI2QHq36OgVSyGsEUElP/wRzfMjXjIh2a0qa6xOui305Az7jBb3/aF5p15pETif9WK4HUs9lXtNOaSRN0+kXX7zKnt4gehr1T659yc7T4hTuxNilEQPjk9Rmw4NfXo89jrYMvV1bTNxVXQg0FZu7SO7COCsyCs2mKj1GtqEJSgYL9epaByPmaG8QA8A+8sGRDZhB1tqeiYeBlramlqkleNHnRF7Hw+gfH44wLuK9RnRNXV0O3C4wQDqZukBXudODWZHDeqZ+EXawW72yh4Y+0lltis3fDoOzJKYvRvelah0lszrdBz48EZdYhp7UbeuxVKnNn7nb4F5I64I4p6yzHnjWJFV2KLxutLjcrNUZlDrLC7hy274dIrUwhlAHMIqjkJuABWNRzyluzYbe1cN8EL4p+pQdfsWousLlLBGrkjTgsdBm7NFiwpYqoQZQMig/0Yloxf2d+Xxbsujk+GF0fn8vMLYZzR0RLQDNjbrzuv59fnWLH3htfPX0+xJctsrXKR2cptk3q1JLSmCXloEgvt5iwYu805IA+tjzGcLAHt4VsOJe+gXFoQmxlnFwL2jwACjkLx7B2sUM5FnnKyC4wzI6yUQIJ3W3ZsFX0n3iT8gmfBr0ewTPQz4TZXM2hj4ZeAfzUvxszI44f41TZUiOBIraw=" - -addons: - apt: - sources: - - ubuntu-toolchain-r-test - packages: - - gawk - - gcc-multilib - - g++ - - autoconf - - autoconf - - pkg-config - - make - - automake - - libpcap-dev - coverity_scan: - project: - name: "CESNET/ipfixprobe" - description: "Build submitted via Travis CI" - notification_email: warband.times@gmail.com - build_command_prepend: "autoreconf -i && ./configure" - build_command: "make -j2" - branch_pattern: coverity - -script: - - autoreconf -i && ./configure && make -j2 - diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 000000000..9fcc909a2 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,68 @@ +cmake_minimum_required(VERSION 3.22) + +set(VERSION_MAJOR 5) +set(VERSION_MINOR 0) +set(VERSION_PATCH 0) +set(VERSION ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}) + +project(ipfixprobe VERSION ${VERSION} LANGUAGES CXX C) + +include(cmake/build_type.cmake) +include(cmake/installation.cmake) + +set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules) + +option(ENABLE_INPUT_PCAP "Enable build of input PCAP plugin" OFF) +option(ENABLE_INPUT_DPDK "Enable build of input DPDK plugin" OFF) +option(ENABLE_INPUT_NFB "Enable build of input NFB plugin" OFF) +option(ENABLE_OUTPUT_UNIREC "Enable build of output UNIREC plugin" OFF) +option(ENABLE_PROCESS_EXPERIMENTAL "Enable build of experimental process plugins" OFF) +option(ENABLE_MILISECONDS_TIMESTAMP "Compile ipfixprobe with miliseconds timestamp precesion" OFF) +option(ENABLE_NEMEA "Enable build of NEMEA plugins" OFF) + +option(ENABLE_RPMBUILD "Enable build of RPM package" ON) +option(ENABLE_TESTS "Build tests (make test)" OFF) + +if(ENABLE_MILISECONDS_TIMESTAMP) + add_compile_definitions(IPXP_TS_MSEC) +endif() + +if(ENABLE_NEMEA) + add_compile_definitions(WITH_NEMEA) +endif() + +set(CMAKE_C_STANDARD 11) +set(CMAKE_C_STANDARD_REQUIRED ON) +set(CMAKE_C_EXTENSIONS ON) + +set(CMAKE_CXX_STANDARD 20) +set(CMAKE_CXX_STANDARD_REQUIRED ON) +set(CMAKE_CXX_EXTENSIONS ON) + +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O3") +set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g -ggdb3") + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra") +set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -O3") +set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -g -ggdb3") + +include(cmake/dependencies.cmake) + +add_subdirectory(external) +add_subdirectory(src) +add_subdirectory(pkg) +add_subdirectory(init) + +if (ENABLE_TESTS) + if (NOT ENABLE_NEMEA OR NOT ENABLE_OUTPUT_UNIREC OR NOT ENABLE_INPUT_PCAP) + message(FATAL_ERROR + "ENABLE_TESTS requires ENABLE_NEMEA, " + "ENABLE_INPUT_PCAP and ENABLE_OUTPUT_UNIREC to be enabled." + ) + endif() + enable_testing() + add_subdirectory(tests) +endif() diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 18668f249..000000000 --- a/ChangeLog +++ /dev/null @@ -1,317 +0,0 @@ -2025-02-14 ipfixprobe-4.16.0 - * Parser: Fix packet parsing issue when --with-pcap is enabled - * DPDK: Increase default mempool size from 4096 to 8192 - * DPDK: Set RX queue size as (mempool size / 2) - * DPDK: Fix multiple DPDK telemetry files registration - -2024-12-27 ipfixprobe-4.15.0 - * dpdk: Add DPDK telemetry - * dpdk: add DPDK port telemetry - * dpdk: fix RSS configuration - * ipfix-elements: fix NTP_USEC_TO_FRAC macro - * docs: revision of web page - * README: update telemetry section - -2024-11-14 ipfixprobe-4.14.0 - * dpdk: set mempool size as rx queue size - -2024-10-17 ipfixprobe-4.13.0 - * usability: introduce docker/podman container to convert PCAP files to CSV - * IPFIX: fix order of TCP options flags - * basicplus: update TCP options mask across flow packets - * utils: introduce memcpy_le32toh() for ipfix representation - * wg: fix parsing and exporting byte order (IPFIX) - * DPDK-ring: optimization: prefetch; read timestamp from HW metadata if available - * cache: optimization - prefetch - * IPv6: fix header parsing - * DPDK&DPDK-ring: fix use of parse_packet(), skip invalid packets causing crash - -2024-08-28 ipfixprobe-4.12.0 - * ipfix plugin: support lz4 compression - * ipfixprobe: possibility to set workers affinity - * parser: fix ipv6 extension header parsing - * telemetry: supports telemetry over appFs - * build: c++ standard gnu++17 - * dpdk: set mtu, fixes - * mqtt: new process plugin - * tls plugin: fix, extract more flow details - * ndp: support new firmware timestamps - * flowcache: introduce fragmentation cache - * QUIC: refactor, extract more flow details - -2023-10-30 ipfixprobe-4.11.1 - * minor bugfixes to build on openwrt - -2023-10-18 ipfixprobe-4.11.0 - * ipfix - propose new variable (ipfix template refresh rate) - * vlan plugin: fix ipfix output - -2023-10-03 ipfixprobe-4.10.0 - * dpdk: improvement of config and init script - * QUIC: bugfixes and checks - * GRE: add new plugin to export GRE tunnel information - * VLAN: add new plugin to export VLAN information - * Flow Hash: add new plugin to export Flow Hash field - * Nettisa: optimization - skip for short flows - * icmp: add new plugin to export ICMP information - * flow cache: improve hashing to incorporate VLAN info - * bugfixes - templates and byte encoding (HTTP) - * statistics: improved monitoring capabality, added additional statistics - -2023-07-21 ipfixprobe-4.9.2 - * NetTiSA: Fix time comparison, handle Nan values - -2023-07-18 ipfixprobe-4.9.1 - * NetTiSA: Add new NetTisa process plugin - * OVPN: Imporovments (Added rtp header validation function, Improve detection) - * HTTP: Add parsing HTTP response headers server and set-cookie names - * ICMP: Add new ICMP process plugin - * Code format: Changing uncrustify to clang format - -2023-06-01 ipfixprobe-4.9.0 - * flow cache: add VLAN ID to the flow key - * SSADetector: detect SYN-SYNACK-ACK sequence to detect VPN within exiting connection - * ovpn: enhanced algorithm to minimize false positives - * optimization: do not export some additional info for short flows - * dpdk: allow running as a secondary DPDK process, reading from mring - * dpdk: allow reading from multiple port of the network interface - * init: improve config & service to set `lcores` - -2023-05-16 ipfixprobe-4.8.0 - * DPDK: bugfix of HW timestamps - * DPDK: compliance, different constant names - * pstats: bugfix of recognition of zero length packets - * SSADetector: add new plugin to detect possible SYN-SYNACK-ACK - -2023-03-27 ipfixprobe-4.7.4 - * Support parsing of ipv6 mobility header - * Support TLS v1.3 - * Support of extracting TLS version from handshake extension - -2023-02-13 ipfixprobe-4.7.3 - * Stats: Improve Input & Output pugin stats - * Tls: fix buffer overflow error (causes crashing) - -2022-12-29 ipfixprobe-4.7.2 - * rpm hotfix: disable automatic setting of hardening flags - * dpdk: bugfixes - * dpdk: changed RSS setting to use IP only - * improved ipfixprobed - -2022-12-12 ipfixprobe-4.7.1 - * http: Removed trailing '\r' from HTTP exported fields - * tcp: fixed seq&ack tracking - * dpdk: reworked plugin - -2022-10-03 ipfixprobe-4.7.0 - * dpdk: support for multi-queues - * dpdk: improved config file and init script - * flexprobe: changed flexprobe packet conversion to zero-copy mode - * build: bugfix - fixed missing -PIC - * tls: bugfix - replaced bad data type - -2022-07-26 ipfixprobe-4.6.0 - * QUIC: refactor plugin, version 2 added - * Zero-copy packet processing - * deb: add config files to generate deb package - * xxhash update - * Remove std::future feature for workers terminations - -2022-03-11 ipfixprobe-4.5.0 - * Fixed variable-length IE IPFIX export (quic, http, tls) - * QUIC plugin: Export of new information elements in QUIC plugin - * FIXED wrong export reason - * FIXED mistakes in README - * enhancement: PHists, PStats do not export data for single-packet flow - * turris: add CPP if macros to skip debug prints - -2022-02-14 ipfixprobe-4.4.0 - * added DLT_RAW link-layer support - * bugfixes - uninitialized variable (unirec output), flow duplication - * IPFIX elements update and cleanup - -2022-02-01 ipfixprobe-4.3.0 - * QUIC: FIXed wrong openssl linking on centos 7. - * Changed configuration of Copr RPM package. - -2022-01-31 ipfixprobe-4.2.0 - * Fixed invalid order of ipfix elements for TLS plugin. - -2022-01-27 ipfixprobe-4.1.0 - * Added wireguard module - * Replace stringstream due to performance issues - * Fixed build of RPM package - -2021-12-16 ipfixprobe-4.0.0 - * Reworked ipfxprobe parameter passing - * quic: Parsing quic protocol - * tests: Added several tests - * Bug fixes, memory leaks fixes - * Documentation improved - * Code refactoring - -2021-08-18 ipfixprobe-3.2.1 - * bugfix parser overflows due bug in old version of libpcap - -2021-07-28 ipfixprobe-3.2.0 - * improved code doc - * tlsplugin: fixed out of bounds write to an array - * ipfix: Minor changes - -2021-07-23 ipfixprobe-3.1.1 - * systemd: added restart on failure - * added stacktrace print on segmentation fault - * added export of flowEndReason IPFIX field - * rpm: packages are compiled with libunwind - -2021-07-21 ipfixprobe-3.1.0 - * http: updated HTTP IPFIX element identifiers - * ghactions: add coverity and codecov - * improved systemd service - * build: fixed errors on turris and tplink - -2021-06-08 ipfixprobe-3.0.0 - * added multi-thread version of ipfixprobe - * added wireguard plugin - * support cygwin compatibility - * bugfixes: RTSP plugin, build, memory - * updated tests - test for WireGuard plugin - -2021-02-27 ipfixprobe-2.19.0 - * added phist plugin - histograms of packets - * added bstats plugin - burst characteristics of flows - * added netbios support - * improved basic fields - * bugfixes: build, payload size - * maintenance: improved IPFIX basiclist representation - * updated tests - new timestamp precision - -2020-11-01 ipfixprobe-2.18.0 - * add IDPContent plugin (initial data from packet payload) - * updated create_plugin.sh - * improved systemd service - * maintenance - -2020-09-20 ipfixprobe-2.17.1 - * add TLS plugin - -2020-08-24 ipfixprobe-2.16.0 - * migration from nemea-modules - -2020-07-30 nemea-modules-2.16.0 - * flow_meter: - bugfixes, biflow support, added ppi feature, ssdp and dns-sd - improvements, added ovpn plugin, maintenance of plugins - -2020-04-21 nemea-modules-2.15.0 - * flow_meter: - minor bugfixes - -2019-04-21 nemea-modules-2.11.0 - * flow_meter: - Updated test references because of MAC UniRec type conversion. - * flow_meter&ipfixprobe: - Improved build - linker parameters. - -2019-02-25 nemea-modules-2.10.0 - * rpm: - Add ipfixprobe module, the simplified flow_meter. - -2018-09-18 nemea-modules-2.8.0 - * flow_meter: - Change HTTP template: compatibility with CESNET/FlowMon settings - -2018-03-20 Nemea-modules-2.6.2 - * flow_meter: - added export of DNS PTR - added SMTP plugin - modified some test scripts - -2017-07-24 Nemea-modules-2.5.7 - * flow_meter: - long IPFIX option (by Ulrik Haugen) - file attributes in spec (by Ulrik Haugen) - -2017-07-11 Nemea-modules-2.5.6 - * flow_meter: - fix build with older gcc - -2017-06-30 Nemea-modules-2.5.5 - * flow_meter: - parser is now parsing packets without transport layer - -2017-06-08 Nemea-modules-2.5.4 - * flow_meter: - flow cache hash function changed to xxHash - added handler for SIGPIPE signal - add support for IPv6 address in -x parameter - added export to IPFIX - optimizations - simplifications - bugfixes - -2017-03-01 Nemea-modules-2.5.3 - * flow_meter: - added -O option (see documentation) - bash completion feature - BUGFIX distcheck failed - added traffic filtering using -F parameter - default timeout on output interfaces set to HALF_WAIT - fixed exporting expired flows while no packets are captured - added output unirec field description to README - -2017-02-05 Nemea-modules-2.5.2 - * flow_meter: - add support: IPv6 extension headers - add support: double tagged frames (VLAN) - optimizations - bugfixes - -2016-10-07 Nemea-modules-2.5.0 - * flow_meter - extended tests coverage - updated README - many bugfixes and overall improvements - -2016-10-04 Nemea-modules-2.4.2 - * flow_meter: - added arp plugin - bugfixes in http and ntp plugin - -2016-08-05 Nemea-modules-2.4.1 - * flow_meter: - code revision - memory optimizations - fixing byte order issues - -2016-07-28 Nemea-modules-2.4.0 - * flow_meter: - optimization and improvement - add NTP plugin - -2016-04-03 Nemea-modules-2.3.4 - * flow_meter bugfixed - - -2016-03-20 Nemea-modules-2.3.3 - * flow_meter sip plugin bugfixed - no longer causes segfault - - -2016-03-10 Nemea-modules-2.3 - * documentation for creating flow_meter plugins - - -2016-02-16 Nemea-modules-2.1 - * Contained modules: - anonymizer - debug_sender - flow_meter - flowcounter - logger - logreplay - merger - nfreader - report2idea - traffic_repeater - unirecfilter - diff --git a/LICENSE b/LICENSE index abdb9fb84..8007cab94 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2022, CESNET +Copyright (c) 2025, CESNET All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..3cd4e6feb --- /dev/null +++ b/Makefile @@ -0,0 +1,48 @@ +ifeq ($(CMAKE),) +CMAKE := cmake +endif + +ifeq ($(CLANG_FORMAT),) +CLANG_FORMAT := clang-format +endif + +ifeq ($(RUN_CLANG_TIDY),) +RUN_CLANG_TIDY := run-clang-tidy +endif + + +SRC_DIR = "$(shell pwd)/src" +INC_DIR = "$(shell pwd)/include" + +SOURCE_DIR = "$(SRC_DIR)" "$(INC_DIR)" +SOURCE_REGEX = '.*\.\(cpp\|hpp\|c\|h\)' + + +.PHONY: all +all: build/Makefile + @$(MAKE) --no-print-directory -C build + +%: build/Makefile + @$(MAKE) --no-print-directory -C build $@ + +build/Makefile: | build + @cd build && $(CMAKE) $(CMAKE_ARGS) .. + +build: + @mkdir -p $@ + +.PHONY: format +format: + @find $(SOURCE_DIR) -type f -regex $(SOURCE_REGEX) -print0 | xargs -0 $(CLANG_FORMAT) --dry-run --Werror + +.PHONY: format-fix +format-fix: + @find $(SOURCE_DIR) -type f -regex $(SOURCE_REGEX) -print0 | xargs -0 $(CLANG_FORMAT) -i + +.PHONY: tidy +tidy: all + $(RUN_CLANG_TIDY) -p build -quiet -j $(shell nproc) -header-filter=$(SOURCE_DIR) $(SOURCE_DIR) + +.PHONY: tidy-fix +tidy-fix: all + $(RUN_CLANG_TIDY) -p build -quiet -fix -j $(shell nproc) -header-filter=$(SOURCE_DIR) $(SOURCE_DIR) diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index c755d8d64..000000000 --- a/Makefile.am +++ /dev/null @@ -1,348 +0,0 @@ -SUBDIRS= - -if WITH_NDP -SUBDIRS+=input/nfbCInterface -endif - -SUBDIRS+=. tests init -bin_PROGRAMS=ipfixprobe ipfixprobe_stats - -DISTCHECK_CONFIGURE_FLAGS="--with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)" - -ipfixprobe_LDFLAGS=-lpthread -ldl -latomic -ltelemetry -lappFs -ipfixprobe_CFLAGS=-I$(srcdir)/include/ -fPIC -DFUSE_USE_VERSION=30 -ipfixprobe_CXXFLAGS=-std=gnu++17 -Wno-write-strings -I$(srcdir)/include/ -fPIC -DFUSE_USE_VERSION=30 - -if OS_CYGWIN -ipfixprobe_CXXFLAGS+=-Wl,--export-all-symbols -else -ipfixprobe_CXXFLAGS+=-Wl,--export-dynamic -endif - -ipfixprobe_input_src=\ - input/input.cpp \ - input/benchmark.cpp \ - input/benchmark.hpp \ - input/parser.cpp \ - input/parser.hpp \ - input/headers.hpp - -# How to create loadable example.so plugin: -#pkglib_LTLIBRARIES=example.la -#example_la_CXXFLAGS=-I$(srcdir)/include/ -#example_la_SOURCES=example.cpp example.hpp -#example_la_LDFLAGS=-module -shared -avoid-version - - -if WITH_NDP -ipfixprobe_LDFLAGS+=-lnuma -lndpRI -L$(srcdir)/input/nfbCInterface/ -ipfixprobe_CXXFLAGS+=-I$(srcdir)/input/nfbCInterface/include/ -ipfixprobe_input_src+=\ - input/ndp.cpp \ - input/ndp.hpp -endif - -if WITH_RAW -ipfixprobe_input_src+=\ - input/raw.cpp \ - input/raw.hpp -endif - -if WITH_PCAP -ipfixprobe_input_src+=\ - input/pcap.cpp \ - input/pcap.hpp -endif - -if WITH_STEM -ipfixprobe_input_src+=\ - input/stem.cpp \ - input/stem.hpp -endif - -ipfixprobe_storage_src=\ - storage/fragmentationCache/ringBuffer.hpp \ - storage/fragmentationCache/timevalUtils.hpp \ - storage/fragmentationCache/fragmentationKeyData.hpp \ - storage/fragmentationCache/fragmentationTable.hpp \ - storage/fragmentationCache/fragmentationTable.cpp \ - storage/fragmentationCache/fragmentationCache.hpp \ - storage/fragmentationCache/fragmentationCache.cpp \ - storage/cache.cpp \ - storage/cache.hpp \ - storage/xxhash.c \ - storage/xxhash.h - -ipfixprobe_output_src=\ - output/ipfix.cpp \ - output/ipfix.hpp \ - output/text.cpp \ - output/text.hpp \ - output/ipfix-basiclist.cpp - -if WITH_NEMEA -ipfixprobe_output_src+=\ - output/unirec.hpp \ - output/unirec.cpp \ - fields.c \ - fields.h -endif - -ipfixprobe_process_src=\ - process/http.cpp \ - process/http.hpp \ - process/rtsp.cpp \ - process/rtsp.hpp \ - process/sip.cpp \ - process/sip.hpp \ - process/tls.cpp \ - process/tls.hpp \ - process/tls_parser.cpp \ - process/tls_parser.hpp \ - process/sha256.hpp \ - process/smtp.cpp \ - process/smtp.hpp \ - process/dns-utils.hpp \ - process/dns.cpp \ - process/dns.hpp \ - process/passivedns.cpp \ - process/passivedns.hpp \ - process/ntp.cpp \ - process/ntp.hpp \ - process/idpcontent.hpp \ - process/idpcontent.cpp \ - process/netbios.hpp \ - process/netbios.cpp \ - process/bstats.hpp \ - process/bstats.cpp \ - process/phists.cpp \ - process/phists.hpp \ - process/pstats.hpp \ - process/pstats.cpp \ - process/ovpn.hpp \ - process/ovpn.cpp \ - process/ssdp.hpp \ - process/ssdp.cpp \ - process/dnssd.hpp \ - process/dnssd.cpp \ - process/basicplus.hpp \ - process/basicplus.cpp \ - process/wg.hpp \ - process/wg.cpp \ - process/stats.cpp \ - process/stats.hpp \ - process/md5.hpp \ - process/md5.cpp \ - process/common.hpp \ - process/ssadetector.hpp \ - process/ssadetector.cpp \ - process/icmp.hpp \ - process/icmp.cpp \ - process/vlan.hpp \ - process/vlan.cpp \ - process/nettisa.hpp \ - process/nettisa.cpp \ - process/flow_hash.hpp \ - process/flow_hash.cpp \ - process/mpls.hpp \ - process/mpls.cpp \ - process/mqtt.hpp \ - process/mqtt.cpp - -if WITH_QUIC -ipfixprobe_process_src+=\ - process/quic.hpp \ - process/quic.cpp \ - process/quic_parser.cpp \ - process/quic_parser.hpp - -endif - -if WITH_FLEXPROBE -ipfixprobe_process_src+=\ - process/flexprobe-data.h \ - process/flexprobe-data-processing.cpp \ - process/flexprobe-data-processing.h \ - process/flexprobe-tcp-tracking.cpp \ - process/flexprobe-tcp-tracking.h \ - process/flexprobe-encryption-processing.cpp \ - process/flexprobe-encryption-processing.h -endif - -if WITH_OSQUERY -ipfixprobe_input_src+=\ - process/osquery.cpp\ - process/osquery.hpp -endif - -if WITH_DPDK -ipfixprobe_input_src+=\ - input/dpdk/dpdkMbuf.hpp \ - input/dpdk/dpdkMbuf.cpp \ - input/dpdk/dpdkDevice.hpp \ - input/dpdk/dpdkDevice.cpp \ - input/dpdk/dpdkCompat.hpp \ - input/dpdk/dpdkPortTelemetry.hpp \ - input/dpdk/dpdkPortTelemetry.cpp \ - input/dpdk/dpdkTelemetry.hpp \ - input/dpdk/dpdkTelemetry.cpp \ - input/dpdk.cpp \ - input/dpdk.h \ - input/dpdk-ring.cpp \ - input/dpdk-ring.h -endif - -ipfixprobe_headers_src=\ - include/ipfixprobe/plugin.hpp \ - include/ipfixprobe/input.hpp \ - include/ipfixprobe/storage.hpp \ - include/ipfixprobe/output.hpp \ - include/ipfixprobe/process.hpp \ - include/ipfixprobe/options.hpp \ - include/ipfixprobe/utils.hpp \ - include/ipfixprobe/ipfix-basiclist.hpp \ - include/ipfixprobe/flowifc.hpp \ - include/ipfixprobe/ipaddr.hpp \ - include/ipfixprobe/packet.hpp \ - include/ipfixprobe/ring.h \ - include/ipfixprobe/byte-utils.hpp \ - include/ipfixprobe/ipfix-elements.hpp \ - include/ipfixprobe/rtp.hpp \ - include/ipfixprobe/telemetry-utils.hpp \ - include/ipfixprobe/parser-stats.hpp - -ipfixprobe_src=\ - $(ipfixprobe_input_src) \ - $(ipfixprobe_storage_src) \ - $(ipfixprobe_output_src) \ - $(ipfixprobe_process_src) \ - $(ipfixprobe_headers_src) \ - pluginmgr.cpp \ - pluginmgr.hpp \ - options.cpp \ - utils.cpp \ - ring.c \ - workers.cpp \ - workers.hpp \ - stats.cpp \ - stats.hpp \ - ipfixprobe.hpp \ - ipfixprobe.cpp - -if WITH_LIBUNWIND -ipfixprobe_src+=\ - stacktrace.cpp \ - stacktrace.hpp -endif - -ipfixprobe_SOURCES=$(ipfixprobe_src) main.cpp - -ipfixprobe_stats_CXXFLAGS=-std=gnu++17 -Wno-write-strings -I$(srcdir)/include/ -ipfixprobe_stats_SOURCES=ipfixprobe_stats.cpp \ - include/ipfixprobe/options.hpp \ - include/ipfixprobe/utils.hpp \ - stats.cpp \ - stats.hpp \ - options.cpp \ - utils.cpp - -pkgdocdir=${docdir}/ipfixprobe -pkgdoc_DATA=README.md -EXTRA_DIST=README.md \ - pcaps/README.md \ - pcaps/mixed.pcap \ - pcaps/dns.pcap \ - pcaps/dnssd.pcap \ - pcaps/http.pcap \ - pcaps/rtsp.pcap \ - pcaps/tls.pcap \ - pcaps/ntp.pcap \ - pcaps/sip.pcap \ - pcaps/ssdp.pcap \ - pcaps/netbios.pcap \ - pcaps/smtp.pcap \ - pcaps/ovpn.pcap \ - pcaps/idpcontent.pcap \ - pcaps/bstats.pcap \ - pcaps/wg.pcap \ - pcaps/quic_initial-sample.pcap \ - debian/control debian/changelog debian/watch debian/copyright debian/patches debian/patches/series \ - debian/source debian/source/format debian/source/local-options debian/source/include-binaries \ - debian/rules debian/README.Debian debian/compat \ - docker/Dockerfile docker/ipfixprobe_wrapper.sh docker/process_script.sh docker/README.md - -bashcompl_DATA=ipfixprobe.bash - -if HAVE_GOOGLETEST -check_LTLIBRARIES=libipfixprobe.la -libipfixprobe_la_SOURCES=$(ipfixprobe_src) -libipfixprobe_la_LDFLAGS=$(ipfixprobe_LDFLAGS) -libipfixprobe_la_CFLAGS=$(ipfixprobe_CFLAGS) -libipfixprobe_la_CXXFLAGS=$(ipfixprobe_CXXFLAGS) - -check-local: - @if test -e googletest/googletest/Makefile; then \ - ( cd googletest/googletest && $(MAKE) $(AM_MAKEFLAGS) lib/libgtest.la lib/libgtest_main.la ); \ - ( cd googletest/googlemock && $(MAKE) $(AM_MAKEFLAGS) lib/libgmock.la lib/libgmock_main.la ); \ - else \ - echo "missing googletest submodule, run `git submodule init && git submodule update` and reconfigure"; \ - fi; - -clean-local: - @if test -e googletest/googletest/Makefile; then \ - ( cd googletest/googletest && $(MAKE) $(AM_MAKEFLAGS) clean; ) \ - fi -endif - -RPMDIR = RPMBUILD - -if MAKE_RPMS -RPMFILENAME=$(PACKAGE_NAME)-$(VERSION) - -.PHONY: srpm -srpm: - rm -rf "$(RPMDIR)/SOURCES/$(RPMFILENAME)" - mkdir -p $(RPMDIR)/BUILD/ $(RPMDIR)/SRPMS/ $(RPMDIR)/RPMS/ $(RPMDIR)/SOURCES - make ${AM_MAKEFLAGS} distdir='$(RPMDIR)/SOURCES/$(RPMFILENAME)' distdir - ( cd "$(RPMDIR)/SOURCES/"; tar -z -c -f $(RPMFILENAME)-$(RELEASE).tar.gz $(RPMFILENAME); rm -rf $(RPMFILENAME); ) - $(RPMBUILD) -bs $(PACKAGE_NAME).spec --define "_topdir `pwd`/$(RPMDIR)"; - -.PHONY: rpm -rpm: srpm - $(RPMBUILD) --define "_topdir `pwd`/$(RPMDIR)" --rebuild $(RPMDIR)/SRPMS/$(RPMFILENAME)-$(RELEASE).src.rpm --with pcap --with unwind; - -.PHONY: rpm-nemea -rpm-nemea: srpm - $(RPMBUILD) --define "_topdir `pwd`/$(RPMDIR)" --rebuild $(RPMDIR)/SRPMS/$(RPMFILENAME)-$(RELEASE).src.rpm --with nemea --with pcap --with unwind; - -.PHONY: rpm-ndp -rpm-ndp: srpm - $(RPMBUILD) --define "_topdir `pwd`/$(RPMDIR)" --rebuild $(RPMDIR)/SRPMS/$(RPMFILENAME)-$(RELEASE).src.rpm --with ndp --with unwind; -else -endif - -rpm-clean: - rm -rf $(RPMDIR) - -if WITH_NEMEA -include ./aminclude.am -else -fields.h fields.c: - touch $@ -endif - -if MAKE_DEB -.PHONY: deb-source -deb-source: - make dist && make distdir && ln -fs ipfixprobe-@VERSION@.tar.gz ipfixprobe_@VERSION@ubuntu@RELEASE@.orig.tar.gz && cd ipfixprobe-@VERSION@ && debuild -S - -.PHONY: deb -deb: - make dist && make distdir && ln -fs ipfixprobe-@VERSION@.tar.gz ipfixprobe_@VERSION@ubuntu@RELEASE@.orig.tar.gz && cd ipfixprobe-@VERSION@ && debuild -else -endif - -.PHONY: doc -doc: - doxygen - diff --git a/NEWS b/NEWS deleted file mode 100644 index 85d678bfd..000000000 --- a/NEWS +++ /dev/null @@ -1,820 +0,0 @@ -2025-02-06 (Pavel Siska): Parser - Fix packet parsing issue when --with-pcap is enabled Ensure correct packet parsing for input modules like dpdk, dpdk-ring, and nfb when compiled with --with-pcap. Previously, the parser relied on opt->datalink, which these inputs do not set, leading to incorrect layer detection. Now, it correctly defaults to Ethernet when necessary. -2025-02-06 (Pavel Siska): Dpdk - increase default mempool size from 4096 to 8192 -2025-02-06 (Pavel Siska): Dpdk - set RX queue size as (mempool size / 2) -2025-01-02 (Pavel Siska): dpdk: fix multiple dpdk telemetry files registration - -2024-12-27 (Pavel Siska): dpdk: Add DPDK telemetry -2024-12-27 (Pavel Siska): dpdk: add DPDK port telemetry -2024-12-27 (Pavel Siska): dpdk: add compatible definition macro to dpdkCompact Add RTE_ETH_RSS_GENEVE macro -2024-12-27 (Pavel Siska): dpdk: fix RSS configuration -2024-12-27 (Pavel Siska): dpdk: Add dpdkCompact - compatibility definitions for DPDK versions -2024-12-16 (Pavel Siska): README - update build requirements -2024-12-16 (Pavel Siska): configure.ac - add checks for telemetry and appfs libraries - Added AC_CHECK_LIB for 'telemetry' and 'appfs' to verify library availability. - Ensured 'LIBS' includes '-lappFs -ltelemetry' for proper linking. - Updated RPM dependencies by appending 'telemetry' to RPM_REQUIRES and RPM_BUILDREQ. -2024-12-09 (Jan Sobol): ipfix-elements: fix NTP_USEC_TO_FRAC macro Use standard conversion to ntp timestamps as in https://tickelton.gitlab.io/articles/ntp-timestamps/. -2024-11-28 (Pavel Siska): Readme - update telemetry docs -2024-11-25 (Karel Hynek): docs: fix jekyll links -2024-11-25 (Karel Hynek): docs: fix jekyll base url and update docs description -2024-11-25 (Karel Hynek): docs: fix centering in the website footer -2024-11-20 (Tomas Cejka): docs: revision of web page -2024-11-15 (Karel Hynek): doc: FIX GitHub logo in footer -2024-11-15 (Karel Hynek): README: FIX ipfixprobe logo and link to documentation -2024-11-15 (Karel Hynek): Introduce doc using Jekyll & Update README (#232) - -2024-11-12 (Jan Sobol): dpdkDevice: use mempool size as rx queue size instead of burst size -2024-11-12 (Jan Sobol): dpdk: reduce value of DEFAULT_MBUF_POOL_SIZE to use it also as rx queue size - -2024-10-17 (Tomas Cejka): doc: include generated Doxyfile to create documentation -2024-10-17 (Tomas Cejka): doc: add doxygen comment for parse_packet() -2024-10-16 (Jan Sobol): dpdk-ring - fix checking if any packet has actually been parsed -2024-10-16 (Jan Sobol): dpdk - fix checking if any packet has actually been parsed -2024-10-02 (Damir Zainullin): Fix IPv6 header parsing -2024-09-30 (Pavel Šiška): Merge pull request #220 from CESNET/prefetch-optimizations -2024-09-30 (Pavel Šiška): Merge pull request #219 from CESNET/dpdk-ring-metadata-timestamp -2024-09-30 (Pavel Šiška): Merge pull request #215 from CESNET/new-version -2024-09-26 (Jan Sobol): cache - prefetch flow records before checking their expiration -2024-09-26 (Jan Sobol): dpdk-ring - prefetch dequeued packets before processing -2024-09-25 (Jan Sobol): dpdk-ring - read timestamp from hw metadata if available -2024-09-20 (Tomas Cejka): Merge pull request #216 from CESNET/ipfixprobe-docker-wrapper -2024-09-19 (Tomas Cejka): dist: include docker/ files into distribution archive -2024-09-19 (Jan Sobol): wg - fix parsing and exporting byte order -2024-09-19 (Jan Sobol): utils - introduce memcpy_le32toh function -2024-09-18 (Jan Sobol): basicplus test - fix reference values of tcp options -2024-09-18 (Jan Sobol): basicplus - update tcp options mask across flow packets -2024-09-18 (Jan Sobol): parser - fix order of tcp options flags according to ipfix standard https://www.iana.org/assignments/ipfix/ipfix.xhtml, entity 209 - tcpOptions -2024-09-17 (Jaroslav Pesek): process container - introduce docker/podman container wrapper for processing pcaps to csvs - -2024-08-28 (Pavel Siska): ipfixprobed - add new option LZ4_COMPRESSION to init script and config example -2024-08-28 (Pavel Siska): README.md - add LZ4 compression info -2024-08-28 (Jakub Antonín Štigler): ipfix plugin: add lz4 compression -2024-08-23 (Tomas Cejka): actions: add lz4 package for build -2024-08-23 (Tomas Cejka): debian: add lz4 dependency -2024-08-23 (Tomas Cejka): build: add dependency on liblz4 due to IPFIX compression feature -2024-08-19 (Jan Sobol): ipfixprobed - introduce EXTRA_ARGS to specify any global ipfixprobe parameters -2024-08-19 (Jan Sobol): ipfixprobed - consistency of DPDK_OPTS parameter with examples and dpdk-ring -2024-08-19 (Jan Sobol): ipfixprobed - make DPDK_LCORES parameter optional -2024-08-19 (Jan Sobol): ipfixprobed - introduce DPDK_INPUT_WORKER_CPUS and OUTPUT_WORKER_CPU parameters to set workers affinity -2024-08-19 (Jan Sobol): ipfixprobed - fix duplicate rows around exec part -2024-08-19 (Jan Sobol): introduce parameter to set affinity CPU list -2024-08-19 (Jan Sobol): introduce ability to define CPU affinity for input and output workers -2024-08-19 (Jan Sobol): utils - introduce vec2str utility -2024-08-18 (Damir Zainullin): Fix ipv6 extension header parsing -2024-08-16 (Pavel Siska): ipfixprobed - add new option NON_BLOCKING_TCP to init script and config example -2024-08-16 (Pavel Siska): ipfix - add option to use non-blocking TCP socket -2024-08-16 (Pavel Siska): README.md - add telemetry section -2024-08-16 (Pavel Siska): github-ci - add build requirements -2024-08-16 (Pavel Siska): parser-stats - add parser stats to input plugins -2024-08-16 (Pavel Siska): introduce output queue telemetry -2024-08-16 (Pavel Siska): ipfixprobed - add telemetry to init script -2024-08-16 (Pavel Siska): integrate fuse telemetry to ipfixprobe -2024-08-16 (Pavel Siska): ipfixprobe spec file - add telemetry library as dependency -2024-08-16 (Pavel Siska): dpdk-ring - introduce support for plugin telemetry -2024-08-16 (Pavel Siska): ndp - introduce support for plugin telemetry -2024-08-16 (Pavel Siska): dpdk - introduce support for plugin telemetry -2024-08-16 (Pavel Siska): InputPlugin - introduce telemetry support for base plugin -2024-08-16 (Pavel Siska): parser-stats - introduce structure of Parser stats -2024-08-16 (Pavel Siska): FragmentationCache - introduce support for plugin telemetry -2024-08-16 (Pavel Siska): flowCache - introduce support for storage plugin telemetry -2024-07-29 (Pavel Siska): StoragePlugin - introduce telemetry support for base plugin -2024-07-29 (Pavel Siska): telemetry-utils - introduce TelemetryUtils class -2024-07-29 (Pavel Siska): Makefile - set ipfixprobe c++ standard to gnu++17 -2024-07-16 (Damir Zainullin): Fix code formatting -2024-07-08 (Karel Hynek): phists - FIX IPT calculation for negative IPT -2024-07-04 (Damir Zainullin): Add MQTT plugin description to README -2024-07-04 (Damir Zainullin): Add get_text() for mqtt plugin -2024-07-03 (Damir Zainullin): Change c++ version to c++17 -2024-07-03 (Damir Zainullin): Add mqtt plugin tests -2024-07-03 (Damir Zainullin): Add mqtt process plugin -2024-06-20 (Jan Sobol): dpdk - call rte_eth_dev_set_mtu to set MTU on interface The MTU setting in rte_eth_dev_configure turned out to be insufficient. -2024-06-20 (Jan Sobol): dpdk - fix mbuf dataroom size MTU is increased by eth header len. -2024-06-11 (Jan Sobol): dpdk - update DEFAULT_MBUF_BURST_SIZE to 64 which is default value for input packet queue -2024-06-04 (Tomas Cejka): github-action: insert CODECOV_TOKEN into pipeline -2024-06-04 (Tomas Cejka): github-actions: increase version of codecov-action -2024-06-04 (Karel Hynek): tls plugin: fix extensionlists IPFIX enterprise number -2024-05-31 (Jan Sobol): dpdk - configure MTU size in dpdkDevice -2024-05-31 (Jan Sobol): dpdk - introduce MTU parameter -2024-05-31 (jmuecke): Update README -2024-05-29 (Karel Hynek): Update reference test file -2024-05-28 (jmuecke): Update IE IDs -2024-05-27 (jmuecke): extract CH TLS extensions -2024-04-22 (Pavel Siska): test - update reference file of quic test -2024-04-16 (jmuecke): Only act on first retry packet -2024-04-12 (Pavel Siska): quic - fix code format -2024-04-03 (Pavel Siska): dpdk - update memory pool creation to use device socket ID -2024-02-20 (jmuecke): Change payload_len only if previously modified. -2024-02-20 (Pavel Siska): ndp - refactored processing of timestamps Ndp plugin is now able to process timestamps from different fw packet headers. If fw timestamp is invalid SW timestamp is used. -2024-02-20 (Pavel Siska): ndp - set booted firmware and timestamp position information -2024-02-15 (Karel Hynek): QUIC - Fix IPFIX IDs for basic list elements -2024-02-13 (jmuecke): Return proper QUIC version. -2024-02-12 (Karel Hynek): QUIC - Avoid source buffer overflow in crypto frame copy -2024-02-12 (Karel Hynek): QUIC - Fix payload len underflow, when smaller than expected -2024-02-12 (Karel Hynek): QUIC - Fix required output IPFIX buffer size -2024-01-24 (jmuecke): Fix text output -2024-01-23 (jmuecke): Restrict TLS extraction to alpn and quic_transport parameters -2024-01-18 (jmuecke): tested and improved quic module -2023-12-16 (Pavel Valach): tests/functional/wg: added more regular traffic, also with max length 1420 -2023-12-16 (Pavel Valach): process/wg: do not check if transport data length is divisible by 16 -2023-11-07 (Jakub Antonín Štigler): Fragmentation cache - Add parameters to service -2023-11-07 (Jakub Antonín Štigler): Add missing include -2023-11-07 (Pavel Siska): FlowCache - integrate fragmentation cache -2023-11-07 (Pavel Siska): fragmentationCache - introduce fragmentation Cache class -2023-11-07 (Pavel Siska): fragmentationCache - introduce FragmentationTable class -2023-11-07 (Pavel Siska): fragmentationCache - introduce Fragmentation data structures -2023-11-07 (Pavel Siska): fragmentationCache - introduce utilities for timeval structure -2023-11-07 (Pavel Siska): FragmentationCache - introduce Ring Buffer class -2023-11-07 (Pavel Siska): parser - support extraction of IPv4/6 packet fragmentation info -2023-11-02 (jmuecke): Fix processing of version negotiation eliciting version. -2023-11-02 (jmuecke): quic versions: Support all versions triggering vns. -2023-11-02 (jmuecke): vn: Add server port before flushing flow -2023-11-02 (jmuecke): Export detected quic server port. -2023-11-02 (jmuecke): Enforce CID lengths are within the defined spec. Parse packet type last. -2023-11-02 (jmuecke): Add quic packet type information for each datagram. -2023-11-01 (jmuecke): 0-RTT collect client CID. But no other CIDs or version. -2023-10-31 (jmuecke): Use correct type for CID fields. -2023-10-31 (jmuecke): VN: Add QUIC extension if FLOW_FLUSH. Version = VN is not an error. -2023-10-31 (jmuecke): Fix IPFIX ID collision of QUIC_ZERO_RTT. -2023-10-26 (jmuecke): QUIC: Extract more QUIC flow details - -2023-10-25 (Tomas Cejka): openwrt: fix missing byteorder in RTP plugin -2023-10-25 (Tomas Cejka): openwrt: add missing include of time.h - -2023-10-17 (Pavel Siska): ipfix - propose new variables (ipfix template refresh rate) to control init by ipfixprobed The description of new variables was added into link0.conf.example: TEMPLATE_REFRESH_RATE -2023-10-17 (Pavel Siska): ipfix - add configuration option for template refresh rate (UDP) -2023-10-17 (Pavel Siska): vlan plugin: fix invalid return code from fill_ipfix() -2023-09-14 (Jakub Antonín Štigler): mpls - add description to readme -2023-09-14 (Jakub Antonín Štigler): Introduce mpls plugin -2023-09-14 (Jakub Antonín Štigler): ipfix - Add mpls label element -2023-09-14 (Jakub Antonín Štigler): Parser - extract mpls -2023-09-14 (Jakub Antonín Štigler): Packet - Add mpls field - -2023-10-03 (Tomas Cejka): Merge pull request #185 from CESNET/dpdkinit -2023-09-30 (Tomas Cejka): dpdk: propose new variables to control init by ipfixprobed -2023-09-25 (SiskaPavel): Merge pull request #184 from CESNET/vlan_plugin_ipfix_fix -2023-09-25 (Pavel Siska): ipfix-elements - add missing vlan plugin ipfix template -2023-09-21 (Tomas Cejka): Merge pull request #183 from CESNET/fix-build-fedora38+ -2023-09-21 (Pavel Siska): stats - add missing include -2023-09-19 (Karel Hynek): Merge pull request #181 from CESNET/quic_fix -2023-09-13 (Karel Hynek): QUIC: Code reformat -2023-09-13 (Karel Hynek): QUIC: Added buffer overflow checks -2023-08-08 (SiskaPavel): Merge pull request #176 from CESNET/flow-hash-plugin -2023-08-08 (Jakub Antonín Štigler): Plugin template - fix method specifiers -2023-08-08 (Jakub Antonín Štigler): Flow Hash - update readme -2023-08-08 (Jakub Antonín Štigler): Flow Hash - implement plugin -2023-08-07 (Tomas Cejka): Merge pull request #178 from CESNET/debupdate -2023-08-07 (Tomas Cejka): update debian package version -2023-08-04 (Tomas Cejka): Merge pull request #177 from CESNET/parse-gre -2023-08-03 (Jakub Antonín Štigler): GRE - remove wrong throw in parser -2023-08-03 (Jakub Antonín Štigler): Flow cache - export hash to flow -2023-08-03 (Jakub Antonín Štigler): Flow - Add hash field -2023-08-02 (SiskaPavel): Merge pull request #144 from BonnyAD9/support-gre-protocol -2023-08-02 (SiskaPavel): Merge pull request #162 from BonnyAD9/export-vlan-id -2023-08-02 (Jakub Antonín Štigler): Merge branch 'master' into export-vlan-id -2023-08-02 (Jakub Antonín Štigler): GRE: integrate into parser -2023-08-02 (Jakub Antonín Štigler): GRE: parse gre protocol -2023-08-01 (Jakub Antonín Štigler): VLAN: Update readme -2023-08-01 (Jakub Antonín Štigler): VLAN: Update tests -2023-08-01 (Jakub Antonín Štigler): VLAN: Implement plugin -2023-08-01 (SiskaPavel): Merge pull request #165 from BonnyAD9/icmp-plugin -2023-07-27 (Karel Hynek): Merge pull request #175 from CESNET/http_ipfixtemplate_bugfix -2023-07-27 (Karel Hynek): HTTP: Bugfix in IPFIX template. -2023-07-25 (Karel Hynek): Merge pull request #174 from CESNET/nettisa_improvment -2023-07-25 (Karel Hynek): Nettisa: Added functional tests -2023-07-24 (Karel Hynek): Nettisa: Removing one-packet nettisa flow export -2023-07-21 (SiskaPavel): Merge pull request #173 from CESNET/new_version -2023-07-12 (Jakub Antonín Štigler): icmp: fix byte order -2023-06-15 (Jakub Antonín Štigler): VLAN: Add includes - -2023-07-20 (Josef Koumar): NetTiSA: Handle NaN values -2023-07-18 (Pavel Siska): Nettisa - fix invalid time conversion -2023-07-18 (Pavel Siska): utils - add function that convert struct timeval to microseconds -2023-07-18 (Pavel Siska): utils - fix static_assert function to c++11 standard - -2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA into README.md -2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA to Makefile -2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA plugin -2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA IPFIX elements -2023-07-17 (Pavel Siska): utils - format code with clang-format -2023-07-17 (Pavel Siska): Byte-utils - introduce htonf() function to convert float to network order -2023-07-14 (Karel Hynek): OVPN: Code reformat -2023-07-14 (Karel Hynek): OVPN: checking datapackets for RTP validity to reduce false positives -2023-07-14 (Karel Hynek): OVPN: Added rtp header validation function -2023-07-14 (Karel Hynek): OVPN plugin: Improve detection for flows with large small number packets -2023-07-07 (Jakub Magda): Add new HTTP fields to README.md -2023-07-07 (Karel Hynek): HTTP: Updated functional tests -2023-07-07 (Karel Hynek): HTTP: Added missing pointer check -2023-07-07 (Karel Hynek): HTTP: Code reformat -2023-07-07 (Karel Hynek): HTTP: FIXED invalid pointer check -2023-06-28 (Karel Hynek): Changing uncrustify to clang format -2023-06-17 (Tomas Cejka): actions: update to actions/checkout@v3 -2023-06-17 (Tomas Cejka): coverity: update to actions/checkout@v3 -2023-06-15 (Jakub Magda): Add parsing HTTP response headers server and set-cookie names -2023-06-06 (Jakub Antoní Stigler): Update functional test references -2023-06-01 (jaroslavpesek): dpdk - updated README.md for multiport read -2023-05-23 (Jakub Antoní Stigler): improve readablility -2023-04-25 (Jakub Antoní Stigler): Add icmp to README -2023-04-25 (Jakub Antoní Stigler): remove icmp from parser -2023-04-25 (Jakub Antoní Stigler): Implement fill functions in icmp -2023-04-25 (Jakub Antoní Stigler): Add binaries to gitignore -2023-04-25 (Jakub Antoní Stigler): Implement ICMP plugin -2023-04-25 (Jakub Antoní Stigler): generate empty icmp plugin - -2023-05-30 (jaroslavpesek): Merge pull request #157 from CESNET/dpdk-port -2023-05-29 (Pavel Siska): Ipfixprobed - support dpdk option `lcores` -2023-05-29 (Pavel Siska): Ipfixprobed - remove dpdk option `cpu_mask` -2023-05-29 (Pavel Siska): Dpdk - refactor dpdk, support multiple port read -2023-05-29 (Pavel Siska): Dpdk - introduce DpdkDevice class -2023-05-29 (Pavel Siska): Dpdk - introduce dpdk Mbuf wrapper class -2023-05-26 (Tomas Cejka): Merge pull request #155 from BonnyAD9/add-vlan-to-flow-key -2023-05-26 (Jakub Antonín Štigler): Merge branch 'CESNET:master' into add-vlan-to-flow-key -2023-05-26 (Tomas Cejka): Merge pull request #156 from CESNET/coverity-1 -2023-05-26 (Tomas Cejka): Update coverity.yml -2023-05-24 (Jakub Antonín Štigler): add VLAN ID to flow key -2023-05-19 (Tomas Cejka): Merge pull request #141 from CESNET/dpdk-ring-reader -2023-05-19 (jaroslavpesek): Apply code style suggestions from code review -2023-05-19 (jaroslavpesek): Apply copyright suggestions from code review -2023-05-19 (Tomas Cejka): Merge pull request #152 from CESNET/ovpn_enhacment -2023-05-19 (Karel Hynek): Added min_pckt_export_treshold constant -2023-05-19 (Karel Hynek): Update minor coding-style issue -2023-05-19 (Tomas Cejka): Merge pull request #154 from CESNET/update_licence -2023-05-19 (Karel Hynek): Update licence terms -2023-05-17 (Tomas Cejka): Merge pull request #153 from CESNET/release -2023-05-16 (Karel Hynek): Minor coding style update -2023-05-16 (Karel Hynek): Minor coding style update -2023-05-16 (Karel Hynek): SSA: Updated readme -2023-05-16 (Karel Hynek): SSADetector: Bugfix, improved memory consumption -2023-05-16 (Karel Hynek): Enhancment, do not export bstats for short flows -2023-05-16 (Karel Hynek): Merge pull request #149 from CESNET/ssadetector_plugin -2023-05-16 (Karel Hynek): Merge pull request #151 from CESNET/bstats_enhancment -2023-05-16 (Karel Hynek): Minor coding style update -2023-05-16 (Karel Hynek): Minor coding style update -2023-05-05 (Karel Hynek): SSA: Updated readme -2023-05-05 (Karel Hynek): SSADetector: Bugfix, improved memory consumption -2023-05-05 (Karel Hynek): Ovpn: added updated test reference -2023-05-05 (Karel Hynek): Enhancment, do not export bstats for short flows -2023-05-05 (Karel Hynek): Enhancment: Do not export ovpn field for short flows. -2023-05-05 (Karel Hynek): Enhancment: Contrain ovpn data packet on minimal size -2023-03-27 (jaroslavpesek): dpdk: new input plugin for reading via dpdk rings as secondary dpdk process - -2023-05-05 (SiskaPavel): Merge pull request #148 from CESNET/dpdk-version -2023-05-05 (Pavel Siska): dpdk - support HW timestamp only when metadata are available -2023-05-04 (Pavel Siska): Dpdk - support different constant names acros dpdk versions -2023-04-18 (SiskaPavel): Merge pull request #146 from CESNET/ssadetector_plugin -2023-04-18 (SiskaPavel): Merge pull request #143 from BonnyAD9/http-invalid-method -2023-04-18 (Karel Hynek): Merge pull request #145 from CESNET/pstats_zerolen_fix -2023-04-18 (Karel Hynek): SSADetector: Updated coding style, Removed unnamed constants -2023-04-17 (Karel Hynek): PSTATS BUGFIX: Fixed zero-len packets recognition -2023-04-04 (Jakub Antonín Štigler): Increase the method field size in http -2023-03-27 (Jakub Antonín Štigler): Set back the default size of http method -2023-03-27 (Jakub Antonín Štigler): parse http requests with invalid header -2023-03-27 (SiskaPavel): Merge pull request #142 from CESNET/new_version -2023-03-15 (Karel Hynek): SSADetector: Added functional tests -2023-03-15 (Karel Hynek): SSADetector: Added ext record modification methods -2023-03-15 (Karel Hynek): SSADetector: Added transition functions to detection automaton -2023-03-15 (Karel Hynek): SSADetector: SSADetectorRecord EXT completely defined -2023-03-15 (Karel Hynek): SSADetector: Added pkt table structure -2023-03-15 (Karel Hynek): SSADetector: Added pkt entry structure -2023-03-15 (jirakja7): SSADetector plugin: initial files. - -2023-03-20 (Jakub Antonín Štigler): Skip ipv6 mobility header -2023-03-15 (Karel Hynek): Updated .gitignore -2023-03-13 (Karel Hynek): tls: Updated tls test reference -2023-03-13 (Karel Hynek): tls: Updated test pcap to contain tls 1.3 -2023-03-13 (Karel Hynek): TLS: Updated Recognition of Server Hello stage -2023-03-10 (Andrej Lukacovic): Support of extracting TLS version from handshake extension -2022-12-20 (Tomas Cejka): Improved description of output - -2023-02-13 (Pavel Siska): Specify Output plugin bytes stats to L4 layer size. -2023-02-13 (Pavel Siska): Added total counter to Input plugin statistics which sumarize values over all input plugins -2023-02-02 (Pavel Siska): Tls - fix buffer overflow when parsing TLS SNI field - -2022-12-29 (Tomas Cejka): rpm: hotfix - disable automatic setting of hardening flags -2022-12-24 (Tomas Cejka): Merge pull request #133 from CESNET/dpdk-check-caps -2022-12-22 (Tomas Cejka): dpdk: bugfix HW timestamp capability check -2022-12-22 (Tomas Cejka): Merge pull request #132 from CESNET/dpdk-check-caps -2022-12-22 (SiskaPavel): Merge pull request #131 from CESNET/active-timeout-overtime-#123 -2022-12-22 (Tomas Cejka): dpdk: check capabilities and skip unsupported features -2022-12-21 (xsiska12): Cache: fixed export of flow with longer duration than active timeout -2022-12-21 (SiskaPavel): Merge pull request #129 from CESNET/dpdk-update -2022-12-21 (xsiska12): Dpdk: set Dpdk datalink to zero -2022-12-21 (xsiska12): Dpdk: removed setting of lcore thread affinity -2022-12-21 (xsiska12): Dpdk: Removed invalid packet block indexing -2022-12-21 (xsiska12): Dpdk: return Result::TIMEOUT when no packets are read -2022-12-21 (xsiska12): Dpdk: set first argument of rte_eal_init() function to program name (argv[0]) -2022-12-20 (Tomas Cejka): Merge pull request #127 from CESNET/ipfix_dir_bit_field -2022-12-20 (xsiska12): ipfix: Changed data type of dir_bit_field to uint32_t -2022-12-19 (Tomas Cejka): Merge pull request #116 from CESNET/cejkato2-patch-1 codecov action fixed -2022-12-19 (Tomas Cejka): Update c-cpp.yml -2022-12-19 (Tomas Cejka): codecov: update version of gh action -2022-12-19 (Tomas Cejka): Update ipfixprobed -2022-12-19 (Tomas Cejka): Merge pull request #115 from CESNET/dpdkinit -2022-12-19 (Tomas Cejka): Merge branch 'master' into dpdkinit -2022-12-18 (Tomas Cejka): init: add DPDK variables and improve ipfixprobed script -2022-12-16 (Tomas Cejka): Merge pull request #114 from CESNET/dpdk-rss -2022-12-16 (Tomas Cejka): Merge pull request #113 from CESNET/doc-fix-example -2022-12-16 (xsiska12): dpdk: changed input of RSS to IP addresses only -2022-12-16 (Tomas Cejka): Update README.md -2022-12-14 (Tomas Cejka): Merge pull request #112 from CESNET/dpdkhelp_fixtypo -2022-12-14 (Karel Hynek): Merge pull request #111 from CESNET/release -2022-12-13 (Tomas Cejka): doc: improved readme - DPDK example -2022-12-13 (Tomas Cejka): dpdk: fixed typo in help - -2022-12-05 (Karel Hynek): Merge pull request #110 from CESNET/tcp_seq_ack_fix -2022-12-05 (Tomas Cejka): Merge pull request #109 from CESNET/HTTPS_plugin_fix -2022-12-05 (Karel Hynek): FIX: Parsing TCP SEQ and TCP ACK numbers -2022-11-25 (Karel Hynek): BUGFIX: Removed trailing '\r' from HTTP exported fields -2022-11-24 (SiskaPavel): Merge pull request #108 from CESNET/dpdk-rework -2022-11-22 (xsiska12): dpdk: updated README -2022-11-22 (xsiska12): dpdk - rework dpdk plugin -2022-10-14 (Tomas Cejka): Merge pull request #105 from CESNET/dpdk-older-version-support -2022-10-03 (xsiska12): dpdk: support dpdk version < 21.11 -2022-10-03 (SiskaPavel): Merge pull request #104 from CESNET/new_version - -2022-10-03 (Tomas Cejka): Merge pull request #103 from CESNET/dpdk-queues -2022-10-03 (xsiska12): dpdk: Updated README.md -2022-10-03 (xsiska12): dpdk: added DPDK into daemon wrapper and example config -2022-10-03 (xsiska12): DPDK: added support of multi queues packets reading -2022-09-13 (SiskaPavel): Merge pull request #102 from CESNET/flexprobe-zerocopy -2022-09-12 (xsiska12): flexprobe: Changed flexprobe packet conversion to zero copy mode -2022-09-02 (Karel Hynek): Merge pull request #100 from CESNET/bugfix_relocation -2022-08-13 (Tomas Cejka): build: BUGFIX dangerous relocation -2022-08-05 (Tomas Cejka): Merge pull request #99 from CESNET/openwrt-bugfix-quic -2022-08-05 (Tomas Cejka): tls: BUGFIX replaced unknown uint with size_t, add missing header file -2022-07-27 (Karel Hynek): Merge pull request #98 from CESNET/new_version - -2022-07-26 (OndrejSedlacek): SSDP Plugin: Fixed payload handling. -2022-07-26 (Andrej Lukacovic): QUIC: parse_header variables changed to const, decrypt_header copies from original pkt payload -2022-07-26 (Karel Hynek): Updated copyright and license in QUIC and TLS plugins/parsers -2022-07-26 (Karel Hynek): Refactor: Fixed coding style in QUIC and TLS process plugins, parsers -2022-07-26 (Karel Hynek): Refactor: NEW class TLS parser for QUIC and TLS plugins -2022-07-26 (Andrej Lukacovic): QUIC: Refactor and updates in expand_label method -2022-07-26 (Andrej Lukacovic): QUIC: changed copy whole packet payload to copy only header -2022-07-26 (Pavel Siska): Quic: Fixed payload buffer overflow -2022-07-26 (Andrej Lukacovic): QUIC: Version 2 added -2022-07-26 (Andrej Lukacovic): QUIC: changed server side return value, quic_check_initial bool fixed -2022-07-26 (Andrej Lukacovic): QUIC: remove unused vars, copy raw quic data into buffer -2022-07-26 (Andrej Lukacovic): QUIC: moved version parsing -2022-07-26 (Andrej Lukacovic): QUIC: comments/rfc links -2022-07-26 (Andrej Lukacovic): QUIC: ack1,ack2,connection_close frames parsing added, refactor of supported implementation/versions (partially supported Qv2) -2022-07-26 (Andrej Lukacovic): QUIC: refactor and checked decryption -2022-07-26 (Andrej Lukacovic): QUIC: refactor, dynamic array removed -2022-07-25 (Pavel Siska): ssdp: Check payload length during parsing. -2022-07-25 (Pavel Siska): smtp: Check payload length during parsing. -2022-07-25 (Pavel Siska): rtsp: Check payload length during parsing. -2022-07-25 (Pavel Siska): http: Check payload length during parsing. -2022-07-25 (Pavel Siska): common.hpp: Added payload length checker function. -2022-07-25 (Pavel Siska): Added common.hpp file with strnstr function. -2022-07-24 (Pavel Siska): STEM: changed number of packets to read from interface. -2022-07-24 (Pavel Siska): RAW: changed number of packets to read from interface. -2022-07-24 (Pavel Siska): PCAP: changed number of packets to read from interface. -2022-07-24 (Pavel Siska): Changed allocation of PacketBlock structure. -2022-07-24 (Pavel Siska): Removed memcpy of packet in parser. -2022-07-11 (Tomas Cejka): deb: add config files to generate deb package -2022-06-30 (Karel Hynek): FIXed unprotected string.erase() methods. -2022-06-21 (Tomas Cejka): pcap: add support for DLT_LINUX_SLL2 datalink layer -2022-05-21 (Pavel Siska): Merge input and storage workers thread. -2022-05-19 (Tomas Cejka): doc: improve description/example for DPDK -2022-05-19 (xsiska12): Remove std::future feature for workers terminations -2022-05-18 (Roman Vrana): Added InterfaceIn for Flexprobe data -2022-05-18 (Roman Vrana): Added DPDK run example -2022-04-25 (Karel Hynek): xxhash update -2022-04-19 (Roman Vrana): Added version check for MTU setting -2022-04-19 (Roman Vrana): DPDK interface fix -2022-03-24 (root): Fixed data type of active/inactive timeout in init config -2022-03-05 (Štěpán Šimek): process/create_plugin.sh fix - -2022-03-11 (xsiska12): QUIC plugin: Updated coding style -2022-03-11 (xsiska12): TLS plugin: Updated coding style -2022-03-11 (xsiska12): QUIC plugin: Updated coding style -2022-03-11 (Karel Hynek): HTTP Plugin: Updated coding style -2022-03-11 (Karel Hynek): QUIC: Updated IPFIX elements export -2022-03-11 (Karel Hynek): Fixed wrong minimal buffer len calculation in HTTP plugin -2022-03-10 (Karel Hynek): FIXED HTTP plugin variable-length IE IPFIX export -2022-03-10 (Karel Hynek): FIXED TLS plugin variable-length IE IPFIX export -2022-03-10 (Karel Hynek): Added new function for variable-length IE IPFIX export -2022-03-10 (Karel Hynek): FIXED wrong export reason -2022-03-09 (Andrej Lukacovic): FIXED: check for version negotiation packet and check for allocated memory borders while using memcpy -2022-03-09 (Karel Hynek): FIXED mistakes in README -2022-03-02 (Karel Hynek): enhancement: PHists, PStats do not export data for single-packet flow -2022-03-02 (Karel Hynek): Added ability to remove extension's memory associated with flow -2022-03-02 (Andrej Lukacovic): QUIC: Fixed test reference -2022-02-24 (Andrej Lukacovic): Feature: Parsing Google UA extension and frame reassemble -2022-02-20 (Andrej Lukacovic): Feature: Parsing Google UA Extension and frame reassemble (addted test pcaps) -2022-02-20 (Andrej Lukacovic): Feature: Parsing Google UA extension and frame reassemble -2022-02-17 (Andrej Lukacovic): initial -2022-02-16 (Andrej Lukacovic): initial -2022-02-15 (Tomas Cejka): turris: add CPP if macros to skip debug prints -2022-02-14 (Tomas Cejka): Create LICENSE - -2022-02-14 (Tomas Cejka): Merge pull request #68 from CESNET/unirec_output_fix -2022-02-14 (Tomas Cejka): Merge pull request #69 from CESNET/ipfix_elements_fix -2022-02-14 (Tomas Cejka): Merge pull request #67 from koumajos/add_raw_format -2022-02-13 (Tomas Cejka): ipfix-elements: cleaned TLS elements -2022-02-11 (Karel Hynek): Fixed uninitialised variable in unirec output -2022-02-11 (Tomas Cejka): ipfix-elements: fixed comments and WireGuard ids -2022-02-10 (Karel Hynek): fixed unirec interface flow duplication when multiple plugins enabled -2022-02-08 (Josef Koumar): Add DLT_RAW format of PCAP -2022-02-01 (SiskaPavel): Merge pull request #66 from CESNET/new_version - -2022-02-01 (Karel Hynek): QUIC: FIXed wrong openssl linking on centos 7. -2022-01-31 (xsiska12): Changed configuration of Copr RPM package. - -2022-01-31 (xsiska12): Fixed invalid order of ipfix elements for TLS plugin. - -2022-01-26 (xsiska12): Fixed undeclared variable. -2022-01-26 (xsiska12): Replace std::stringstream due to performance issues on multi-thread usage Change precision of ntp test -2022-01-20 (Pavel Valach): tests/functional/wg: added sporadic DNS detection test -2022-01-20 (Pavel Valach): process/wg: account for possible misdetection of DNS traffic -2022-01-20 (Pavel Valach): process/wg: pre_update: set confidence level to 0 if it cannot be WG -2021-12-29 (Tomas Cejka): rpm: fixed build RPM package -2021-12-21 (Jiri Havranek): stats: fixed issues reported by coverity -2021-12-21 (Jiri Havranek): stats: code improvements -2021-12-18 (Jiri Havranek): removed unused header file -2021-12-17 (Jiri Havranek): ssdp: added missing extension id registration -2021-12-17 (Jiri Havranek): ipfix: added contraints for number of process plugins -2021-12-17 (Jiri Havranek): added fd check before close -2021-12-16 (xsiska12): ipfixprobe: increased version, updated ChangeLog, released RPM package - -2021-12-16 (xsiska12): Set --enable-legacy-ssl to yes|no in spec file according to OS version -2021-12-16 (Karel Hynek): fixed quic plugin compilation on CENTOS7 with --enable-legacy-ssl flag. -2021-12-14 (Karel Hynek): Added the ability to specify active/inactive timeout in init config -2021-11-22 (Jiri Havranek): text: added extension support -2021-11-22 (Jiri Havranek): tls: added code description -2021-11-22 (Jiri Havranek): check for system_error when creating threads -2021-11-22 (Jiri Havranek): text: ignore mac param now have better description -2021-11-22 (Jiri Havranek): stem: removed TODOs -2021-11-22 (Jiri Havranek): removed TODOs and unused code as no longer needed -2021-11-22 (Jiri Havranek): quic: moved byte utility functions to general header -2021-11-22 (Jiri Havranek): configure: quic is enabled by default -2021-11-16 (Jiri Havranek): added example loadable plugin to Makefile.am -2021-11-09 (Jiri Havranek): Update process/smtp.hpp -2021-11-09 (Jiri Havranek): Update aminclude.am -2021-11-09 (Jiri Havranek): Update aminclude.am -2021-11-09 (Jiri Havranek): Update README.md -2021-11-09 (Jiri Havranek): fixed typo in Makefile.am -2021-11-09 (Jiri Havranek): configure: moved stem, flexprobe and dpdk options at the end -2021-11-09 (Jiri Havranek): configure: removed unused Makefile entry -2021-11-08 (Jiri Havranek): configure: removed old fragment -2021-11-04 (Roman Vrana): Added licence headers -2021-11-03 (Roman Vrana): Added DPDK interface and Flexprobe StEm testing interface -2021-11-02 (Roman Vrana): Added plugins for processing Flexprobe data -2021-10-23 (Jiri Havranek): cache: fixed unexported records being overwritten causing leaks -2021-10-20 (Jiri Havranek): ipfix: flush data on termination -2021-10-20 (Jiri Havranek): ipfix: count dropped flows from packets also -2021-10-20 (Jiri Havranek): ipfix: print verbose error when getaddrinfo fails -2021-10-20 (Jiri Havranek): ipfix: prevent termination when TCP conn fails at beginning -2021-10-20 (Jiri Havranek): ipfix: fixed getaddrinfo memory leak -2021-10-20 (Jiri Havranek): tls: reset record when parsing fails -2021-10-19 (Jiri Havranek): ipfix: set default mtu to 1458 -2021-10-19 (Jiri Havranek): quic: can be now conditionaly build -2021-10-18 (Jiri Havranek): fixed more issues reported by codeQL -2021-10-18 (Jiri Havranek): increased version -2021-10-18 (Jiri Havranek): tests: added unirec unit test -2021-10-18 (Jiri Havranek): fixed issues reported by coverity -2021-10-18 (Jiri Havranek): fixed issues reported by codeQL -2021-10-18 (Jiri Havranek): added missing file documentation -2021-10-17 (Jiri Havranek): added initializers in storage worker -2021-10-17 (Jiri Havranek): tests: added unit tests in gtest framework -2021-10-15 (Jiri Havranek): raw: changed poll timeout to 0, nonblocking -2021-10-15 (Jiri Havranek): fixed export of flow when reading from offline source -2021-10-15 (Jiri Havranek): quic: code refactoring -2021-10-13 (Jiri Havranek): configure: added openssl-devel check -2021-10-12 (Jiri Havranek): improved help string -2021-10-11 (Jiri Havranek): updated README.md -2021-10-07 (Jiri Havranek): added termination check of storage and output plugins -2021-10-07 (Jiri Havranek): fixed early termination when reading from multiple offline inputs -2021-10-07 (Jiri Havranek): replaced global vars with shared futures for termination -2021-10-07 (Jiri Havranek): configure: added check for TPACKET_V3 -2021-10-07 (Jiri Havranek): cache: added option to split biflows -2021-10-07 (Jiri Havranek): ipfix: added conditional compilation of timestamp precision -2021-10-04 (Jiri Havranek): quic: updated coding style -2021-10-04 (Jiri Havranek): uncrustify: updated coding rule -2021-10-04 (Andrej Lukacovic): quic: fixed packet decryption not working for some messages -2021-10-04 (Andrej Lukacovic): quic: payload decryption buffer is now allocated only once -2021-10-01 (Jiri Havranek): updated README.md -2021-10-01 (Jiri Havranek): fixed issues reported by coverity -2021-09-27 (Jiri Havranek): quic: added test -2021-09-27 (Jiri Havranek): quic: removed TODOs, fixed typo -2021-09-27 (Jiri Havranek): quic: adding only one sni record from now -2021-09-27 (Jiri Havranek): quic: reworked adding new record -2021-09-26 (Jiri Havranek): quic: invalid header length fix -2021-09-26 (Jiri Havranek): quic: added UDP constraint for flow -2021-09-26 (Jiri Havranek): quic: simplified initial packet check -2021-09-26 (Jiri Havranek): quic: added check of payload size when parsing data -2021-09-26 (Jiri Havranek): quic: simplified condition -2021-09-26 (Jiri Havranek): quic: fixed memory leaks -2021-09-23 (Jiri Havranek): ipfixprobed: fixed UDP param -2021-09-23 (Andrej Lukacovic): quic: added traffic sample -2021-09-23 (Karel Hynek): quic: new plugin -2021-09-13 (Jiri Havranek): tls: ALPN is now retrieved from server packet -2021-09-09 (Jiri Havranek): cache: removed unused macros -2021-09-08 (Jiri Havranek): raw: fixed block return when processing left packets -2021-09-08 (Jiri Havranek): raw: added aditional build checks -2021-09-08 (Karel Hynek): Fixed include zeros option in phists plugin -2021-09-07 (Jiri Havranek): fixed typos -2021-09-04 (Jiri Havranek): ndp: removed unnecessary check -2021-09-04 (Jiri Havranek): ndp: fixed potentional segfault -2021-09-04 (Jiri Havranek): ndp: fixed memory leak -2021-09-03 (Jiri Havranek): benchmark: added seed parameter -2021-09-03 (Jiri Havranek): benchmark: added constraint for minimal pkt size -2021-09-03 (Jiri Havranek): benchmark: fixed packet limit check -2021-09-03 (Jiri Havranek): ipfix: added member initializer -2021-09-03 (Jiri Havranek): ipfixprobe: clean memory when printing plugin help -2021-09-03 (Jiri Havranek): benchmark: fixed mode parameter check -2021-09-03 (Jiri Havranek): ipfix: fixed default value for udp option -2021-09-03 (Jiri Havranek): added option parser description to constructor -2021-09-02 (Jiri Havranek): cache: fixed cache size parameter -2021-09-02 (Jiri Havranek): ipfixprobe: fixed parameter initializer -2021-09-02 (Jiri Havranek): systemd: updated scripts -2021-09-02 (Jiri Havranek): ndp: fixed compilation issues -2021-09-02 (Jiri Havranek): ipfix: fixed id parameter -2021-09-02 (Jiri Havranek): ipfix: return error when connection to collector fails -2021-09-02 (Jiri Havranek): dnssd: fixed txt parameter -2021-09-02 (Jiri Havranek): cygwin compatibility -2021-09-02 (Jiri Havranek): updated github workflows -2021-09-02 (Jiri Havranek): configure.ac: added --with-raw --with-pcap --with-flowlinesize -2021-09-02 (Jiri Havranek): added initializers to plugin pointers -2021-09-02 (Jiri Havranek): raw: fixed use of strncpy -2021-09-02 (Jiri Havranek): raw: removed packet_handler function -2021-09-02 (Jiri Havranek): tls: added check for null payload -2021-09-02 (Jiri Havranek): benchmark: fixed packet generation -2021-09-01 (Jiri Havranek): fixed error messages printed when loading plugin fails -2021-09-01 (Jiri Havranek): added public inheritance to record extensions classes -2021-09-01 (Jiri Havranek): updated create_plugin.sh -2021-08-31 (Jiri Havranek): throw error when load .so file fails -2021-08-31 (Jiri Havranek): text: fixed ingore mac param -2021-08-31 (Jiri Havranek): removed packet indicator, refactoring -2021-08-31 (Jiri Havranek): reworked packet and flow structures -2021-08-31 (Jiri Havranek): fixed loading of external plugins in form of .so file -2021-08-30 (Jiri Havranek): removed unused parameter -2021-08-30 (Jiri Havranek): updated README.md -2021-08-30 (Jiri Havranek): updated create_plugin.sh -2021-08-30 (Jiri Havranek): output: added text output plugin -2021-08-30 (Jiri Havranek): input: added raw plugin for reading from raw sockets -2021-08-30 (Jiri Havranek): input: added benchmark plugin -2021-08-30 (Jiri Havranek): removed hardcoded flow extension type identifiers -2021-08-30 (Jiri Havranek): reworked module -2021-07-21 (Jiri Havranek): tls: added ALPN field export - -2021-08-17 (Karel Hynek): Merge pull request #43 from CESNET/parser-segfault -2021-08-17 (Jiri Havranek): fixed segfault in parser caused by pcap_dispatch() ignoring max packet count -2021-07-28 (Karel Hynek): Merge pull request #42 from CESNET/new_version - -2021-07-28 (Jiri Havranek): changed signal stop variable -2021-07-28 (Jiri Havranek): ipfix: enum constants are used when getting template -2021-07-28 (Jiri Havranek): ipfix: added static checks for max extension count -2021-07-28 (Jiri Havranek): tlsplugin: fixed out of bounds write to an array -2021-07-28 (Jiri Havranek): improved code doc -2021-07-28 (xsiska12): ipfixprobe: increased version, updated ChangeLog, released RPM package -2021-07-28 (xsiska12): ipfixprobe: increased version, updated ChangeLog, released RPM package -2021-07-28 (Tomas Cejka): http: updated HTTP IPFIX element identifiers -2021-07-28 (Tomas Cejka): ghactions: codeql: install dependencies for build -2021-07-28 (Tomas Cejka): ghactions: add codeql template -2021-07-28 (Tomas Cejka): ghactions: limit coverity scan to coverity branch and PR to master -2021-07-28 (Tomas Cejka): ghactions: add coverage flags for codecov build -2021-07-28 (Tomas Cejka): ghactions: add codecov -2021-07-28 (Tomas Cejka): ghactions: add coverity - -2021-07-23 (Jiri Havranek): improved class variables naming -2021-07-21 (Jiri Havranek): rpm: packages are compiled with libunwind -2021-07-15 (Jiri Havranek): configure: added missing HAVE_LIBUNWIND macro define -2021-07-15 (Jiri Havranek): added missing with condition in rpm spec file -2021-07-15 (Jiri Havranek): fixed uninitialized members reported by coverity -2021-07-15 (Jiri Havranek): fixed null pointer dereferences reported by coverity -2021-07-15 (Jiri Havranek): fixed uninitialized members reported by coverity -2021-07-15 (Jiri Havranek): fixed integer handling issues reported by coverity -2021-07-15 (Jiri Havranek): configure: added --with-unwind option -2021-07-14 (Jiri Havranek): fixed stacktrace message -2021-07-14 (Jiri Havranek): ghactions: updated list of installed packages -2021-07-14 (Jiri Havranek): added stacktrace print on segmentation fault -2021-07-14 (Jiri Havranek): added export of flowEndReason IPFIX field -2021-07-14 (Jiri Havranek): systemd: added restart on failure - -2021-07-20 (Tomas Cejka): http: updated HTTP IPFIX element identifiers -2021-07-16 (Tomas Cejka): ghactions: codeql: install dependencies for build -2021-07-16 (Tomas Cejka): ghactions: add codeql template -2021-07-16 (Tomas Cejka): ghactions: limit coverity scan to coverity branch and PR to master -2021-07-15 (Tomas Cejka): ghactions: add coverage flags for codecov build -2021-07-15 (Tomas Cejka): ghactions: add codecov -2021-07-14 (Tomas Cejka): ghactions: add coverity -2021-06-24 (Jiri Havranek): added compile time checks for cache and cache line sizes -2021-06-24 (Jiri Havranek): systemd: added configuration option CACHE_SIZE -2021-06-22 (Jiri Havranek): ndp: fixed compilation -2021-06-21 (Jiri Havranek): pstats: fixed invalid timestamps being exported on bigendian arch -2021-06-21 (Jiri Havranek): fixed issues with endianess -2021-06-21 (Jiri Havranek): moved packet headers to headers.h file -2021-06-21 (Jiri Havranek): added header file for u_char type -2021-06-21 (Jiri Havranek): fixed segfault when using flow cache stats plugin -2021-06-21 (Jiri Havranek): configure: added flowcachesize parameter -2021-06-18 (Jiri Havranek): fixed invalid timestamps when exporting in IPFIX format -2021-06-17 (Jiri Havranek): smtp: fixed buffer overflow when parsing some fields -2021-06-17 (Jiri Havranek): http: fixed buffer overflow when parsing method -2021-06-17 (Jiri Havranek): http: fixed parsing of header lines -2021-05-30 (Tomas Cejka): build: tplink: problem with endian checks in header file -2021-05-30 (Tomas Cejka): build: fixed errors on turris, missing header time.h, missing u_char - -2021-06-08 (Jiri Havranek): fixed missing constant in older libpcap versions -2021-05-15 (Jiri Havranek): stats are not printed when until init phase ends -2021-05-15 (Jiri Havranek): cygwin compatibility modifications -2021-05-14 (Pavel Valach): wgplugin: preallocate RecordExtWG -2021-05-10 (Pavel Valach): README: added WG (WireGuard) section -2021-05-10 (Pavel Valach): wgplugin: parse_wg: fix coding style -2021-05-10 (Pavel Valach): Makefile.am: included wg-sample.pcap in EXTRA_DIST -2021-04-27 (Pavel Valach): tests: wgplugin - added handshake with cookie reply (under load) -2021-04-27 (Pavel Valach): tests/test_reference/wg: fixed order of flows and zeroized LINK_BIT_FIELD -2021-04-27 (Pavel Valach): tests: added test for WireGuard plugin -2021-04-27 (Pavel Valach): wgplugin.parse_wg: use switch statement instead of else ifs -2021-04-27 (Pavel Valach): wgplugin: removed debug lines -2021-04-27 (Pavel Valach): wgplugin: added WG_CONF_LEVEL field to indicate whether this is WireGuard packet or not -2021-04-26 (Pavel Valach): wgplugin: add strict length checks for packet types -2021-04-24 (Jiri Havranek): cache: export TCP flows when ports are reused -2021-04-24 (Jiri Havranek): pstats: added seq overflow check when skipping TCP retransmissions -2021-04-23 (Jiri Havranek): fixed ndp compilation -2021-04-23 (Jiri Havranek): refactored input plugins, improved coding style -2021-04-23 (Jiri Havranek): improved coding style -2021-04-23 (Jiri Havranek): removed ARP plugin -2021-04-21 (Jiri Havranek): pstats: fixed packet retransmission detection -2021-04-18 (Karel Hynek): BUGFIX: Corrected calculation of histograms -2021-04-16 (Jiri Havranek): pstats: added new option skipdup to not include TCP retransmissions in plugin output -2021-04-13 (Pavel Valach): wgplugin: added cstring import -2021-04-10 (Pavel Valach): wgplugin: split flows during new handshakes -2021-04-09 (Pavel Valach): wgplugin: delete useless comparison -2021-04-09 (Pavel Valach): wgplugin: assign src_peer and dst_peer properly -2021-04-08 (Pavel Valach): wgplugin: do not flush the flow after recognition -2021-04-01 (Jiri Havranek): fixed infinity loop when parsing TCP options -2021-03-28 (Pavel Valach): wgplugin.h, wgplugin.cpp: initialize types to zeros -2021-03-28 (Pavel Valach): wgplugin.cpp: memcpy for sender and receiver fields wgplugin.h: implemented fillUnirec -2021-03-24 (Tomas Cejka): ipfixprobed: extend service to support list of interfaces -2021-03-24 (Tomas Cejka): ipfixprobed: extend service to support list of interfaces -2021-03-24 (Jiri Havranek): fixed segfault when using unirec output -2021-03-24 (Jiri Havranek): improved module arguments -2021-03-22 (Jiri Havranek): fixed -c parameter -2021-03-22 (Pavel Valach): WGPlugin: fixed packet type check during parsing -2021-03-22 (Pavel Valach): WGPlugin: specifically checking for zeroes in header now -2021-03-22 (Pavel Valach): WGPlugin: implement basic post_update -2021-03-22 (Pavel Valach): First attempt of Wireguard parsing code -2021-03-21 (Pavel Valach): First iteration of WireGuard detection plugin -2021-03-17 (Jiri Havranek): tests: added additional path to search for logger executable -2021-03-17 (Jiri Havranek): improved help string for -n parameter -2021-03-17 (Jiri Havranek): removed flow_meter references -2021-03-17 (Jiri Havranek): ipfiexporter: added configurable MTU -2021-03-16 (Jiri Havranek): fixed ipfix export dropping flow records sometimes -2021-03-11 (Karel Hynek): PHISTS: fixed typo in README -2021-03-10 (Jiri Havranek): fixed some inactive flows not being exported -2021-03-10 (Jiri Havranek): fixed last flow in export queue not being exported -2021-03-10 (Jiri Havranek): added status message for each input -2021-03-10 (Jiri Havranek): fixed memory leaks -2021-03-10 (Jiri Havranek): removed unused code -2021-03-09 (Jiri Havranek): added output rate limiting -2021-03-01 (Jiri Havranek): ndpreader: fixed unexpected end of capture -2021-02-14 (Karel Hynek): Uncrustyfy now checks for spaces after if,for,switch... -2021-02-11 (Jiri Havranek): fixed segfault -2021-02-11 (Jiri Havranek): fixed initialization of ndp reader counters -2021-02-11 (Jiri Havranek): improved user messages -2021-02-10 (Jiri Havranek): fixed last packet block not being read when reading from file -2021-02-10 (Jiri Havranek): fixed build -2021-02-10 (Jiri Havranek): separated input and storage plugins to separated threads -2021-02-06 (Jiri Havranek): added deduplication of exported flows in ipifx export -2021-02-06 (Jiri Havranek): fixed RTSP plugin ipfix export -2021-02-06 (Jiri Havranek): fixed RTSP plugin cleanup -2021-02-06 (Jiri Havranek): fixed inactive timeout check -2021-01-27 (Jiri Havranek): changed strategy of checking inactive timeout -2021-01-23 (Jiri Havranek): flow export separated to another thread - -2021-02-24 (Jiri Havranek): phist: improved coding style -2021-02-24 (Karel Hynek): PHISTS: Changed histogram array type: uint16* -> uint32* -2021-02-24 (Karel Hynek): PHISTS: added creation of size histogram for individual directions, added creation of IPT histograms for individual directions -2021-02-24 (Karel Hynek): PHISTS: incorporated plugin into ipfixprobe FIX main -2021-02-24 (Karel Hynek): PHISTS: modified README -2021-02-24 (Karel Hynek): PHISTS: added tests FIX test -2021-02-24 (Karel Hynek): PHISTS: added creation of size histogram for individual directions, added creation of IPT histograms for individual directions -2021-02-24 (Karel Hynek): PHISTS: incorporated plugin into ipfixprobe FIX main -2021-02-24 (Karel Hynek): PHISTS: Initial commit -2021-02-16 (Karel Hynek): BSTATS: Improved coding style -2021-02-16 (Karel Hynek): BSTATS: Moved RecordExtBSTATS initialisation to constructor -2021-02-16 (Karel Hynek): BSTATS: changed burst size calculation -2021-02-16 (Karel Hynek): BSTATS: updated readme -2021-02-16 (Karel Hynek): BSTATS: added plugin tests -2021-02-16 (Karel Hynek): BSTATS: added ipfix export -2021-02-16 (Karel Hynek): BSTATS: implemented burst recognition and their export to unirec -2021-02-13 (Karel Hynek): BSTATS: plugin creation -2021-02-12 (Jiri Havranek): fixed parsing of malformed packets -2021-02-12 (Karel Hynek): BASICPLUS: Fixed infinite loop with zero-length options -2021-02-12 (Karel Hynek): BASICPLUS: Added TCP SYN size and fixed MSS IPFIX field definition -2021-02-11 (Jiri Havranek): updated README.md -2021-02-11 (Jiri Havranek): fixed arp plugin test -2021-02-11 (Jiri Havranek): updated README.md -2021-02-11 (Jiri Havranek): updated create_plugin.sh -2021-02-11 (Karel Hynek): fixed distcheck -2021-02-11 (Jiri Havranek): added basicplus plugin exporting additional IP and TCP fields -2021-01-25 (Karel Hynek): NEW CLASS: ipfix-basiclist represent the basic list structure -2021-01-25 (Karel Hynek): PSTATS plugin: edited IPFIX export, now it uses basic list class -2021-01-25 (Karel Hynek): Added .gitignore file -2021-01-13 (Karel Hynek): PSTATS: fixed wrong packet length value when packet trimming is used -2021-01-10 (Karel Hynek): Fixed distcheck -2021-01-10 (Karel Hynek): updated pstats test-reference -2021-01-10 (Karel Hynek): Added pstats plugin option for including/excluding zero-length packets -2021-01-05 (Jiri Havranek): tests: updated tests to new timestamp precision -2021-01-05 (Jiri Havranek): pcapreader: fixed payload length computation when packet contains additional data at the end -2020-12-11 (Karel Hynek): PSTATS: changed exported packet length to payload_length -2020-12-01 (Jiri Havranek): idpcontent: fixed wrong method param -2020-12-01 (Jiri Havranek): pstats: unused code cleanup -2020-12-01 (Jiri Havranek): idpcontent: fixed packet payload content export when using flush -2020-12-01 (Jiri Havranek): pstats: fixed exported packet stats when flushing flow -2020-11-24 (Tomas Cejka): actions: test with nemea reference data -2020-11-19 (Tomas Cejka): travis: add dependencies -2020-11-19 (Tomas Cejka): travis: remove branch limit -2020-11-19 (Tomas Cejka): travis&coverity: try to update token, completed build command -2020-11-19 (lePici): Coverity: change to official example -2020-11-19 (lePici): Coverity: change secure token -2020-11-19 (lePici): Travis: delete 'master' branch in .travis.yml -2020-11-19 (lePici): Travis: delete 'travis' branch in .travis.yml -2020-11-19 (lePici): Travis: added script section in .travis.yml file -2020-11-19 (lePici): Travis: added .travis.yml file -2020-11-12 (Karel Hynek): Fixed RPM build when using libndp -2020-11-11 (Jiri Havranek): fixed compilation when libndp is used -2020-11-07 (Tomas Cejka): build: unify indentation -2020-10-22 (Jiri Havranek): Update netbiosplugin.cpp -2020-10-22 (Jiri Havranek): Update netbiosplugin.h -2020-10-19 (xsedla1o): NetBIOS: Fixed dist build error -2020-10-19 (xsedla1o): NetBIOS: Changed suffix type from bytes to uint8 -2020-10-19 (xsedla1o): NetBIOS: Review requested changes -2020-10-19 (xsedla1o): NetBIOS: Added return value to store_first_query -2020-10-19 (xsedla1o): NetBIOS: Fixed build without NEMEA -2020-10-19 (xsedla1o): NetBIOS: Whitespace changes -2020-10-19 (xsedla1o): NetBIOS: Added plugin test -2020-10-19 (xsedla1o): NetBIOS: Added stats -2020-10-19 (xsedla1o): NetBIOS: Implemented NBNS parsing -2020-10-19 (xsedla1o): NetBIOS: Changed export fields -2020-10-19 (xsedla1o): NetBIOS: Formatting -2020-10-19 (xsedla1o): NetBIOS: Filled in export base -2020-10-19 (xsedla1o): NetBIOS: Created plugin - -2020-11-01 (Jiri Havranek): improved conversion from microseconds to fraction when exporting ipfix -2020-10-30 (Jiri Havranek): increased exported timestamp precision to microseconds -2020-10-30 (Jiri Havranek): fixed payload length computation for frames shorter than 64 bytes -2020-10-23 (Karel Hynek): removed unused code -2020-10-23 (Karel Hynek): IDPContent plugin: BUGFIX! Improved condition for export IDP content. -2020-10-09 (Karel Hynek): added uncrustify config -2020-10-09 (Karel Hynek): idpcontent plugin: changed c-style cast to c++ static cast -2020-10-09 (Karel Hynek): create_plugin: fixed name inconsistency, added nemea ifndef -2020-10-09 (Karel Hynek): updated readme for IDPContent plugin unirec fields -2020-10-08 (Karel Hynek): idpcontent plugin: fix compile error -2020-10-08 (Karel Hynek): idpcontent plugin: improved coding style -2020-10-08 (Karel Hynek): idpcontent plugin: added tests -2020-10-08 (Karel Hynek): idpcontent plugin: added ipfix support -2020-10-08 (Karel Hynek): IDPContent plugin: Added export of initial data packets content -2020-10-08 (Karel Hynek): Created idpcontent plugin -2020-10-08 (Karel Hynek): create_plugin.sh: name inconsistency FIX -2020-10-05 (Tomas Cejka): build: check for libpcap and fail if missing -2020-10-05 (Lukas Hutak): systemd: introduce ipfixprobe-monitoring.target, minor fixes -2020-10-04 (Tomas Cejka): conf: fixed dnssd name in the example -2020-10-04 (Tomas Cejka): build: add distcheck setting about systemd, skip tests without NEMEA -2020-10-04 (Tomas Cejka): rpm: add systemd service -2020-09-29 (Jiri Havranek): pcapreader: added support for SLL link type - -2020-09-14 (xsedla1o): TLS Plugin: Removed total packet count from stats -2020-09-14 (xsedla1o): TLS Plugin: Updated tests -2020-09-14 (xsedla1o): TLS Plugin: Changed TLS_JA3 field type to bytes instead of string -2020-09-14 (xsedla1o): TLS Plugin: Fixed exporting only when SNI is parsed -2020-09-08 (Karel Hynek): TLS plugin: removed 443 port condition, updated coding style, removed compile warning in md5 -2020-09-08 (Karel Hynek): TLS plugin: skip GREASE values in JA3, updated tests -2020-09-04 (xsedla1o): tls: removed unused arguments -2020-09-04 (xsedla1o): tls: updated tests, removed debug prints -2020-09-04 (xsedla1o): tls: renamed export field -2020-09-03 (xsedla1o): tls: added export field for ja3 hash -2020-08-31 (xsedla1o): https: renamed to tls plugin -2020-08-31 (xsedla1o): https: refactoring -2020-08-31 (xsedla1o): https: fix build error -2020-08-31 (xsedla1o): https: add md5 hash and proper debug prints -2020-08-30 (xsedla1o): https: extract fields for ja3 fingerprint -2020-08-24 (Tomas Cejka): build: skip getopt parameters init when NEMEA is linked - -2020-08-04 (Karel Hynek): flow_meter: renamed vpndetector plugin to ovpn plugin -2020-08-03 (Tomáš Čejka): flow_meter: BUGFIX inconsistent TRILL struct for BIG_ENDIAN -2020-07-31 (xsedla1o): flow_meter: ssdp: added stats -2020-07-31 (xsedla1o): flow_meter: ssdp: Reworked parse_loc_port() -2020-07-29 (Jiri Havranek): flow_meter: added RTSP parsing plugin prototype -2020-07-29 (Jiri Havranek): flow_meter: exporting 8 bits of TCP flags -2020-07-27 (Tomas Cejka): flow_meter: MAINTENANCE deduplicate list of supported plugins -2020-07-27 (Jiri Havranek): flow_meter: http: now parsing protocol on all ports -2020-07-17 (xsedla1o): flow_meter: dns-sd: adopted code from dnsplugin -2020-07-15 (xsedla1o): flow_meter: dns-sd: created plugin files -2020-07-14 (xsedla1o): flow_meter: ssdp: implemented export functions -2020-07-14 (xsedla1o): flow_meter: created ssdp plugin files -2020-06-08 (Tomas Cejka): flow_meter: pstats: update readme - list of UniRec fields -2020-06-03 (Jiri Havranek): flow_meter: added support for trill -2020-06-03 (optical-o): flow_meter: Added support for selecting NDP DMA channel -2020-06-02 (Tomas Benes): flow_meter: Added NDP Packet receiver -2020-06-02 (Tomas Benes): flow_meter: Added nfbCInterface library -2020-05-05 (Jiri Havranek): flow_meter: added test for pstats plugin -2020-05-05 (Tomáš Čejka): flow_meter: ppi: rename fields to ipfixcol2-unirec-output -2020-05-04 (Tomáš Čejka): flow_meter: ppi: merge stats array and add directions -2020-05-04 (Jiri Havranek): flow_meter: plugins updated to work correctly with biflow related modifications, fixed tests -2020-04-30 (Jiri Havranek): flow_meter: updated pstats plugin to export stats for biflow -2020-04-27 (Karel Hynek): flow_meter: Changed numbers of IPFIX elements in pstats plugin -2020-04-26 (Jiri Havranek): flow_meter: fixed export of total byte count for IPv6 flows -2020-04-26 (Jiri Havranek): flow_meter: now exporting biflow only -2020-04-07 (Tomáš Čejka): flow_meter: bugfix: check return value of UR create template -2020-04-07 (Tomáš Čejka): flow_meter: create_plugin - updated guide -2019-04-12 (Tomas Cejka): flow_meter: update test references - MAC address representation -2018-12-23 (Tomas Cejka): flow_meter: ipfixprobe without libtrap dependency -2018-09-17 (Filip Šuster): [flow_meter] Fix exported HTTP field names (#91) diff --git a/README.md b/README.md index d4b39f835..46ef062ba 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ Here are the examples of various plugins usage: `./ipfixprobe -i 'dpdk-ring;r=rx_ipfixprobe_0;e= --proc-type=secondary' -i 'dpdk-ring;r=rx_ipfixprobe_1' -i 'dpdk-ring;r=rx_ipfixprobe_2' -i 'dpdk-ring;r=rx_ipfixprobe_3' -o 'text'` ``` -## Build +## Build ### Requirements - libatomic @@ -129,7 +129,7 @@ To install ipfixprobe with NEMEA dependency from binary RPM packages, it is poss ## Telemetry -`ipfixprobe` exports statistics and other diagnostic information through a telemetry interface based on appFs library, which leverages the fuse3 library (filesystem in userspace) to allow telemetry data to be accessed and manipulated +`ipfixprobe` exports statistics and other diagnostic information through a telemetry interface based on appFs library, which leverages the fuse3 library (filesystem in userspace) to allow telemetry data to be accessed and manipulated through standard filesystem operations. ``` @@ -264,4 +264,3 @@ Turn off message buffering using `buffer=off` option and set `timeout=WAIT` on o ``` ./ipfixprobe -i 'pcap;file=traffic.pcap' -o 'unirec;i=u:out:timeout=WAIT:buffer=off' ``` - diff --git a/aminclude.am b/aminclude.am deleted file mode 100644 index d8103bed5..000000000 --- a/aminclude.am +++ /dev/null @@ -1,10 +0,0 @@ -BUILT_SOURCES = fields.h fields.c - -fields.h: - $(UNIRECPROC) -i ./ -o ./ - -fields.c: fields.h - - -CLEANFILES = fields.c fields.h - diff --git a/cmake/build_type.cmake b/cmake/build_type.cmake new file mode 100644 index 000000000..235e2ce30 --- /dev/null +++ b/cmake/build_type.cmake @@ -0,0 +1,11 @@ +# Define default build type and supported options. +set(DEFAULT_BUILD_TYPE "Release") + +if (NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES) + message(STATUS + "Setting build type to '${DEFAULT_BUILD_TYPE}' as none was specified.") + set(CMAKE_BUILD_TYPE ${DEFAULT_BUILD_TYPE} + CACHE STRING "build type" FORCE) + set_property(CACHE CMAKE_BUILD_TYPE + PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo") +endif() diff --git a/cmake/dependencies.cmake b/cmake/dependencies.cmake new file mode 100644 index 000000000..2459ed45c --- /dev/null +++ b/cmake/dependencies.cmake @@ -0,0 +1,37 @@ +# Project dependencies +find_package(PkgConfig REQUIRED) + +find_package(Threads REQUIRED) +find_package(Atomic REQUIRED) +find_package(Unwind REQUIRED) +find_package(LZ4 REQUIRED) +find_package(OpenSSL REQUIRED) + +if (ENABLE_INPUT_PCAP) + pkg_check_modules(PCAP REQUIRED libpcap) +endif() + +if (ENABLE_INPUT_DPDK) + pkg_check_modules(DPDK REQUIRED libdpdk) +endif() + +if (ENABLE_INPUT_NFB) + find_package(NFB REQUIRED) + find_package(NUMA REQUIRED) +endif() + +if (ENABLE_OUTPUT_UNIREC OR ENABLE_NEMEA) + find_package(LIBTRAP REQUIRED) + find_package(UNIREC REQUIRED) +endif() + +if (ENABLE_TESTS) + execute_process( + COMMAND rpm -q nemea-modules + RESULT_VARIABLE NEMEA_INSTALLED + OUTPUT_QUIET ERROR_QUIET + ) + if (NOT NEMEA_INSTALLED EQUAL 0) + message(FATAL_ERROR "NEMEA modules package is missing! Install it using: dnf install nemea-modules") + endif() +endif() diff --git a/cmake/installation.cmake b/cmake/installation.cmake new file mode 100644 index 000000000..84457975d --- /dev/null +++ b/cmake/installation.cmake @@ -0,0 +1,43 @@ +# The purpose of this file is to automatically determine install directories. +# +# If no directories are defined, use GNU install directories by default. +# However, in case of RPM build, install directories are typically passed +# to CMake as definitions that overwrites the default paths. +# + +include(GNUInstallDirs) + +set(INSTALL_DIR_BIN ${CMAKE_INSTALL_FULL_BINDIR}) + +if (DEFINED LIB_INSTALL_DIR) + set(INSTALL_DIR_LIB ${LIB_INSTALL_DIR}) +else() + set(INSTALL_DIR_LIB ${CMAKE_INSTALL_FULL_LIBDIR}) +endif() + +if (DEFINED INCLUDE_INSTALL_DIR) + set(INSTALL_DIR_INCLUDE ${INCLUDE_INSTALL_DIR}) +else() + set(INSTALL_DIR_INCLUDE ${CMAKE_INSTALL_FULL_INCLUDEDIR}) +endif() + +if (DEFINED SYSCONF_INSTALL_DIR) + set(INSTALL_DIR_SYSCONF ${SYSCONF_INSTALL_DIR}) +else() + set(INSTALL_DIR_SYSCONF ${CMAKE_INSTALL_FULL_SYSCONFDIR}) +endif() + +if (DEFINED SHARE_INSTALL_PREFIX) + set(INSTALL_DIR_SHARE ${SHARE_INSTALL_PREFIX}) +else() + set(INSTALL_DIR_SHARE ${CMAKE_INSTALL_FULL_DATAROOTDIR}) +endif() + +if(DEFINED SYSTEMD_UNIT_DIR) + set(INSTALL_UNIT_DIR ${SYSTEMD_UNIT_DIR}) +else() + set(INSTALL_UNIT_DIR ${CMAKE_INSTALL_PREFIX}/lib/systemd/system) +endif() + +set(INSTALL_DIR_MAN "${INSTALL_DIR_SHARE}/man/") +set(INSTALL_DIR_DOC "${INSTALL_DIR_SHARE}/doc/${CMAKE_PROJECT_NAME}/") diff --git a/cmake/modules/FindAtomic.cmake b/cmake/modules/FindAtomic.cmake new file mode 100644 index 000000000..9c8a2a39d --- /dev/null +++ b/cmake/modules/FindAtomic.cmake @@ -0,0 +1,28 @@ +# Try to find libatomic +# Once done, this will define +# +# ATOMIC_FOUND - system has libatomic +# ATOMIC_LIBRARIES - libraries needed to use libatomic +# + +find_library(ATOMIC_LIBRARY + NAMES atomic libatomic.so.1 + HINTS ${ATOMIC_ROOT} ${CMAKE_INSTALL_LIBDIR}) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args (Atomic + REQUIRED_VARS ATOMIC_LIBRARY +) + +if (ATOMIC_FOUND AND NOT TARGET atomic::atomic) + add_library(atomic::atomic STATIC IMPORTED) + set_target_properties(atomic::atomic PROPERTIES + IMPORTED_LOCATION "${ATOMIC_LIBRARY}" + INTERFACE_INCLUDE_DIRECTORIES "${ATOMIC_INCLUDE_DIR}") + target_compile_definitions(atomic::atomic INTERFACE UNWIND_FOUND) +else() + message(CRITICAL "Notice: atomic not found") + add_library(atomic::atomic INTERFACE IMPORTED) +endif() + +unset(ATOMIC_LIBRARY) diff --git a/cmake/modules/FindLIBTRAP.cmake b/cmake/modules/FindLIBTRAP.cmake new file mode 100644 index 000000000..4b50bc58e --- /dev/null +++ b/cmake/modules/FindLIBTRAP.cmake @@ -0,0 +1,59 @@ +# Find the libtrap includes and library +# +# This module defines the following IMPORTED targets: +# +# trap::trap - The "trap" library, if found. +# +# This module will set the following variables in your project: +# +# LIBTRAP_INCLUDE_DIRS - where to find , etc. +# LIBTRAP_LIBRARIES - List of libraries when using libtrap. +# LIBTRAP_FOUND - True if the libtrap has been found. + +# Use pkg-config (if available) to get the library directories and then use +# these values as hints for find_path() and find_library() functions. +find_package(PkgConfig QUIET) +if (PKG_CONFIG_FOUND) + pkg_check_modules(PC_LIBTRAP QUIET libtrap) +endif() + +find_path( + LIBTRAP_INCLUDE_DIR libtrap/trap.h + HINTS ${PC_LIBTRAP_INCLUDEDIR} ${PC_LIBTRAP_INCLUDE_DIRS} + PATH_SUFFIXES include +) + +find_library( + LIBTRAP_LIBRARY NAMES trap libtrap + HINTS ${PC_LIBTRAP_LIBDIR} ${PC_LIBTRAP_LIBRARY_DIRS} + PATH_SUFFIXES lib lib64 +) + +if (PC_LIBTRAP_VERSION) + # Version extracted from pkg-config + set(LIBTRAP_VERSION_STRING ${PC_LIBTRAP_VERSION}) +endif() + +# Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set +# LIBTRAP_FOUND to TRUE if all listed variables are filled. +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args( + LIBTRAP + REQUIRED_VARS LIBTRAP_LIBRARY LIBTRAP_INCLUDE_DIR + VERSION_VAR LIBTRAP_VERSION_STRING +) + +set(LIBTRAP_INCLUDE_DIRS ${LIBTRAP_INCLUDE_DIR}) +set(LIBTRAP_LIBRARIES ${LIBTRAP_LIBRARY}) +mark_as_advanced(LIBTRAP_INCLUDE_DIR LIBTRAP_LIBRARY) + +if (LIBTRAP_FOUND) + # Create imported library with all dependencies + if (NOT TARGET trap::trap AND EXISTS "${LIBTRAP_LIBRARIES}") + add_library(trap::trap UNKNOWN IMPORTED) + set_target_properties(trap::trap PROPERTIES + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${LIBTRAP_LIBRARIES}" + INTERFACE_INCLUDE_DIRECTORIES "${LIBTRAP_INCLUDE_DIRS}") + endif() +endif() diff --git a/cmake/modules/FindLZ4.cmake b/cmake/modules/FindLZ4.cmake new file mode 100644 index 000000000..e7e80630d --- /dev/null +++ b/cmake/modules/FindLZ4.cmake @@ -0,0 +1,130 @@ +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying +# file Copyright.txt or https://cmake.org/licensing for details. + +#[=======================================================================[.rst: +FindLZ4 +------- + +Find the LZ4 include directory and library. + +Use this module by invoking find_package with the form:: + +.. code-block:: cmake + + find_package(LZ4 + [version] # Minimum version e.g. 1.8.0 + [REQUIRED] # Fail with error if LZ4 is not found + ) + +Imported targets +^^^^^^^^^^^^^^^^ + +This module defines the following :prop_tgt:`IMPORTED` targets: + +.. variable:: lz4::lz4 + + Imported target for using the LZ4 library, if found. + +Result variables +^^^^^^^^^^^^^^^^ + +.. variable:: LZ4_FOUND + + Set to true if LZ4 library found, otherwise false or undefined. + +.. variable:: LZ4_INCLUDE_DIRS + + Paths to include directories listed in one variable for use by LZ4 client. + +.. variable:: LZ4_LIBRARIES + + Paths to libraries to linked against to use LZ4. + +.. variable:: LZ4_VERSION + + The version string of LZ4 found. + +Cache variables +^^^^^^^^^^^^^^^ + +For users who wish to edit and control the module behavior, this module +reads hints about search locations from the following variables:: + +.. variable:: LZ4_INCLUDE_DIR + + Path to LZ4 include directory with ``lz4.h`` header. + +.. variable:: LZ4_LIBRARY + + Path to LZ4 library to be linked. + +NOTE: The variables above should not usually be used in CMakeLists.txt files! + +#]=======================================================================] + +### Find library ############################################################## + +if(NOT LZ4_LIBRARY) + find_library(LZ4_LIBRARY_RELEASE NAMES lz4) + find_library(LZ4_LIBRARY_DEBUG NAMES lz4d) + + include(SelectLibraryConfigurations) + select_library_configurations(LZ4) +else() + file(TO_CMAKE_PATH "${LZ4_LIBRARY}" LZ4_LIBRARY) +endif() + +### Find include directory #################################################### +find_path(LZ4_INCLUDE_DIR NAMES lz4.h) + +if(LZ4_INCLUDE_DIR AND EXISTS "${LZ4_INCLUDE_DIR}/lz4.h") + file(STRINGS "${LZ4_INCLUDE_DIR}/lz4.h" _lz4_h_contents + REGEX "#define LZ4_VERSION_[A-Z]+[ ]+[0-9]+") + string(REGEX REPLACE "#define LZ4_VERSION_MAJOR[ ]+([0-9]+).+" "\\1" + LZ4_VERSION_MAJOR "${_lz4_h_contents}") + string(REGEX REPLACE ".+#define LZ4_VERSION_MINOR[ ]+([0-9]+).+" "\\1" + LZ4_VERSION_MINOR "${_lz4_h_contents}") + string(REGEX REPLACE ".+#define LZ4_VERSION_RELEASE[ ]+([0-9]+).*" "\\1" + LZ4_VERSION_RELEASE "${_lz4_h_contents}") + set(LZ4_VERSION "${LZ4_VERSION_MAJOR}.${LZ4_VERSION_MINOR}.${LZ4_VERSION_RELEASE}") + unset(_lz4_h_contents) +endif() + +### Set result variables ###################################################### +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LZ4 DEFAULT_MSG + LZ4_LIBRARY LZ4_INCLUDE_DIR LZ4_VERSION) + +mark_as_advanced(LZ4_INCLUDE_DIR LZ4_LIBRARY) + +set(LZ4_LIBRARIES ${LZ4_LIBRARY}) +set(LZ4_INCLUDE_DIRS ${LZ4_INCLUDE_DIR}) + +### Import targets ############################################################ +if(LZ4_FOUND) + if(NOT TARGET lz4::lz4) + add_library(lz4::lz4 UNKNOWN IMPORTED) + set_target_properties(lz4::lz4 PROPERTIES + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + INTERFACE_INCLUDE_DIRECTORIES "${LZ4_INCLUDE_DIR}") + + if(LZ4_LIBRARY_RELEASE) + set_property(TARGET lz4::lz4 APPEND PROPERTY + IMPORTED_CONFIGURATIONS RELEASE) + set_target_properties(lz4::lz4 PROPERTIES + IMPORTED_LOCATION_RELEASE "${LZ4_LIBRARY_RELEASE}") + endif() + + if(LZ4_LIBRARY_DEBUG) + set_property(TARGET lz4::lz4 APPEND PROPERTY + IMPORTED_CONFIGURATIONS DEBUG) + set_target_properties(lz4::lz4 PROPERTIES + IMPORTED_LOCATION_DEBUG "${LZ4_LIBRARY_DEBUG}") + endif() + + if(NOT LZ4_LIBRARY_RELEASE AND NOT LZ4_LIBRARY_DEBUG) + set_property(TARGET lz4::lz4 APPEND PROPERTY + IMPORTED_LOCATION "${LZ4_LIBRARY}") + endif() + endif() +endif() diff --git a/cmake/modules/FindNFB.cmake b/cmake/modules/FindNFB.cmake new file mode 100644 index 000000000..54f148ddf --- /dev/null +++ b/cmake/modules/FindNFB.cmake @@ -0,0 +1,59 @@ +# Find the nfb-framework includes and library +# +# This module defines the following IMPORTED targets: +# +# nfb::nfb - The "nfb" library, if found. +# +# This module will set the following variables in your project: +# +# NFB_INCLUDE_DIRS - where to find , etc. +# NFB_LIBRARIES - List of libraries when using nfb-framework. +# NFB_FOUND - True if the framework has been found. + +# Use pkg-config (if available) to get the library directories and then use +# these values as hints for find_path() and find_library() functions. +find_package(PkgConfig QUIET) +if (PKG_CONFIG_FOUND) + pkg_check_modules(PC_NFB QUIET nfb-framework) +endif() + +find_path( + NFB_INCLUDE_DIR nfb/nfb.h + HINTS ${PC_NFB_INCLUDEDIR} ${PC_NFB_INCLUDE_DIRS} + PATH_SUFFIXES include +) + +find_library( + NFB_LIBRARY NAMES nfb libnfb + HINTS ${PC_NFB_LIBDIR} ${PC_NFB_LIBRARY_DIRS} + PATH_SUFFIXES lib lib64 +) + +if (PC_NFB_VERSION) + # Version extracted from pkg-config + set(NFB_VERSION_STRING ${PC_NFB_VERSION}) +endif() + +# Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set +# NFB_FOUND to TRUE if all listed variables are filled. +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args( + NFB + REQUIRED_VARS NFB_LIBRARY NFB_INCLUDE_DIR + VERSION_VAR NFB_VERSION_STRING +) + +set(NFB_INCLUDE_DIRS ${NFB_INCLUDE_DIR}) +set(NFB_LIBRARIES ${NFB_LIBRARY}) +mark_as_advanced(NFB_INCLUDE_DIR NFB_LIBRARY) + +if (NFB_FOUND) + # Create imported library with all dependencies + if (NOT TARGET nfb::nfb AND EXISTS "${NFB_LIBRARIES}") + add_library(nfb::nfb UNKNOWN IMPORTED) + set_target_properties(nfb::nfb PROPERTIES + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${NFB_LIBRARIES}" + INTERFACE_INCLUDE_DIRECTORIES "${NFB_INCLUDE_DIRS}") + endif() +endif() diff --git a/cmake/modules/FindNUMA.cmake b/cmake/modules/FindNUMA.cmake new file mode 100644 index 000000000..9aa96a004 --- /dev/null +++ b/cmake/modules/FindNUMA.cmake @@ -0,0 +1,28 @@ +# ~~~ +# - Try to find NUMA include dirs and libraries +# +# Usage of this module as follows: +# +# find_package(NUMA) +# +# Variables defined by this module: +# +# NUMA_FOUND System has NUMA include and library dirs found +# NUMA_INCLUDE_DIR The NUMA include directories. +# NUMA_LIBRARY The NUMA library +# ~~~ + +find_library(NUMA_LIBRARY numa) +find_path(NUMA_INCLUDE_DIR numa.h) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args( + NUMA + REQUIRED_VARS NUMA_INCLUDE_DIR NUMA_LIBRARY + FAIL_MESSAGE "NUMA not found! Try to install numactl-devel package.") + +if(NUMA_FOUND AND NOT TARGET numa::numa) + add_library(numa::numa INTERFACE IMPORTED) + set_property(TARGET numa::numa PROPERTY INTERFACE_LINK_LIBRARIES "${NUMA_LIBRARY}") + set_property(TARGET numa::numa PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${NUMA_INCLUDE_DIR}") +endif() diff --git a/cmake/modules/FindUNIREC.cmake b/cmake/modules/FindUNIREC.cmake new file mode 100644 index 000000000..28411f000 --- /dev/null +++ b/cmake/modules/FindUNIREC.cmake @@ -0,0 +1,59 @@ +# Find the unirec includes and library +# +# This module defines the following IMPORTED targets: +# +# unirec::unirec - The "unirec" library, if found. +# +# This module will set the following variables in your project: +# +# UNIREC_INCLUDE_DIRS - where to find , etc. +# UNIREC_LIBRARIES - List of libraries when using unirec. +# UNIREC_FOUND - True if the unirec has been found. + +# Use pkg-config (if available) to get the library directories and then use +# these values as hints for find_path() and find_library() functions. +find_package(PkgConfig QUIET) +if (PKG_CONFIG_FOUND) + pkg_check_modules(PC_UNIREC QUIET UNIREC) +endif() + +find_path( + UNIREC_INCLUDE_DIR unirec/unirec.h + HINTS ${PC_UNIREC_INCLUDEDIR} ${PC_UNIREC_INCLUDE_DIRS} + PATH_SUFFIXES include +) + +find_library( + UNIREC_LIBRARY NAMES unirec libunirec + HINTS ${PC_UNIREC_LIBDIR} ${PC_UNIREC_LIBRARY_DIRS} + PATH_SUFFIXES lib lib64 +) + +if (PC_UNIREC_VERSION) + # Version extracted from pkg-config + set(UNIREC_VERSION_STRING ${PC_UNIREC_VERSION}) +endif() + +# Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set +# UNIREC_FOUND to TRUE if all listed variables are filled. +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args( + UNIREC + REQUIRED_VARS UNIREC_LIBRARY UNIREC_INCLUDE_DIR + VERSION_VAR UNIREC_VERSION_STRING +) + +set(UNIREC_INCLUDE_DIRS ${UNIREC_INCLUDE_DIR}) +set(UNIREC_LIBRARIES ${UNIREC_LIBRARY}) +mark_as_advanced(UNIREC_INCLUDE_DIR UNIREC_LIBRARY) + +if (UNIREC_FOUND) + # Create imported library with all dependencies + if (NOT TARGET unirec::unirec AND EXISTS "${UNIREC_LIBRARIES}") + add_library(unirec::unirec UNKNOWN IMPORTED) + set_target_properties(unirec::unirec PROPERTIES + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${UNIREC_LIBRARIES}" + INTERFACE_INCLUDE_DIRECTORIES "${UNIREC_INCLUDE_DIRS}") + endif() +endif() diff --git a/cmake/modules/FindUnwind.cmake b/cmake/modules/FindUnwind.cmake new file mode 100644 index 000000000..10f4f5587 --- /dev/null +++ b/cmake/modules/FindUnwind.cmake @@ -0,0 +1,45 @@ +# Find unwind library +# Once done this will define +# +# UNWIND_FOUND - system has libunwind +# unwind::unwind - cmake target + +find_package(PkgConfig QUIET) +if (PKG_CONFIG_FOUND) + pkg_check_modules(PC_UNWIND QUIET libunwind) +endif() + +find_path (UNWIND_INCLUDE_DIR + NAMES unwind.h libunwind.h + HINTS ${UNWIND_ROOT} ${PC_UNWIND_INCLUDEDIR} ${PC_UNWIND_INCLUDE_DIRS} + PATH_SUFFIXES ${CMAKE_INSTALL_LIBDIR} +) + +find_library (UNWIND_LIBRARY + NAMES unwind + HINTS ${UNWIND_ROOT} ${PC_UNWIND_LIBDIR} ${PC_UNWIND_LIBRARY_DIRS} + PATH_SUFFIXES ${CMAKE_INSTALL_LIBDIR} +) + +mark_as_advanced (UNWIND_INCLUDE_DIR UNWIND_LIBRARY) + +include (FindPackageHandleStandardArgs) +# handle the QUIETLY and REQUIRED arguments and set Unwind_FOUND to TRUE +# if all listed variables are TRUE +find_package_handle_standard_args (Unwind + REQUIRED_VARS UNWIND_INCLUDE_DIR UNWIND_LIBRARY +) + +if (UNWIND_FOUND AND NOT TARGET unwind::unwind) + add_library(unwind::unwind STATIC IMPORTED) + set_target_properties(unwind::unwind PROPERTIES + IMPORTED_LOCATION "${UNWIND_LIBRARY}" + INTERFACE_INCLUDE_DIRECTORIES "${UNWIND_INCLUDE_DIR}") + target_compile_definitions(unwind::unwind INTERFACE UNWIND_FOUND) +else() + message(WARNING "Notice: UNWIND not found, no unwind support") + add_library(unwind::unwind INTERFACE IMPORTED) +endif() + +unset(UNWIND_INCLUDE_DIR) +unset(UNWIND_LIBRARY) diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 0ad037aac..000000000 --- a/configure.ac +++ /dev/null @@ -1,505 +0,0 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. - -AC_PREREQ([2.69]) -AC_INIT([ipfixprobe], [4.16.0], [nemea@cesnet.cz]) - -AC_CONFIG_SRCDIR([main.cpp]) -AC_CONFIG_HEADERS([config.h]) - -RELEASE=1 -AC_SUBST(RELEASE) -USERNAME=`git config --get user.name` -USERMAIL=`git config --get user.email` -AC_SUBST(USERNAME) -AC_SUBST(USERMAIL) -AM_INIT_AUTOMAKE([foreign silent-rules subdir-objects]) -AM_SILENT_RULES([yes]) -RPM_REQUIRES= -RPM_BUILDREQ= - -AC_CONFIG_MACRO_DIR([m4]) -# Must be checked before default -g -O2 is set: -AC_ARG_ENABLE([debug], - AC_HELP_STRING([--enable-debug], - [Enable build with debug symbols and without optimizations.]), - [if test "$enableval" = "yes"; then - CXXFLAGS="-Wall -g -O0 $CXXFLAGS" - CFLAGS="-Wall -g -O0 $CFLAGS" - else - CXXFLAGS="-Wall -g -O3 $CXXFLAGS" - CFLAGS="-Wall -g -O3 $CFLAGS" - fi], [CXXFLAGS="-Wall -g -O3 $CXXFLAGS" - CPPFLAGS="-DNDEBUG=1 $CPPFLAGS" - CFLAGS="-Wall -g -O3"]) -AM_CONDITIONAL(DEBUG, test x"$debug" = x"true") - -AC_ARG_ENABLE([coprrpm], - AC_HELP_STRING([--enable-coprrpm], - [Enable NEMEA as a default dependency of RPM. This option simplifies copr build without parameters.]), - [if test "$enableval" = "yes"; then - COPRRPM=yes - fi], [COPRRPM=no]) -AC_SUBST(COPRRPM) - -LT_INIT() - -bashcompldir=${sysconfdir}/bash_completion.d -AC_SUBST(bashcompldir) - - -# Checks for programs. -AC_PROG_CXX -AC_PROG_CPP -# Check for rpmbuild -AC_CHECK_PROG(RPMBUILD, rpmbuild, rpmbuild, [""]) -AC_CHECK_PROG(DEBUILD, debuild, debuild, [""]) - -# Checks for header files. -AC_CHECK_HEADERS([arpa/inet.h inttypes.h netdb.h netinet/in.h stddef.h stdint.h stdlib.h string.h sys/socket.h sys/time.h unistd.h]) - -# Checks for typedefs, structures, and compiler characteristics. -AC_CHECK_HEADER_STDBOOL -AC_C_INLINE -AC_TYPE_INT32_T -AC_TYPE_INT8_T -AC_TYPE_SIZE_T -AC_TYPE_SSIZE_T -AC_TYPE_UINT16_T -AC_TYPE_UINT32_T -AC_TYPE_UINT64_T -AC_TYPE_UINT8_T - -AX_C_BIGENDIAN_CROSS - - -AC_ARG_WITH([defaultsocketdir], - [AS_HELP_STRING([--with-defaultsocketdir=DIR], [Directory for UNIX&service IFCs [/tmp], for production set it to e.g. /var/run/ipfixprobe.])], - [], - [with_defaultsocketdir=/tmp]) - -AC_SUBST([defaultsocketdir], [$with_defaultsocketdir]) -AC_DEFINE_DIR([DEFAULTSOCKETDIR], [defaultsocketdir], [Default path to socket directory]) - -AC_CHECK_LIB(atomic, __atomic_store, [libatomic=yes], AC_MSG_ERROR([libatomic not found])) - -PKG_CHECK_MODULES([LIBLZ4], [liblz4]) -CFLAGS="$LIBLZ4_CFLAGS $CFLAGS" -CXXFLAGS="$LIBLZ4_CFLAGS $CXXFLAGS" -LIBS="$LIBLZ4_LIBS $LIBS" - -### gtest -AC_ARG_WITH([gtest], - AC_HELP_STRING([--with-gtest],[Compile ipfixprobe with gtest framework]), - [ - if test "$withval" = "yes"; then - withgtest="yes" - else - withgtest="no" - fi - ], [withgtest="no"] -) - -if test x${withgtest} = xyes; then - GTEST_HEADER="googletest/googletest/include/gtest/gtest.h" - AC_MSG_CHECKING(for googletest submodule) - AM_CONDITIONAL([HAVE_GOOGLETEST], [test -f $GTEST_HEADER]) - AS_IF([test -f googletest/googletest/include/gtest/gtest.h], - [AC_DEFINE(HAVE_GOOGLETEST, 1, [Define to 1 if the googletest submodule is available]) AC_MSG_RESULT(yes)], - [AC_MSG_ERROR([ - The googletest submodule is not present, so such tests are omitted. To prevent skipping use command: - git clone --recurse-submodules or - git clone https://github.com/google/googletest.git])] - ) -else -AM_CONDITIONAL([HAVE_GOOGLETEST], [test]) -fi - - -### openssl -AC_ARG_ENABLE([legacy-ssl], - AC_HELP_STRING([--enable-legacy-ssl],[Compile ipfixprobe on centos7.]), - [ - if test "$enableval" = "yes"; then - legacyssl="yes" - else - legacyssl="no" - fi - ], [ - legacyssl="no" - ] -) -### openssl - - -AC_ARG_WITH([quic], - AC_HELP_STRING([--without-quic],[Compile ipfixprobe without quic plugin (which have dependency on openssl-devel)]), - [ - if test "$withval" = "yes"; then - withquic="yes" - else - withquic="no" - fi - ], [withquic="yes"] -) - -if test x${withquic} = xyes; then - if test x"${legacyssl}" = xyes; then - LIBS="-l:libcrypto.so.1.1 $LIBS" - CXXFLAGS="-I/usr/include/openssl11/ $CXXFLAGS" - RPM_BUILDREQ+=" openssl11-devel" - RPM_REQUIRES+=" openssl11" - AC_CHECK_FILE(/usr/include/openssl11/openssl/kdf.h, , - AC_MSG_ERROR([openssl/kdf.h not found. Try installing at least version 1.1 of openssl-devel])) - else - RPM_REQUIRES+=" openssl" - RPM_BUILDREQ+=" openssl-devel" - AC_CHECK_LIB(crypto, EVP_PKEY_CTX_new_id, [], - [AC_MSG_ERROR([libcrypto not found. Try installing at least version 1.1 of openssl-devel])]) - fi -fi - -AM_CONDITIONAL(WITH_QUIC, test x${withquic} = xyes) -if [[ -z "$WITH_QUIC_TRUE" ]]; then - AC_DEFINE([WITH_QUIC], [1], [Define to 1 if compile with quic plugin]) -fi - -AC_ARG_WITH([quic-ch-full-tls-ext], - AC_HELP_STRING([--with-quic-ch-full-tls-ext],[Extract all QUIC TLS payloads from the first client hello.]), - [ - CPPFLAGS="$CPPFLAGS -DQUIC_CH_FULL_TLS_EXT" - ] -) - -AM_CONDITIONAL(OS_CYGWIN, test x${host_os} = xcygwin) - -AC_ARG_WITH([raw], - AC_HELP_STRING([--without-raw],[Compile ipfixprobe with raw plugin for capturing using raw sockets]), - [ - if test "$withval" = "yes"; then - if [[ -z "$OS_CYGWIN_TRUE" ]]; then - AC_MSG_ERROR(["raw plugin is not supported on cygwin"]) - fi - withraw="yes" - else - withraw="no" - fi - ], [withraw="yes"] -) - -if [[ -z "$OS_CYGWIN_TRUE" ]] && test "$withraw" = "yes"; then - AC_MSG_WARN(["raw plugin is not supported on cygwin"]) - withraw="no" -fi - -AM_CONDITIONAL(WITH_RAW, test x${withraw} = xyes) -if [[ -z "$WITH_RAW_TRUE" ]]; then - AC_CHECK_HEADERS([linux/if_packet.h net/ethernet.h net/if.h ifaddrs.h]) - AC_CHECK_TYPES([struct tpacket3_hdr],[],AC_MSG_ERROR(["TPACKET_V3 required for raw sockets plugin. Upgrade kernel to version 3.19 at least"]), [#include ]) - AC_DEFINE([WITH_RAW], [1], [Define to 1 if compile with raw plugin]) -fi - - -AC_ARG_WITH([ndp], - AC_HELP_STRING([--with-ndp],[Compile ipfixprobe with ndp plugin for capturing using netcope-common library]), - [ - if test "$withval" = "yes"; then - withndp="yes" - else - withndp="no" - fi - ], [withndp="no"] -) - -if test x${withndp} = xyes; then - AC_CHECK_HEADER(nfb/nfb.h, AC_CHECK_LIB(nfb, nfb_open, [libnfb=yes], - [AC_MSG_ERROR([libnfb not found. Try installing netcope-common])] - ), AC_MSG_ERROR([nfb/nfb.h not found. Try installing netcope-common-devel])) -fi - -AM_CONDITIONAL(WITH_NDP, test x${libnfb} = xyes && test x${withndp} = xyes) -if [[ -z "$WITH_NDP_TRUE" ]]; then - AC_DEFINE([WITH_NDP], [1], [Define to 1 if the ndp is available]) - CPPFLAGS="$CPPFLAGS -DIPXP_FLOW_CACHE_SIZE=19 -DIPXP_FLOW_LINE_SIZE=2" # 524288 cache records, 4 record per line - LIBS="-lnfb $LIBS" - RPM_REQUIRES+=" netcope-common" - RPM_BUILDREQ+=" netcope-common-devel" -fi - -AC_ARG_WITH([pcap], - AC_HELP_STRING([--with-pcap],[Compile ipfixprobe with pcap plugin for capturing using libpcap library]), - [ - if test "$withval" = "yes"; then - withpcap="yes" - else - withpcap="no" - fi - ], [withpcap="no"] -) - -if test x${withpcap} = xyes; then - AC_CHECK_HEADER(pcap.h, - AC_CHECK_LIB(pcap, pcap_open_live, [libpcap=yes], - AC_CHECK_LIB(wpcap, pcap_open_live, [libwpcap=yes], AC_MSG_ERROR([libpcap not found. Try installing libpcap]))), - AC_MSG_ERROR([pcap.h not found. Try installing libpcap-devel or libwpcap-devel])) -fi - -AM_CONDITIONAL(WITH_PCAP, test x${withpcap} && (test x${libpcap} = xyes || test x${libwpcap} = xyes)) -if [[ -z "$WITH_PCAP_TRUE" ]]; then - AC_DEFINE([WITH_PCAP], [1], [Define to 1 if the libpcap is available]) - if [[ -z "$WITH_PCAP_TRUE" ]]; then - if test x${libpcap} = xyes; then - LIBS="-lpcap $LIBS" - RPM_REQUIRES+=" libpcap" - RPM_BUILDREQ+=" libpcap-devel" - else - LIBS="-lwpcap $LIBS" - RPM_REQUIRES+=" libwpcap" - RPM_BUILDREQ+=" libwpcap-devel" - fi - fi -fi - - -AC_ARG_WITH([unwind], - AC_HELP_STRING([--with-unwind],[Compile ipfixprobe with libunwind to print stack on crash]), - [ - if test "$withval" = "yes"; then - withunwind="yes" - else - withunwind="no" - fi - ], [withunwind="no"] -) - -if test x${withunwind} = xyes; then - AC_CHECK_HEADER(libunwind.h, - AC_CHECK_LIB(unwind, unw_backtrace, [libunwind=yes], AC_MSG_ERROR([libunwind not found])), - AC_MSG_ERROR([libunwind.h not found])) - - AM_CONDITIONAL(WITH_LIBUNWIND, test x${libunwind} = xyes) - if [[ -z "$WITH_LIBUNWIND_TRUE" ]]; then - AC_DEFINE([WITH_LIBUNWIND], [1], [Define to 1 if the libunwind is available]) - LIBS="-lunwind $LIBS" - RPM_REQUIRES+=" libunwind" - RPM_BUILDREQ+=" libunwind-devel" - fi -else - AM_CONDITIONAL(WITH_LIBUNWIND, false) -fi - -AC_ARG_WITH([nemea], - AC_HELP_STRING([--with-nemea],[Compile with NEMEA framework (nemea.liberouter.org).]), - [ - if test "$withval" = "yes"; then - withnemea="yes" - AX_LIBTRAP_CHECK() - AX_UNIREC_CHECK() - else - withnemea="no" - fi - ], [withnemea="no"] -) -if test x${withnemea} = xno; then -AM_CONDITIONAL([HAVE_TRAP2MAN], [false]) -fi - -AM_CONDITIONAL(WITH_NEMEA, test x${withnemea} = xyes) - -if [[ -z "$WITH_NEMEA_TRUE" ]]; then -AC_DEFINE([WITH_NEMEA], [1], [Define to 1 if the NEMEA is available]) -RPM_REQUIRES+=" libtrap" -RPM_BUILDREQ+=" libtrap-devel unirec" -fi - -AC_ARG_WITH([osquery], - AC_HELP_STRING([--with-osquery],[Compile with osquery framework (osquery.io).]), - [ - if test "$withval" = "yes"; then - withosquery="yes" - AC_CHECK_PROG(OSQUERY, osqueryi, yes) - AS_IF([test x${OSQUERY} != xyes], [AC_MSG_ERROR([Please install osquery before configuring.])]) - else - withosquery="no" - fi - ], [withosquery="no"] -) - -AM_CONDITIONAL(WITH_OSQUERY, test x${withosquery} = xyes) - -if [[ -z "$WITH_OSQUERY_TRUE" ]]; then - AC_DEFINE([WITH_OSQUERY], [1], [Define to 1 if the osquery is available]) -fi - - -AC_ARG_WITH([dpdk], - AS_HELP_STRING([--with-dpdk],[Compile ipfixprobe with DPDK interface support.]), - [ - if test "$withval" = "yes"; then - withdpdk="yes" - else - withdpdk="no" - fi - ], - [withdpdk="no"] -) - -AM_CONDITIONAL(WITH_DPDK, test x${withdpdk} = xyes) -if [[ -z "$WITH_DPDK_TRUE" ]]; then - AC_DEFINE([WITH_DPDK], [1], [Define 1 if DPDK interface will be used]) - PKG_CHECK_MODULES([DPDK], [libdpdk]) - CFLAGS="$DPDK_CFLAGS $CFLAGS" - CXXFLAGS="$DPDK_CFLAGS $CXXFLAGS" - LIBS="$DPDK_LIBS $LIBS" -fi - -AC_ARG_WITH([flexprobe], - AC_HELP_STRING([--with-flexprobe], [Compile with support for flexprobe data processing plugins.]), - [ - if test "$withval" = "yes"; then - withflexprobe="yes" - else - withflexprobe="no" - fi - ], - [withflexprobe="no"] -) - -AM_CONDITIONAL(WITH_FLEXPROBE, test x${withflexprobe} = xyes) -if [[ -z "$WITH_FLEXPROBE_TRUE" ]]; then - AC_DEFINE([WITH_FLEXPROBE], [1], [Define to 1 to use flexprobe plugins]) -fi - -AC_ARG_WITH([stem], - AC_HELP_STRING([--with-stem], [Compile with FlexProbe StEm testing interface]), - [ - if test "$withval" = "yes"; then - withstem="yes" - else - withstem="no" - fi - ], - [withstem="no"] -) - -# Check if the telemetry library is available -AC_CHECK_LIB([telemetry], [main], - [AC_MSG_RESULT([Found telemetry library.])], - [AC_MSG_ERROR([The telemetry library is required but was not found. Try to install telemetry.])]) - -# Check if the appfs library is available -AC_CHECK_LIB([appFs], [main], - [AC_MSG_RESULT([Found appfs library.])], - [AC_MSG_ERROR([The appfs library is required but was not found. Try to install telemetry])]) - -LIBS="-lappFs -ltelemetry $LIBS" -RPM_REQUIRES+=" telemetry" -RPM_BUILDREQ+=" telemetry" - -AM_CONDITIONAL(WITH_STEM, test x${withstem} = xyes) -if [[ -z "$WITH_STEM_TRUE" ]]; then - AC_DEFINE([WITH_STEM], [1], [Define to 1 to use flexprobe testing interface]) - CFLAGS="-I/usr/local/include/Stem $CFLAGS" - CXXFLAGS="-I/usr/local/include/Stem -std=gnu++17 -g -Wno-write-strings $CXXFLAGS" - LIBS="-lstem $LIBS" -fi - - -AC_ARG_WITH([flowcachesize], - AC_HELP_STRING([--with-flowcachesize=EXPONENT],[Set default size of flow cache, accept exponent to the power of 2 number]), - [ - CPPFLAGS="$CPPFLAGS -DIPXP_FLOW_CACHE_SIZE=$withval" - ] -) - -AC_ARG_WITH([flowlinesize], - AC_HELP_STRING([--with-flowlinesize=EXPONENT],[Set default size of flow line, accept exponent to the power of 2 number]), - [ - CPPFLAGS="$CPPFLAGS -DIPXP_FLOW_LINE_SIZE=$withval" - ] -) - -AC_ARG_WITH([msects], - AC_HELP_STRING([--with-msects],[Compile ipfix plugin with miliseconds timestamp precision output instead of microsecond precision]), - [ - CPPFLAGS="$CPPFLAGS -DIPXP_TS_MSEC" - ] -) - - - - -AM_CONDITIONAL(MAKE_RPMS, test x$RPMBUILD != x) - -AM_CONDITIONAL(MAKE_DEB, test x$DEBUILD != x) - -# Checks for library functions. -AC_FUNC_ERROR_AT_LINE -AC_FUNC_STRTOD -AC_CHECK_FUNCS([gettimeofday inet_ntoa memset socket strchr strerror strncasecmp strstr strtol strtoul strtoull]) - -AC_ARG_WITH([systemdsystemunitdir], - [AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files])], - [], - [with_systemdsystemunitdir=auto]) - -AS_IF([test "x$with_systemdsystemunitdir" = "xyes" -o "x$with_systemdsystemunitdir" = "xauto"], [ -def_systemdsystemunitdir=$(pkg-config --variable=systemdsystemunitdir systemd)]) - -AS_IF([test "x$def_systemdsystemunitdir" = "x"], [AS_IF([test "x$with_systemdsystemunitdir" = "xyes"], [with_systemdsystemunitdir=no])], -[with_systemdsystemunitdir="$def_systemdsystemunitdir"]) -#AC_MSG_ERROR([systemd support requested but pkg-config unable to query systemd package])], - -AS_IF([test "x$with_systemdsystemunitdir" = "xno" -o "x$with_systemdsystemunitdir" = "xauto"], [with_systemdsystemunitdir=/usr/lib/systemd/system]) - -AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) -AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$with_systemdsystemunitdir" != "xno"]) - - -if [[ -z "$HAVE_GOOGLETEST_TRUE" ]]; then -# 5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081 -AC_CONFIG_SUBDIRS([googletest]) -fi - -AC_CONFIG_FILES([Makefile - ipfixprobe.spec - ipfixprobe.bash - input/nfbCInterface/Makefile - init/Makefile - tests/Makefile - tests/functional/Makefile - tests/unit/Makefile]) - -#AC_CONFIG_SUBDIRS([nfbCInterface]) - -AC_OUTPUT - -echo -echo -echo "------------------------------------------------------------------------" -echo "$PACKAGE $VERSION" -echo "------------------------------------------------------------------------" -echo -echo -echo "Configuration Options Summary:" -echo -echo " ASM.(32 bit only)......: $ASM" -echo " Static binary..........: $static" -echo -echo "Documentation............: ${build_doc}" -echo -echo "UniRec processor.........: $UNIRECPROC" -echo "trap2man.sh..............: $TRAP2MAN" -echo "Compilation..............: make (or gmake)" -echo " CPPFLAGS...............: $CPPFLAGS" -echo " CFLAGS.................: $CFLAGS" -echo " CXXFLAGS...............: $CXXFLAGS" -echo " LDFLAGS................: $LDFLAGS" -echo " LIBS...................: $LIBS" -echo "Enforced NEMEA (for copr): $COPRRPM" -echo "FlexProbe Data Interface.: $withflexprobe" -echo "DPDK Interface...........: $withdpdk" -echo -echo "Installation.............: make install (as root if needed, with 'su' or 'sudo')" -echo " prefix.................: $prefix" -echo diff --git a/debian/control b/debian/control index 878e8b73f..607cbc6e1 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: ipfixprobe Section: net Priority: standard -Maintainer: Tomas Cejka +Maintainer: Tomas Cejka Build-Depends: autoconf (>=2.69), pkg-config, libtool, make (>=4.2.1), debhelper (>=9), openssl, libpcap-dev, libpcap0.8, libssl-dev, libatomic1, liblz4-dev Standards-Version: 4.5.0 @@ -18,4 +18,3 @@ Description: IPFIX flow exporter is capable of capturing and online processing network packets to compute an aggregated IP flow record. The exporter contains several plugins that extend flow records with additional fields and characteristics. - diff --git a/debian/rules b/debian/rules index 13e3012ab..7058b112e 100755 --- a/debian/rules +++ b/debian/rules @@ -23,12 +23,9 @@ override_dh_auto_configure: dh_auto_configure -- --with-pcap --with-quic # debmake generated override targets -# For example, set multiarch library install file path. +# For example, set multiarch library install file path. # See dpkg-architecture(1) #DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) #override_dh_auto_configure: # cmake -DCMAKE_INSTALL_PREFIX=/usr \ # -DLIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) - - - diff --git a/docker/Dockerfile b/docker/Dockerfile index 2ba53577a..543c967e9 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ FROM rockylinux:9 RUN dnf install -y dnf-plugins-core && \ dnf copr -y enable @CESNET/NEMEA && \ dnf install -y epel-release && \ - dnf install -y ipfixprobe nemea && \ + dnf install -y ipfixprobe-nemea ipfixprobe-output-unirec nemea && \ dnf clean all RUN mkdir -p /output diff --git a/docker/README.md b/docker/README.md index 5b90904fe..cb08f1731 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,4 +1,4 @@ -# ipfixprobe Docker wrapper +# ipfixprobe Docker wrapper This repository contains a Docker container that processes network traffic from a pcap file using `ipfixprobe`. It accepts a pcap file and a processing script, runs it inside the container, and outputs the results in CSV format. @@ -25,7 +25,7 @@ docker build -t docker_ipfixprobe . ### Run To run, use - + ```bash bash ./ipfixprobe_wrapper.sh ``` diff --git a/docs/_config.yml b/docs/_config.yml index b9b831c87..abba773e1 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -12,7 +12,7 @@ disqus_shortname: # Values for the jekyll-seo-tag gem (https://github.com/jekyll/jekyll-seo-tag) logo: /siteicon.svg description: "ipfixprobe is a tool for creating network flows and exporting them to a remote collector using the IPFIX protocol. It is an essential tool for maintinaing network security." -author: +author: name: "Karel Hynek (CESNET z.s.p.o.)" email: "hynekkar@cesnet.cz" twitter: # twitter username without the @ symbol diff --git a/docs/_data/footer.yml b/docs/_data/footer.yml index 6c20371af..414532833 100644 --- a/docs/_data/footer.yml +++ b/docs/_data/footer.yml @@ -2,4 +2,4 @@ - name: GitHub link: https://github.com/CESNET/ipfixprobe new_window: true - social_icon: GitHub \ No newline at end of file + social_icon: GitHub diff --git a/docs/_export/BSTATS.md b/docs/_export/BSTATS.md index a25544eb4..e43fd0ba0 100644 --- a/docs/_export/BSTATS.md +++ b/docs/_export/BSTATS.md @@ -1,7 +1,7 @@ --- title: BSTATS -description: List of fields exported together with basic flow fields on the interface by BSTATS plugin. The plugin is compiled to export the first BSTATS_MAXELENCOUNT (15 by default) burst in each direction. The bursts are computed separately for each direction. Burst is defined by MINIMAL_PACKETS_IN_BURST (3 by default) and by MAXIMAL_INTERPKT_TIME (1000 ms by default) between packets to be included in a burst. When the flow contains less then MINIMAL_PACKETS_IN_BURST packets, the fields are not exported to reduce output bandwidth. -fields: +description: List of fields exported together with basic flow fields on the interface by BSTATS plugin. The plugin is compiled to export the first BSTATS_MAXELENCOUNT (15 by default) burst in each direction. The bursts are computed separately for each direction. Burst is defined by MINIMAL_PACKETS_IN_BURST (3 by default) and by MAXIMAL_INTERPKT_TIME (1000 ms by default) between packets to be included in a burst. When the flow contains less then MINIMAL_PACKETS_IN_BURST packets, the fields are not exported to reduce output bandwidth. +fields: - name: "SBI_BRST_PACKETS" type: "uint32*" @@ -42,4 +42,4 @@ fields: type: "time*" ipfix: "0/291" value: " DST->SRC: End time of the ith burst" ---- \ No newline at end of file +--- diff --git a/docs/_export/DNS-SD.md b/docs/_export/DNS-SD.md index 8e3a00e96..9c2b5dcde 100644 --- a/docs/_export/DNS-SD.md +++ b/docs/_export/DNS-SD.md @@ -1,7 +1,7 @@ --- title: DNS-SD -description: List of unirec fields exported together with basic flow fields on interface by DNS-SD plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by DNS-SD plugin. +fields: - name: "DNSSD_QUERIES" type: "string" @@ -12,4 +12,4 @@ fields: type: "string" ipfix: "8057/827" value: " list of advertised services" ---- \ No newline at end of file +--- diff --git a/docs/_export/DNS.md b/docs/_export/DNS.md index d9ce1c52d..572763f7f 100644 --- a/docs/_export/DNS.md +++ b/docs/_export/DNS.md @@ -1,60 +1,60 @@ --- title: DNS -description: List of unirec fields exported together with basic flow fields on interface by DNS plugin. -fields: - - +description: List of unirec fields exported together with basic flow fields on interface by DNS plugin. +fields: + - name: "DNS_ID" type: "uint16" ipfix: "8057/10" value: "transaction ID" - - + - name: "DNS_ANSWERS" type: "uint16" ipfix: "8057/14" value: "number of DNS answer records" - - + - name: "DNS_RCODE" type: "uint8" ipfix: "8057/1" value: "response code field" - - + - name: "DNS_NAME" type: "string" ipfix: "8057/2" value: "question domain name" - - + - name: "DNS_QTYPE" type: "uint16" ipfix: "8057/3" value: "question type field" - - + - name: "DNS_CLASS" type: "uint16" ipfix: "8057/4" value: "class field of DNS question" - - + - name: "DNS_RR_TTL" type: "uint32" ipfix: "8057/5" value: "resource record TTL field" - - + - name: "DNS_RLENGTH" type: "uint16" ipfix: "8057/6" value: "length of DNS_RDATA" - - + - ipfix: "8057/7" name: "DNS_RDATA" type: "bytes" value: "resource record specific data" - - + - name: "DNS_PSIZE" type: "uint16" ipfix: "8057/8" value: "requestor's payload size" - - + - name: "DNS_DO" type: "uint8" ipfix: "8057/9" value: "DNSSEC OK bit" ---- \ No newline at end of file +--- diff --git a/docs/_export/Flow Hash.md b/docs/_export/Flow Hash.md index 99fa1b730..345a89b4d 100644 --- a/docs/_export/Flow Hash.md +++ b/docs/_export/Flow Hash.md @@ -1,10 +1,10 @@ --- title: Flow Hash -description: List of fields exported together with basic flow fields on interface by flow_hash plugin. -fields: +description: List of fields exported together with basic flow fields on interface by flow_hash plugin. +fields: - name: "FLOW_ID" type: "uint64" ipfix: "0/148" value: " Hash of the flow - unique flow id" ---- \ No newline at end of file +--- diff --git a/docs/_export/HTTP.md b/docs/_export/HTTP.md index 7d6a57c73..90e47b0d0 100644 --- a/docs/_export/HTTP.md +++ b/docs/_export/HTTP.md @@ -1,50 +1,50 @@ --- title: HTTP -description: List of unirec fields exported together with basic flow fields on interface by HTTP plugin. -fields: - - +description: List of unirec fields exported together with basic flow fields on interface by HTTP plugin. +fields: + - name: "HTTP_DOMAIN" type: "string" ipfix: "39499/1" value: "HTTP request host" - - + - name: "HTTP_URI" type: "string" ipfix: "39499/2" value: "HTTP request url" - - + - name: "HTTP_USERAGENT" type: "string" ipfix: "39499/20" value: "HTTP request user agent" - - + - name: "HTTP_REFERER" type: "string" ipfix: "39499/3" value: "HTTP request referer" - - + - name: "HTTP_STATUS" type: "uint16" ipfix: "39499/12" value: "HTTP response code" - - + - name: "HTTP_CONTENT_TYPE" type: "string" ipfix: "39499/10" value: "HTTP response content type" - - + - name: "HTTP_METHOD" type: "string" ipfix: "39499/200" value: "HTTP request method" - - + - name: "HTTP_SERVER" type: "string" ipfix: "39499/201" value: "HTTP response server" - - + - name: "HTTP_SET_COOKIE_NAMES" type: "string" ipfix: "39499/202" value: "HTTP response all set-cookie names separated by a delimiter" ---- \ No newline at end of file +--- diff --git a/docs/_export/ICMP.md b/docs/_export/ICMP.md index 25bbb093d..fdaab5229 100644 --- a/docs/_export/ICMP.md +++ b/docs/_export/ICMP.md @@ -1,11 +1,11 @@ --- title: ICMP -description: List of fields exported together with basic flow fields on interface by icmp plugin. -fields: +description: List of fields exported together with basic flow fields on interface by icmp plugin. +fields: - name: "L4_ICMP_TYPE_CODE" type: "uint16" ipfix: "0/32" value: " ICMP type (MSB) and code (LSB)" ---- \ No newline at end of file +--- diff --git a/docs/_export/IDPContent.md b/docs/_export/IDPContent.md index 387a4e7ae..5ff788292 100644 --- a/docs/_export/IDPContent.md +++ b/docs/_export/IDPContent.md @@ -1,7 +1,7 @@ --- title: IDPContent -description: List of fields exported together with basic flow fields on the interface by IDPContent plugin. The plugin is compiled to export IDPCONTENT_SIZE (100 by default) bytes from the first data packet in SRC -> DST direction, and the first data packet in DST -> SRC direction. -fields: +description: List of fields exported together with basic flow fields on the interface by IDPContent plugin. The plugin is compiled to export IDPCONTENT_SIZE (100 by default) bytes from the first data packet in SRC -> DST direction, and the first data packet in DST -> SRC direction. +fields: - name: "IDP_CONTENT" type: "bytes" @@ -12,4 +12,4 @@ fields: type: "bytes" ipfix: "8057/851" value: " Content of first data packet from DST -> SRC" ---- \ No newline at end of file +--- diff --git a/docs/_export/MPLS.md b/docs/_export/MPLS.md index 3d3d318d4..7f1217ae6 100644 --- a/docs/_export/MPLS.md +++ b/docs/_export/MPLS.md @@ -1,10 +1,10 @@ --- title: MPLS -description: List of fields exported together with basic flow fields on interface by mpls plugin. -fields: +description: List of fields exported together with basic flow fields on interface by mpls plugin. +fields: - name: "MPLS_TOP_LABEL_STACK_SECTION" type: "bytes" ipfix: "0/70" value: " MPLS label section (without TTL), always 3 bytes" ---- \ No newline at end of file +--- diff --git a/docs/_export/MQTT.md b/docs/_export/MQTT.md index 7227e4926..9a50abd85 100644 --- a/docs/_export/MQTT.md +++ b/docs/_export/MQTT.md @@ -1,7 +1,7 @@ --- title: MQTT -description: List of unirec fields exported together with basic flow fields on interface by MQTT plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by MQTT plugin. +fields: - name: "MQTT_TYPE_CUMULATIVE" type: "uint16" @@ -37,4 +37,4 @@ fields: type: "string" ipfix: "8057/1039" value: " topics from PUBLISH packets headers" ---- \ No newline at end of file +--- diff --git a/docs/_export/NTP.md b/docs/_export/NTP.md index 4dded8e41..47781f054 100644 --- a/docs/_export/NTP.md +++ b/docs/_export/NTP.md @@ -1,7 +1,7 @@ --- title: NTP -description: List of unirec fields exported together with basic flow fields on interface by NTP plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by NTP plugin. +fields: - name: "NTP_LEAP" type: "uint8" @@ -67,4 +67,4 @@ fields: type: "string" ipfix: "8057/30" value: " NTP transmit timestamp" ---- \ No newline at end of file +--- diff --git a/docs/_export/NetBIOS.md b/docs/_export/NetBIOS.md index b719854a4..ebe719d0a 100644 --- a/docs/_export/NetBIOS.md +++ b/docs/_export/NetBIOS.md @@ -1,7 +1,7 @@ --- title: NetBIOS -description: List of fields exported together with basic flow fields on interface by NetBIOS plugin. -fields: +description: List of fields exported together with basic flow fields on interface by NetBIOS plugin. +fields: - name: "NB_NAME" type: "string" @@ -12,4 +12,4 @@ fields: type: "uint8" ipfix: "8057/832" value: " NetBIOS Name Service suffix" ---- \ No newline at end of file +--- diff --git a/docs/_export/NetTiSA.md b/docs/_export/NetTiSA.md index c61fb67ce..cc4f6f260 100644 --- a/docs/_export/NetTiSA.md +++ b/docs/_export/NetTiSA.md @@ -1,70 +1,70 @@ --- title: NetTiSA -description: List of unirec fields exported together with NetTiSA flow fields on interface by nettisa plugin. -fields: - - +description: List of unirec fields exported together with NetTiSA flow fields on interface by nettisa plugin. +fields: + - name: "NTS_MEAN" type: "float" ipfix: "8057/1020" value: "The mean of the payload lengths of packets" - - + - name: "NTS_MIN" type: "uint16" ipfix: "8057/1021" value: "Minimal value from all packet payload lengths" - - + - name: "NTS_MAX" type: "uint16" ipfix: "8057/1022" value: "Maximum value from all packet payload lengths" - - + - name: "NTS_STDEV" type: "float" ipfix: "8057/1023" value: "Represents a switching ratio between different values of the sequence of observation." - - + - name: "NTS_KURTOSIS" type: "float" ipfix: "8057/1024" value: "The standard deviation is measure of the variation of data from the mean." - - + - name: "NTS_ROOT_MEAN_SQUARE" type: "float" ipfix: "8057/1025" value: "The measure of the magnitude of payload lengths of packets." - - + - name: "NTS_AVERAGE_DISPERSION" type: "float" ipfix: "8057/1026" value: "The average absolute difference between each payload length of packet and the mean value." - - + - name: "NTS_MEAN_SCALED_TIME" type: "float" ipfix: "8057/1027" value: "The kurtosis is the measure describing the extent to which the tails of a distribution differ from the tails of a normal distribution." - - + - name: "NTS_MEAN_DIFFTIMES" type: "float" ipfix: "8057/1028" value: "The scaled times is defined as sequence s(t) = t1 − t1 , t2 − t1 , … , tn − t1 . We compute the mean of the value with same method as for feature Mean." - - + - name: "NTS_MIN_DIFFTIMES" type: "float" ipfix: "8057/1029" value: "The time differences is defined as sequence dt = tj - ti | j = i + 1, i in 1, 2, ... n - 1. We compute the mean of the value with same method as for feature Mean." - - + - name: "NTS_MAX_DIFFTIMES" type: "float" ipfix: "8057/1030" value: "Minimal value from all time differences, i.e., min space between packets." - - + - name: "NTS_TIME_DISTRIBUTION" type: "float" ipfix: "8057/1031" value: "Maximum value from all time differences, i.e., max space between packets." - - + - name: "NTS_SWITCHING_RATIO" type: "float" ipfix: "8057/1032" value: "Describes the distribution of time differences between individual packets." ---- \ No newline at end of file +--- diff --git a/docs/_export/OSQUERY.md b/docs/_export/OSQUERY.md index 98df7e19d..aef6e99cc 100644 --- a/docs/_export/OSQUERY.md +++ b/docs/_export/OSQUERY.md @@ -1,7 +1,7 @@ --- title: OSQUERY -description: List of unirec fields exported together with basic flow fields on interface by OSQUERY plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by OSQUERY plugin. +fields: - name: "PROGRAM_NAME" type: "string" @@ -57,4 +57,4 @@ fields: type: "string" ipfix: "8057/862" value: " Network hostname including domain" ---- \ No newline at end of file +--- diff --git a/docs/_export/OVPN.md b/docs/_export/OVPN.md index 17901ea90..14a350745 100644 --- a/docs/_export/OVPN.md +++ b/docs/_export/OVPN.md @@ -1,11 +1,11 @@ --- title: OVPN -description: List of fields exported together with basic flow fields on interface by OVPN plugin. -fields: +description: List of fields exported together with basic flow fields on interface by OVPN plugin. +fields: - name: "OVPN_CONF_LEVEL" type: "uint8" ipfix: "8057/828" value: " level of confidence that the flow record is an OpenVPN tunnel" ---- \ No newline at end of file +--- diff --git a/docs/_export/PHISTS.md b/docs/_export/PHISTS.md index 987294628..d9bb32629 100644 --- a/docs/_export/PHISTS.md +++ b/docs/_export/PHISTS.md @@ -1,7 +1,7 @@ --- title: PHISTS -description: List of fields exported together with basic flow fields on the interface by PHISTS plugin. The plugin exports the histograms of Payload sizes and Inter-Packet-Times for each direction. The histograms bins are scaled logarithmicaly and are shown in following table. -fields: +description: List of fields exported together with basic flow fields on the interface by PHISTS plugin. The plugin exports the histograms of Payload sizes and Inter-Packet-Times for each direction. The histograms bins are scaled logarithmicaly and are shown in following table. +fields: - name: "D_PHISTS_IPT" type: "uint32*" @@ -23,4 +23,4 @@ fields: ipfix: "0/291" value: " SRC->DST: Histogram of packet sizes" ---- \ No newline at end of file +--- diff --git a/docs/_export/PSTATS.md b/docs/_export/PSTATS.md index 9715d3bdc..651bda83b 100644 --- a/docs/_export/PSTATS.md +++ b/docs/_export/PSTATS.md @@ -1,7 +1,7 @@ --- title: PSTATS -description: "List of unirec fields exported on interface by PSTATS plugin. The plugin is compiled to gather statistics for the first PSTATS_MAXELEMCOUNT (30 by default) packets in the biflow record. Note: the following fields are UniRec arrays (or basicList in IPFIX)." -fields: +description: "List of unirec fields exported on interface by PSTATS plugin. The plugin is compiled to gather statistics for the first PSTATS_MAXELEMCOUNT (30 by default) packets in the biflow record. Note: the following fields are UniRec arrays (or basicList in IPFIX)." +fields: - name: "PPI_PKT_LENGTHS" type: "uint16*" @@ -22,4 +22,4 @@ fields: type: "uint8*" ipfix: "0/291" value: " TCP flags for each packet" ---- \ No newline at end of file +--- diff --git a/docs/_export/PassiveDNS.md b/docs/_export/PassiveDNS.md index 0a401d978..42a2d4d9b 100644 --- a/docs/_export/PassiveDNS.md +++ b/docs/_export/PassiveDNS.md @@ -1,7 +1,7 @@ --- title: PassiveDNS -description: List of unirec fields exported together with basic flow fields on interface by PassiveDNS plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by PassiveDNS plugin. +fields: - name: "DNS_ID" type: "uint16" @@ -23,4 +23,4 @@ fields: ipfix: "8057/5" value: " resource record TTL field" ---- \ No newline at end of file +--- diff --git a/docs/_export/QUIC.md b/docs/_export/QUIC.md index b2f2395a8..ff47cf728 100644 --- a/docs/_export/QUIC.md +++ b/docs/_export/QUIC.md @@ -1,7 +1,7 @@ --- title: QUIC -description: List of fields exported together with basic flow fields on interface by quic plugin. -with-quic-ch-full-tls-ext enables extraction of all TLS extensions in the Client Hello. -fields: +description: List of fields exported together with basic flow fields on interface by quic plugin. -with-quic-ch-full-tls-ext enables extraction of all TLS extensions in the Client Hello. +fields: - name: "QUIC_SNI" type: "string" @@ -87,4 +87,4 @@ fields: type: "string" ipfix: "8057/883" value: " Payload of all/application_layer_protocol_negotiation and quic_transport params TLS extension" ---- \ No newline at end of file +--- diff --git a/docs/_export/RTSP.md b/docs/_export/RTSP.md index 1f7aa25cd..eb487f15a 100644 --- a/docs/_export/RTSP.md +++ b/docs/_export/RTSP.md @@ -1,7 +1,7 @@ --- title: RTSP -description: List of unirec fields exported together with basic flow fields on interface by RTSP plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by RTSP plugin. +fields: - name: "RTSP_REQUEST_METHOD" type: "string" @@ -32,4 +32,4 @@ fields: type: "string" ipfix: "16982/604" value: "RTSP response content type" ---- \ No newline at end of file +--- diff --git a/docs/_export/SIP.md b/docs/_export/SIP.md index c6466b040..ced70559f 100644 --- a/docs/_export/SIP.md +++ b/docs/_export/SIP.md @@ -1,7 +1,7 @@ --- title: SIP -description: List of unirec fields exported together with basic flow fields on interface by SIP plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by SIP plugin. +fields: - name: "SIP_MSG_TYPE" type: "uint16" @@ -47,4 +47,4 @@ fields: type: "string" ipfix: "8057/105" value: " via field of SIP packet" ---- \ No newline at end of file +--- diff --git a/docs/_export/SMTP.md b/docs/_export/SMTP.md index e5f5526c3..bac453957 100644 --- a/docs/_export/SMTP.md +++ b/docs/_export/SMTP.md @@ -1,7 +1,7 @@ --- title: SMTP -description: List of unirec fields exported on interface by SMTP plugin. -fields: +description: List of unirec fields exported on interface by SMTP plugin. +fields: - name: "SMTP_2XX_STAT_CODE_COUNT" type: "uint32" @@ -57,4 +57,4 @@ fields: type: "string" ipfix: "8057/814" value: " first recipient in RCPT command" ---- \ No newline at end of file +--- diff --git a/docs/_export/SSADetector.md b/docs/_export/SSADetector.md index 561bc0b54..633e015f0 100644 --- a/docs/_export/SSADetector.md +++ b/docs/_export/SSADetector.md @@ -1,10 +1,10 @@ --- title: SSADetector -description: List of fields exported together with basic flow fields on interface by ssadetector plugin. The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple occurrences of this pattern suggest a tunneled connection. -fields: +description: List of fields exported together with basic flow fields on interface by ssadetector plugin. The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple occurrences of this pattern suggest a tunneled connection. +fields: - name: "SSA_CONF_LEVEL" type: "uint8" ipfix: "8057/903" value: " 1 if SSA sequence detected, 0 otherwise" ---- \ No newline at end of file +--- diff --git a/docs/_export/SSDP.md b/docs/_export/SSDP.md index b2ca6bfd0..df6f1bd59 100644 --- a/docs/_export/SSDP.md +++ b/docs/_export/SSDP.md @@ -1,7 +1,7 @@ --- title: SSDP -description: List of unirec fields exported together with basic flow fields on interface by SSDP plugin. -fields: +description: List of unirec fields exported together with basic flow fields on interface by SSDP plugin. +fields: - name: "SSDP_LOCATION_PORT" type: "uint16" @@ -27,4 +27,4 @@ fields: type: "string" ipfix: "8057/823" value: " list of user agents" ---- \ No newline at end of file +--- diff --git a/docs/_export/TLS.md b/docs/_export/TLS.md index 7c51c81ee..7a09a5734 100644 --- a/docs/_export/TLS.md +++ b/docs/_export/TLS.md @@ -1,35 +1,35 @@ --- title: TLS -description: List of unirec fields exported together with basic flow fields on interface by TLS plugin. -fields: - - +description: List of unirec fields exported together with basic flow fields on interface by TLS plugin. +fields: + - name: "TLS_SNI" type: "string" ipfix: "8057/808" value: "TLS server name indication field from client" - - + - name: "TLS_ALPN" type: "string" ipfix: "39499/337" value: "TLS application protocol layer negotiation field from server" - - + - name: "TLS_VERSION" type: "uint16" ipfix: "39499/333" value: "TLS client protocol version" - - + - name: "TLS_JA3" type: "string" ipfix: "39499/357" value: "TLS client JA3 fingerprint" - - + - name: "TLS_EXT_TYPE" type: "uint16" ipfix: "0/291" value: "TLS extensions in the TLS Client Hello" - - + - name: "TLS_EXT_LEN" type: "uint16" ipfix: "0/291" value: "Length of each TLS extension" ---- \ No newline at end of file +--- diff --git a/docs/_export/VLAN.md b/docs/_export/VLAN.md index 9b7777c94..c0107f0ba 100644 --- a/docs/_export/VLAN.md +++ b/docs/_export/VLAN.md @@ -1,11 +1,11 @@ --- title: VLAN -description: List of fields exported together with basic flow fields on the interface by VLAN plugin. -fields: +description: List of fields exported together with basic flow fields on the interface by VLAN plugin. +fields: - name: "VLAN_ID" type: "uint16" ipfix: "0/58" value: " Vlan ID (used in flow key)" ---- \ No newline at end of file +--- diff --git a/docs/_export/WG.md b/docs/_export/WG.md index 75658e31c..adb17fe13 100644 --- a/docs/_export/WG.md +++ b/docs/_export/WG.md @@ -1,7 +1,7 @@ --- title: WG -description: List of fields exported together with basic flow fields on interface by WG plugin. -fields: +description: List of fields exported together with basic flow fields on interface by WG plugin. +fields: - name: "WG_CONF_LEVEL" type: "uint8" @@ -18,4 +18,4 @@ fields: ipfix: "8057/1102" value: " ephemeral DST peer identifier" ---- \ No newline at end of file +--- diff --git a/docs/_export/basic.md b/docs/_export/basic.md index 3c2a7d1c0..a15d4c5ba 100644 --- a/docs/_export/basic.md +++ b/docs/_export/basic.md @@ -1,90 +1,90 @@ --- title: Basic -description: Basic unirec fields exported on interface with basic (pseudo) plugin. These fields are also exported on interfaces where HTTP, DNS, SIP and NTP plugins are active. -fields: - - +description: Basic unirec fields exported on interface with basic (pseudo) plugin. These fields are also exported on interfaces where HTTP, DNS, SIP and NTP plugins are active. +fields: + - name: "DST_MAC" type: "macaddr" ipfix: "0/80" value: "destination MAC address" - - - name: "SRC_MAC" + - + name: "SRC_MAC" type: "macaddr" ipfix: "0/56" value: "source MAC address" - - - name: "DST_IP" + - + name: "DST_IP" type: "ipaddr" ipfix: "0/12 or 0/28" value: "destination IP address" - - - name: "SRC_IP" + - + name: "SRC_IP" type: "ipaddr" ipfix: "0/8 or 0/27" value: "source IP address" - - - name: "BYTES" + - + name: "BYTES" type: "uint64" ipfix: "0/1" value: "number of bytes in data flow (src to dst)" - - - name: "BYTES_REV" + - + name: "BYTES_REV" type: "uint64" ipfix: "29305/1" value: "number of bytes in data flow (dst to src)" - - - name: "LINK_BIT_FIELD or ODID" + - + name: "LINK_BIT_FIELD or ODID" type: "uint64 or uint32" ipfix: "-" value: "exporter identification" - - - name: "TIME_FIRST" + - + name: "TIME_FIRST" type: "time" ipfix: "0/152" value: "first time stamp" - - - name: "TIME_LAST" + - + name: "TIME_LAST" type: "time" ipfix: "0/153" value: "last time stamp" - - - name: "PACKETS" + - + name: "PACKETS" type: "uint32" ipfix: "0/2" value: "number of packets in data flow (src to dst)" - - - name: "PACKETS_REV" + - + name: "PACKETS_REV" type: "uint32" ipfix: "29305/2" value: "number of packets in data flow (dst to src)" - - - name: "DST_PORT" + - + name: "DST_PORT" type: "uint16" ipfix: "0/11" value: "transport layer destination port" - - - name: "SRC_PORT" + - + name: "SRC_PORT" type: "uint16" ipfix: "0/7" value: "transport layer source port" - - - name: "DIR_BIT_FIELD" + - + name: "DIR_BIT_FIELD" type: "uint8" ipfix: "0/10" value: "bit field for determining outgoing/incoming traffic" - - - name: "PROTOCOL" + - + name: "PROTOCOL" type: "uint8" ipfix: "0/60" value: "transport protocol" - - - name: "TCP_FLAGS" + - + name: "TCP_FLAGS" type: "uint8" ipfix: "0/6" value: "TCP protocol flags (src to dst)" - - - name: "TCP_FLAGS_REV" + - + name: "TCP_FLAGS_REV" type: "uint8" ipfix: "29305/6" value: "TCP protocol flags (dst to src)" ---- \ No newline at end of file +--- diff --git a/docs/_export/basic_plus.md b/docs/_export/basic_plus.md index 98f75a334..c7cf10543 100644 --- a/docs/_export/basic_plus.md +++ b/docs/_export/basic_plus.md @@ -1,7 +1,7 @@ --- title: Basic plus -description: List of unirec fields exported together with basic flow fields on interface by basicplus plugin. Fields without _REV suffix are fields from source flow. Fields with _REV are from the opposite direction. -fields: +description: List of unirec fields exported together with basic flow fields on interface by basicplus plugin. Fields without _REV suffix are fields from source flow. Fields with _REV are from the opposite direction. +fields: - name: "IP_TTL" type: "uint8" @@ -57,4 +57,4 @@ fields: type: "uint16" ipfix: "8057/902" value: "TCP SYN packet size" ---- \ No newline at end of file +--- diff --git a/docs/_get_options/_defaults.md b/docs/_get_options/_defaults.md index 9e20ae372..d9c7d6aa8 100644 --- a/docs/_get_options/_defaults.md +++ b/docs/_get_options/_defaults.md @@ -2,4 +2,4 @@ title: description: code: ---- \ No newline at end of file +--- diff --git a/docs/_get_options/a_rhel_packages.md b/docs/_get_options/a_rhel_packages.md index c67cf60be..99212a4f6 100644 --- a/docs/_get_options/a_rhel_packages.md +++ b/docs/_get_options/a_rhel_packages.md @@ -2,16 +2,15 @@ title: Installation from binary packages (RPM) (recommended) description: We use COPR infrastructure to build and serve ipfixprobe packages. Currently, we support packages for RPM-based distributions, such as OracleLinux, RockyLinux, ... EPEL version 8 or 9. -instructions: - - +instructions: + - description: "Install copr repository." code: - "dnf install -y dnf-plugins-core && dnf copr -y enable @CESNET/NEMEA-stable" - - + - description: "After succesfull instalation of COPR, you can install the ipfixprobe via yum or dnf." - code: + code: - "dnf install ipfixprobe" - --- diff --git a/docs/_get_options/build_from_source.md b/docs/_get_options/build_from_source.md index 10ff2ae47..753a3c218 100644 --- a/docs/_get_options/build_from_source.md +++ b/docs/_get_options/build_from_source.md @@ -1,31 +1,31 @@ --- title: Build from source codes -description: You can build ipfixprobe from source codes available at github. +description: You can build ipfixprobe from source codes available at github. -instructions: - - +instructions: + - description: "Install requirements" - code: + code: - "dnf -y install wget curl net-tools gcc gcc-c++ git libtool libpcap-devel libunwind libssl-devel libpcap-devel" - - + - description: "Now get the ipfixprobe source codes" - code: + code: - "git clone https://github.com/CESNET/ipfixprobe.git" - cd ipfixprobe - autoreconf -i - - + - description: "Ipfixprobe uses autotools to setup the build process. We encourage you to explore ./configure.sh -h to see all the available options. Nevertheless, for standard (max 1Gbps) network monitoroing without any specialized tools, you should use following configuration." - code: + code: - "./configure.sh --with-pcap --with-quic --with-unwind" - - + - description: "Then just make the ipfixprobe and install it. You might need root privileges for installation." - code: + code: - "make -j 2" - "sudo make install" - - + - description: "Optional NEMEA plugin. Ipfixprobe can export data directly to NEMEA framework. If you want to use this feature, you need to install NEMEA dependencies and enable this feature in autotools script." - code: + code: - "dnf install libtrap-devel unirec-devel" - "./configure.sh --with-pcap --with-quic --with-unwind --with-nemea" - "make -j 2" diff --git a/docs/_get_options/openwrt.md b/docs/_get_options/openwrt.md index 66b92bf33..379fdbd51 100644 --- a/docs/_get_options/openwrt.md +++ b/docs/_get_options/openwrt.md @@ -2,15 +2,15 @@ title: Installation on Turris (OpenWrt routers) description: CESNET feed is officially supported by CZ.NIC, so installation on Turris devices is easy! Contrary for other OpenWrt devices, it is most likely necessary to compile a package; see our NEMEA-OpenWrt feed for more details or contact us. Installation on Turris can be done via SSH, which is described bellow, or using LUCI intuitive interface. -instructions: - - +instructions: + - description: "Update repository metadata" code: - opkg update - - + - description: "Install ipfixprobe" - code: + code: - opkg install ipfixprobe - @@ -18,6 +18,4 @@ instructions: code: - opkg install luci-app-ipfixprobe - --- - diff --git a/docs/_how/Input plugin.md b/docs/_how/Input plugin.md index 9a68b2dc0..b260e437e 100644 --- a/docs/_how/Input plugin.md +++ b/docs/_how/Input plugin.md @@ -1,58 +1,58 @@ --- title: Input plugin -description: Input plugin defines source of incoming packets. Use -i to specify input plugin. +description: Input plugin defines source of incoming packets. Use -i to specify input plugin. -options: - - +options: + - title: "Pcap reader" description: "Input plugin for reading packets from a pcap file or a network interface" parameters: - - - name: "f or file" + - + name: "f or file" description: "Defines path to pcap file." - - - name: "i or ifc" + - + name: "i or ifc" description: "Defines interface name." - - - name: "F or filter" + - + name: "F or filter" description: "Defines filter string." - - - name: "s or snaplen" + - + name: "s or snaplen" description: "Defines snapshot length in bytes (live capture only)." - - - name: "l or list" + - + name: "l or list" description: "Print list of available interfaces." - runs: - - + runs: + - explanation: "Read the pcap file specified by PATH value. Possible PATH value 'pcaps/bstats.pcap' " code: "./ipfixprobe -i 'pcap;file=PATH;' -s 'cache'" - explanation: "Read packets from interface specified by IFC value. Possible IFC value 'eth0'" code: "./ipfixprobe -i 'pcap;i=IFC;' -s 'cache'" - - + - title: "DPDK" description: "Input plugin for reading packets using DPDK interface" parameters: - - - name: "b or bsize" + - + name: "b or bsize" description: "Size of the MBUF packet buffer. Default: 64." - - - name: "p or port" + - + name: "p or port" description: "DPDK port to be used as an input interface." - - - name: "m or mem" + - + name: "m or mem" description: "Size of the memory pool for received packets. Default: 16384." - - - name: "q or queue" + - + name: "q or queue" description: "Number of RX queues. Default: 1." - - - name: "e or eal" + - + name: "e or eal" description: "DPDK eal." - - - name: "M or mtu" + - + name: "M or mtu" description: "Input interface MTU. Default: 1518." - runs: - - + runs: + - explanation: "Read packets using DPDK input interface and 1 DPDK queue, enable plugins for basic statistics, http and tls, output to IPFIX on a local machine DPDK EAL parameters are passed in `e, eal` parameters DPDK plugin configuration has to be specified in the first input interface. @@ -62,20 +62,20 @@ options: - explanation: "Same example for the multiport read from ports 0 and 1, note comma separated ports:" code: "./ipfixprobe -i 'dpdk;p=0,1;q=3;e=-c 0x1 -a <[domain:]bus:devid.func>' -i dpdk -i dpdk -p http -p bstats -p tls -o 'ipfix;h=127.0.0.1'" - - + - title: "DPDK-ring" description: "DPDK ring input interface for ipfixprobe (secondary DPDK app)." parameters: - - - name: "b or bsize" + - + name: "b or bsize" description: "Size of the MBUF packet buffer. Default: 64." - - - name: "r or ring" + - + name: "r or ring" description: "Name of the ring to read packets from. Need to be specified explicitly thus no default provided." - - - name: "e or eal" + - + name: "e or eal" description: "DPDK eal." - runs: + runs: - explanation: "Read packets using DPDK input interface as secondary process with shared memory (DPDK rings) - in this case, 4 DPDK rings are used" code: "./ipfixprobe -i 'dpdk-ring;r=rx_ipfixprobe_0;e= --proc-type=secondary' -i 'dpdk-ring;r=rx_ipfixprobe_1' -i 'dpdk-ring;r=rx_ipfixprobe_2' -i 'dpdk-ring;r=rx_ipfixprobe_3' -o 'text'" @@ -83,21 +83,21 @@ options: title: "Raw" description: "Input plugin for reading packets from raw interface" parameters: - - - name: "i or ifc" + - + name: "i or ifc" description: "Defines network interface name." - - - name: "b or blocks" + - + name: "b or blocks" description: "Defines number of packet blocks." - - - name: "f or fanout" + - + name: "f or fanout" description: "Enables packet fanout." - - - name: "p or pkts" + - + name: "p or pkts" description: "Defines number of packets in block." - - - name: "l or list" - description: "Print list of available interfaces." + - + name: "l or list" + description: "Print list of available interfaces." runs: - explanation: "Read packets from interface specified by IFC value. Possible IFC value 'eth0'" @@ -106,27 +106,27 @@ options: title: "Benchmark" description: "Input plugin for various benchmarking purposes." parameters: - - - name: "m or mode" + - + name: "m or mode" description: "Defines benchmark mode: 1f (1x N-packet flow) or nf (Nx 1-packet flow)." - - - name: "S or seed" + - + name: "S or seed" description: "Defines string seed for random generator." - - - name: "d or duration" - description: "Defines duration in seconds." - - - name: "p or count" + - + name: "d or duration" + description: "Defines duration in seconds." + - + name: "p or count" description: "Defines packet count." - - - name: "s or size" - description: "Defines packet size." - - - name: "I or id" + - + name: "s or size" + description: "Defines packet size." + - + name: "I or id" description: "Defines link identifier number." runs: - explanation: "Read packets from interface specified with DPDK ports 0 and 1" code: "`./ipfixprobe -i 'dpdk;p=0,1;' -s 'cache'" - ---- \ No newline at end of file + +--- diff --git a/docs/_how/output plugin.md b/docs/_how/output plugin.md index 349c290c4..6eda09079 100644 --- a/docs/_how/output plugin.md +++ b/docs/_how/output plugin.md @@ -1,88 +1,88 @@ ---- -title: Output plugin -description: Output plugin defines how flows are expoted. Use -o to specify output plugin. - -options: -- - title: "Text" - description: "Provides human readable output to the terminal or file." - parameters: - - - name: "f or file" - description: "Defines path to savefile to write output in instead of stdout." - - - name: "m or mac" - description: "Boolean flag. Mac addresses are hidden if set." - - runs: - - - explanation: "Print expoted flows to the terminal without mac adresses " - code: "./ipfixprobe -o 'text;mac'-i 'pcap;file=...;' -s 'cache'" - - - explanation: "Print expoted flows to the FILE" - code: "./ipfixprobe -o 'text;f=FILE'-i 'pcap;file=...;' -s 'cache'" -- - title: "IPFIX" - description: "Exports data in the IPFIX format" - parameters: - - - name: "h or host" - description: "Defines ip address of remote collector." - - - name: "p or port " - description: "Defines collector port to send data to." - - - name: "m or mtu" - description: "Defines maximum size of ipfix packet payload sent." - - - name: "u or udp" - description: "Boolean flag. UDP is used if set." - - - name: "n or non-blocking-tcp" - description: "Boolean flag. Non-blocking-tcp socket is used if set." - - - name: "I or id" - description: "Defines exporter id." - - - name: "t or template" - description: "Defines template refresh rate in seconds." - runs: - - - explanation: "Send exported data to the localhost using UDP as an exporter 3." - code: "./ipfixprobe -o 'ipfix;h=127.0.0.1,u,I=3'-i 'pcap;file=...;' -s 'cache'" - - - explanation: "Send exported data to the localhost:4739 using non-blocking tcp as an exporter 3 with maximal transfer unit set to 2000." - code: "./ipfixprobe -o 'ipfix;h=127.0.0.1,p=4739,n,mtu=2000'-i 'pcap;file=...;' -s 'cache'" -- - title: "UNIREC" - description: "Exports data in the UNIREC format" - parameters: - - - name: "i or ifc" - description: "Defines unirec interface to use." - - - name: "p or plugins" - description: "Defines plugin-interface mapping. Plugins can be grouped like '(p1,p2,p3),p4,(p5,p6)." - - - name: "o or odid" - description: "Boolean flag.If set exports ODID field." - - - name: "e or eof" - description: "Boolean flag.If set sends eof messag on exit." - - - name: "I or id" - description: "Defines exporter id." - - - name: "h or help" - description: "Prints libtrap help." - runs: - - - explanation: "Send exported data to the Unix socket 'ipfixprobe'" - code: "./ipfixprobe -o 'unirec;i=u:ipfixprobe'-i 'pcap;file=...;' -s 'cache'" - - - explanation: "Same as previous, but should be used with small pcap files to avoid not sending data" - code: "./ipfixprobe -o 'unirec;i=u:ipfixprobe:timeout=WAIT:buffer=off'-i 'pcap;file=...;' -s 'cache'" - - - explanation: "Save exported data to the data.trapcap" - code: "./ipfixprobe -o 'unirec;i=f:data.trapcap'-i 'pcap;file=...;' -s 'cache'" ---- \ No newline at end of file +--- +title: Output plugin +description: Output plugin defines how flows are expoted. Use -o to specify output plugin. + +options: +- + title: "Text" + description: "Provides human readable output to the terminal or file." + parameters: + - + name: "f or file" + description: "Defines path to savefile to write output in instead of stdout." + - + name: "m or mac" + description: "Boolean flag. Mac addresses are hidden if set." + + runs: + - + explanation: "Print expoted flows to the terminal without mac adresses " + code: "./ipfixprobe -o 'text;mac'-i 'pcap;file=...;' -s 'cache'" + - + explanation: "Print expoted flows to the FILE" + code: "./ipfixprobe -o 'text;f=FILE'-i 'pcap;file=...;' -s 'cache'" +- + title: "IPFIX" + description: "Exports data in the IPFIX format" + parameters: + - + name: "h or host" + description: "Defines ip address of remote collector." + - + name: "p or port " + description: "Defines collector port to send data to." + - + name: "m or mtu" + description: "Defines maximum size of ipfix packet payload sent." + - + name: "u or udp" + description: "Boolean flag. UDP is used if set." + - + name: "n or non-blocking-tcp" + description: "Boolean flag. Non-blocking-tcp socket is used if set." + - + name: "I or id" + description: "Defines exporter id." + - + name: "t or template" + description: "Defines template refresh rate in seconds." + runs: + - + explanation: "Send exported data to the localhost using UDP as an exporter 3." + code: "./ipfixprobe -o 'ipfix;h=127.0.0.1,u,I=3'-i 'pcap;file=...;' -s 'cache'" + - + explanation: "Send exported data to the localhost:4739 using non-blocking tcp as an exporter 3 with maximal transfer unit set to 2000." + code: "./ipfixprobe -o 'ipfix;h=127.0.0.1,p=4739,n,mtu=2000'-i 'pcap;file=...;' -s 'cache'" +- + title: "UNIREC" + description: "Exports data in the UNIREC format" + parameters: + - + name: "i or ifc" + description: "Defines unirec interface to use." + - + name: "p or plugins" + description: "Defines plugin-interface mapping. Plugins can be grouped like '(p1,p2,p3),p4,(p5,p6)." + - + name: "o or odid" + description: "Boolean flag.If set exports ODID field." + - + name: "e or eof" + description: "Boolean flag.If set sends eof messag on exit." + - + name: "I or id" + description: "Defines exporter id." + - + name: "h or help" + description: "Prints libtrap help." + runs: + - + explanation: "Send exported data to the Unix socket 'ipfixprobe'" + code: "./ipfixprobe -o 'unirec;i=u:ipfixprobe'-i 'pcap;file=...;' -s 'cache'" + - + explanation: "Same as previous, but should be used with small pcap files to avoid not sending data" + code: "./ipfixprobe -o 'unirec;i=u:ipfixprobe:timeout=WAIT:buffer=off'-i 'pcap;file=...;' -s 'cache'" + - + explanation: "Save exported data to the data.trapcap" + code: "./ipfixprobe -o 'unirec;i=f:data.trapcap'-i 'pcap;file=...;' -s 'cache'" +--- diff --git a/docs/_how/storage plugin.md b/docs/_how/storage plugin.md index 1d182936b..5d8fc553a 100644 --- a/docs/_how/storage plugin.md +++ b/docs/_how/storage plugin.md @@ -1,32 +1,32 @@ ---- -title: Storage plugin -description: Storage plugin defines how flows are internally stored. Use -s to specify storage plugin. - -options: -- - title: "Cache" - description: "Currently only available plugin. Hash table is used to keep flows. Hash table is divided into rows. Each row is managed as LRU. " - parameters: - - - name: "s or size" - description: "Defines count of flows that are kept in the cache at once. Cache size is 2s." - - - name: "l or line" - description: "Defines length of the cache line. Line length is 2l." - - - name: "a or active" - description: "Defines active timeout. When there is a flow, that is active for more than -a seconds, its exported." - - - name: "i or inactive" - description: "Defines inactive timeout. When there is a flow, that is inactive for more than -i seconds, its exported." - - - name: "S or split " - description: "Boolean flag. Defines if the bidirectional flow between two nodes is splitted into 2 separate unidirectional flows." - - - name: "fe/frag-enable, fs/frag-size, ft/frag-timeout" - description: "Used to enable completing fragmented packets into one packet. Framentation cache size is fs and timeout to consider fragments belong to same packet is ft." - runs: - - - explanation: "Store flows using 'cache' " - code: "./ipfixprobe -s 'cache' -i 'pcap;file=PATH;'" ---- \ No newline at end of file +--- +title: Storage plugin +description: Storage plugin defines how flows are internally stored. Use -s to specify storage plugin. + +options: +- + title: "Cache" + description: "Currently only available plugin. Hash table is used to keep flows. Hash table is divided into rows. Each row is managed as LRU. " + parameters: + - + name: "s or size" + description: "Defines count of flows that are kept in the cache at once. Cache size is 2s." + - + name: "l or line" + description: "Defines length of the cache line. Line length is 2l." + - + name: "a or active" + description: "Defines active timeout. When there is a flow, that is active for more than -a seconds, its exported." + - + name: "i or inactive" + description: "Defines inactive timeout. When there is a flow, that is inactive for more than -i seconds, its exported." + - + name: "S or split " + description: "Boolean flag. Defines if the bidirectional flow between two nodes is splitted into 2 separate unidirectional flows." + - + name: "fe/frag-enable, fs/frag-size, ft/frag-timeout" + description: "Used to enable completing fragmented packets into one packet. Framentation cache size is fs and timeout to consider fragments belong to same packet is ft." + runs: + - + explanation: "Store flows using 'cache' " + code: "./ipfixprobe -s 'cache' -i 'pcap;file=PATH;'" +--- diff --git a/docs/_includes/social-icon.html b/docs/_includes/social-icon.html index c4d125ba9..a6dd4528d 100644 --- a/docs/_includes/social-icon.html +++ b/docs/_includes/social-icon.html @@ -16,5 +16,5 @@ {% when "RSS" %} {% when "GitHub" %} - + {% endcase %} diff --git a/docs/_sass/developer.scss b/docs/_sass/developer.scss index b65022ce5..67eee5f5e 100644 --- a/docs/_sass/developer.scss +++ b/docs/_sass/developer.scss @@ -1,18 +1,18 @@ hr { - margin-top: 10px; + margin-top: 10px; width: 100%; } table { border-collapse: collapse; - width: 100%; + width: 100%; } th, td { - border: 1px solid black; - padding: 8px; - text-align: left; - } + border: 1px solid black; + padding: 8px; + text-align: left; + } .hidden { display: none; } @@ -24,4 +24,4 @@ th, td { color: #D3163C; background-color: #CCCCCC; padding: 0.2em; - } \ No newline at end of file + } diff --git a/docs/_sass/footer.scss b/docs/_sass/footer.scss index 2a2968551..464e6b3ce 100644 --- a/docs/_sass/footer.scss +++ b/docs/_sass/footer.scss @@ -77,13 +77,13 @@ footer { .copyright { font-size: .8em; margin: 0 auto; - + @media #{$tablet} { text-align: center; } } - + &, a { color: #999; diff --git a/docs/_sass/get_options.scss b/docs/_sass/get_options.scss index ba6831155..60166ce07 100644 --- a/docs/_sass/get_options.scss +++ b/docs/_sass/get_options.scss @@ -5,4 +5,4 @@ section span { border: 1px solid #999; display: block; padding: 20px; - } \ No newline at end of file + } diff --git a/docs/_sass/how.scss b/docs/_sass/how.scss index 41e290cb7..8cc03d942 100644 --- a/docs/_sass/how.scss +++ b/docs/_sass/how.scss @@ -12,7 +12,7 @@ p { font-weight: normal; margin: 0px; } - + hr { margin-top: 10px; width: 100%; @@ -25,4 +25,4 @@ ul, ol { h2 { font-size: 1.5em; margin: 0.5em 0 0.5em 0; - } \ No newline at end of file + } diff --git a/docs/css/screen.scss b/docs/css/screen.scss index d14200c20..b2f2a8c46 100644 --- a/docs/css/screen.scss +++ b/docs/css/screen.scss @@ -16,4 +16,4 @@ @import "cloudcannon"; @import "get_options"; @import "developer"; -@import "how"; \ No newline at end of file +@import "how"; diff --git a/docs/developer.html b/docs/developer.html index 8451a5046..daee84592 100644 --- a/docs/developer.html +++ b/docs/developer.html @@ -1,9 +1,9 @@ --- title: Developer info -heading: Developer info +heading: Developer info ---
-
+

The architecture of the ipfixprobe can be described by the following diagram:

@@ -46,4 +46,4 @@

Input plugin

-
\ No newline at end of file + diff --git a/docs/export.html b/docs/export.html index a89b6735f..ec3d961dc 100644 --- a/docs/export.html +++ b/docs/export.html @@ -1,16 +1,16 @@ --- title: Export data -heading: Export data +heading: Export data --- {% assign sorted_export = site.export | sort: 'title' %}
-
+

Process plugins can export data. Export format of each plugin is described in this section

- {% for export_table in sorted_export %} + {% for export_table in sorted_export %}

{{export_table.title}}

{% assign textId = export_table.title | append: "_text" %} @@ -26,7 +26,7 @@

{{export_table.title}}

- {% for row in export_table.fields %} + {% for row in export_table.fields %} {{row.name}} {{row.type}} diff --git a/docs/how.html b/docs/how.html index 9b7c07f6d..79af13cbf 100644 --- a/docs/how.html +++ b/docs/how.html @@ -4,7 +4,7 @@ ---
-
+
This guide expects ipfixprobe is already installed, see installation step. The following sections describe alternative ways how to run ipfixprobe. @@ -14,7 +14,7 @@

Systemd service (recommended)

The ipfixprobe can be set up to be used as a daemon to continuously process incoming packets from the boot up:

Create your instance.conf configuration, and save it in /etc/ipfixprobe/
- + All settings are explained in the example file

To start the systemd service, use:

@@ -43,10 +43,10 @@

{{ plugin.title | raw }}

The ipfixprobe consists of one input, zero or one output, one storage and zero or more process plugins.

{% for plugin in site.how %}
-

+

{{ plugin.title | raw }}

{{ plugin.description | raw }}

-
+
{% for option in plugin.options %}

{{ option.title }}

@@ -189,7 +189,7 @@

OpenWrt / Turris

sibling = sibling.nextElementSibling; } } - + document.querySelectorAll('.clickable').forEach(clickable => { clickable.addEventListener('click', function() { const clicked = this; @@ -199,7 +199,7 @@

OpenWrt / Turris

return; } hideAll(); - + while (sibling && sibling.tagName !== 'H1') { sibling.classList.remove('hidden'); sibling = sibling.nextElementSibling; diff --git a/docs/index.html b/docs/index.html index bed2167da..c635c1f13 100644 --- a/docs/index.html +++ b/docs/index.html @@ -25,7 +25,7 @@

Does ipfixprobe support small routers?

How shall I deploy ipfixprobe on my network?

-

The ipfixprobe supports multiple inputs. From the high-speed DPDK or NDP inputs produced by specialized 100 Gbps network monitoring cards, +

The ipfixprobe supports multiple inputs. From the high-speed DPDK or NDP inputs produced by specialized 100 Gbps network monitoring cards, to slower interfaces such as libpcap that is supported in any operating system.

diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt new file mode 100644 index 000000000..13374a676 --- /dev/null +++ b/external/CMakeLists.txt @@ -0,0 +1,6 @@ +include(FetchContent) +include(ExternalProject) + +set(FETCHCONTENT_QUIET OFF) + +include(telemetry.cmake) diff --git a/external/telemetry.cmake b/external/telemetry.cmake new file mode 100644 index 000000000..5ae7321b8 --- /dev/null +++ b/external/telemetry.cmake @@ -0,0 +1,26 @@ +# Telemetry library (C++ library for telemetry data collection with Fuse integration) +# +# The Telemetry library consists of two libraries that can be added as dependency: +# +# - telemetry::telemetry (C++ library for telemetry data collection) +# - telemetry::appFs (C++ library that expose telemetry data as a Fuse filesystem) + +set(TELEMETRY_BUILD_SHARED OFF) +set(TELEMETRY_INSTALL_TARGETS OFF) +set(TELEMETRY_PACKAGE_BUILDER OFF) +set(TELEMETRY_ENABLE_TESTS OFF) + +set(CMAKE_POSITION_INDEPENDENT_CODE ON) + +set(GIT_REPO https://github.com/CESNET/telemetry.git) + +FetchContent_Declare( + telemetry + GIT_REPOSITORY ${GIT_REPO} + GIT_TAG v1.1.0 +) + +# Make sure that subproject accepts predefined build options without warnings. +set(CMAKE_POLICY_DEFAULT_CMP0077 NEW) + +FetchContent_MakeAvailable(telemetry) diff --git a/googletest b/googletest deleted file mode 160000 index 5ec7f0c4a..000000000 --- a/googletest +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 5ec7f0c4a113e2f18ac2c6cc7df51ad6afc24081 diff --git a/include/ipfixprobe/api.hpp b/include/ipfixprobe/api.hpp new file mode 100644 index 000000000..41c02be44 --- /dev/null +++ b/include/ipfixprobe/api.hpp @@ -0,0 +1,33 @@ +/** + * @file + * @brief Definitions for API functions + * @author Pavel Siska + * @date 2025 + * + * Copyright (c) 2025 CESNET + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#pragma once + +/** + * \def IPXP_API + * \brief Macro for exporting public API symbols + * + * This macro is used to explicitly mark symbols that are part of the public API. + * If the compiler supports visibility attributes, it ensures that only symbols + * marked with this macro are exported, while others remain hidden. + * + * Using this macro helps reduce the symbol table size, improves load time, + * and minimizes symbol conflicts by keeping internal symbols hidden. + * + * Example usage: + * \code + * class IPXP_API MyClass { + * public: + * void doSomething(); + * }; + * \endcode + */ +#define IPXP_API [[gnu::visibility("default")]] diff --git a/include/ipfixprobe/byte-utils.hpp b/include/ipfixprobe/byte-utils.hpp index 34c3a94dc..61153927a 100644 --- a/include/ipfixprobe/byte-utils.hpp +++ b/include/ipfixprobe/byte-utils.hpp @@ -45,14 +45,14 @@ namespace ipxp { #if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN static inline uint64_t swap_uint64(uint64_t value) { - return value; + return value; } #elif defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN static inline uint64_t swap_uint64(uint64_t value) { - value = ((value << 8) & 0xFF00FF00FF00FF00ULL) | ((value >> 8) & 0x00FF00FF00FF00FFULL); - value = ((value << 16) & 0xFFFF0000FFFF0000ULL) | ((value >> 16) & 0x0000FFFF0000FFFFULL); - return (value << 32) | (value >> 32); + value = ((value << 8) & 0xFF00FF00FF00FF00ULL) | ((value >> 8) & 0x00FF00FF00FF00FFULL); + value = ((value << 16) & 0xFFFF0000FFFF0000ULL) | ((value >> 16) & 0x0000FFFF0000FFFFULL); + return (value << 32) | (value >> 32); } #else #error "Please fix " diff --git a/include/ipfixprobe/flowifc.hpp b/include/ipfixprobe/flowifc.hpp index 2014f9a27..4919df27f 100644 --- a/include/ipfixprobe/flowifc.hpp +++ b/include/ipfixprobe/flowifc.hpp @@ -34,22 +34,22 @@ /* Interface between flow cache and flow exporter. */ -#include #include #include #include #ifdef WITH_NEMEA #include -#include "fields.h" #else #define UR_FIELDS(...) #endif -#include #include "ipaddr.hpp" + #include +#include + namespace ipxp { #define BASIC_PLUGIN_NAME "basic" @@ -61,215 +61,211 @@ int get_extension_cnt(); * \brief Flow record extension base struct. */ struct RecordExt { - RecordExt *m_next; /**< Pointer to next extension */ - int m_ext_id; /**< Identifier of extension. */ + RecordExt* m_next; /**< Pointer to next extension */ + int m_ext_id; /**< Identifier of extension. */ - /** - * \brief Constructor. - * \param [in] id ID of extension. - */ - RecordExt(int id) : m_next(nullptr), m_ext_id(id) - { - } + /** + * \brief Constructor. + * \param [in] id ID of extension. + */ + RecordExt(int id) + : m_next(nullptr) + , m_ext_id(id) + { + } #ifdef WITH_NEMEA - /** - * \brief Fill unirec record with stored extension data. - * \param [in] tmplt Unirec template. - * \param [out] record Pointer to the unirec record. - */ - virtual void fill_unirec(ur_template_t *tmplt, void *record) - { - } - - /** - * \brief Get unirec template string. - * \return Unirec template string. - */ - virtual const char *get_unirec_tmplt() const - { - return ""; - } + /** + * \brief Fill unirec record with stored extension data. + * \param [in] tmplt Unirec template. + * \param [out] record Pointer to the unirec record. + */ + virtual void fill_unirec(ur_template_t* tmplt, void* record) + { + (void) tmplt; + (void) record; + } + + /** + * \brief Get unirec template string. + * \return Unirec template string. + */ + virtual const char* get_unirec_tmplt() const { return ""; } #endif - /** - * \brief Fill IPFIX record with stored extension data. - * \param [out] buffer IPFIX template record buffer. - * \param [in] size IPFIX template record buffer size. - * \return Number of bytes written to buffer or -1 if data cannot be written. - */ - virtual int fill_ipfix(uint8_t *buffer, int size) - { - return 0; - } - - /** - * \brief Get ipfix string fields. - * \return Return ipfix fields array. - */ - virtual const char **get_ipfix_tmplt() const - { - return nullptr; - } - - /** - * \brief Get text representation of exported elements - * \return Return fields converted to text - */ - virtual std::string get_text() const - { - return ""; - } - - /** - * \brief Add extension at the end of linked list. - * \param [in] ext Extension to add. - */ - void add_extension(RecordExt *ext) - { - RecordExt **tmp = &m_next; - while (*tmp) { - tmp = &(*tmp)->m_next; - } - *tmp = ext; - } - - /** - * \brief Virtual destructor. - */ - virtual ~RecordExt() - { - if (m_next != nullptr) { - delete m_next; - } - } + /** + * \brief Fill IPFIX record with stored extension data. + * \param [out] buffer IPFIX template record buffer. + * \param [in] size IPFIX template record buffer size. + * \return Number of bytes written to buffer or -1 if data cannot be written. + */ + virtual int fill_ipfix(uint8_t* buffer, int size) + { + (void) buffer; + (void) size; + + return 0; + } + + /** + * \brief Get ipfix string fields. + * \return Return ipfix fields array. + */ + virtual const char** get_ipfix_tmplt() const { return nullptr; } + + /** + * \brief Get text representation of exported elements + * \return Return fields converted to text + */ + virtual std::string get_text() const { return ""; } + + /** + * \brief Add extension at the end of linked list. + * \param [in] ext Extension to add. + */ + void add_extension(RecordExt* ext) + { + RecordExt** tmp = &m_next; + while (*tmp) { + tmp = &(*tmp)->m_next; + } + *tmp = ext; + } + + /** + * \brief Virtual destructor. + */ + virtual ~RecordExt() + { + if (m_next != nullptr) { + delete m_next; + } + } }; struct Record { - RecordExt *m_exts; /**< Extension headers. */ - - /** - * \brief Add new extension header. - * \param [in] ext Pointer to the extension header. - */ - void add_extension(RecordExt* ext) - { - if (m_exts == nullptr) { - m_exts = ext; - } else { - RecordExt *ext_ptr = m_exts; - while (ext_ptr->m_next != nullptr) { - ext_ptr = ext_ptr->m_next; - } - ext_ptr->m_next = ext; - } - } - - /** - * \brief Get given extension. - * \param [in] id Type of extension. - * \return Pointer to the requested extension or nullptr if extension is not present. - */ - RecordExt *get_extension(int id) const - { - RecordExt *ext = m_exts; - while (ext != nullptr) { - if (ext->m_ext_id == id) { - return ext; - } - ext = ext->m_next; - } - return nullptr; - } - /** - * \brief Remove given extension. - * \param [in] id Type of extension. - * \return True when successfully removed - */ - bool remove_extension(int id) - { - RecordExt *ext = m_exts; - RecordExt *prev_ext = nullptr; - - while (ext != nullptr) { - if (ext->m_ext_id == id) { - if (prev_ext == nullptr) { // at beginning - m_exts = ext->m_next; - } else if (ext->m_next == nullptr) { // at end - prev_ext->m_next = nullptr; - } else { // in middle - prev_ext->m_next = ext->m_next; - } - ext->m_next = nullptr; - delete ext; - return true; - } - prev_ext = ext; - ext = ext->m_next; - } - return false; - } - - /** - * \brief Remove extension headers. - */ - void remove_extensions() - { - if (m_exts != nullptr) { - delete m_exts; - m_exts = nullptr; - } - } - - /** - * \brief Constructor. - */ - Record() : m_exts(nullptr) - { - } - - /** - * \brief Destructor. - */ - virtual ~Record() - { - remove_extensions(); - } + RecordExt* m_exts; /**< Extension headers. */ + + /** + * \brief Add new extension header. + * \param [in] ext Pointer to the extension header. + */ + void add_extension(RecordExt* ext) + { + if (m_exts == nullptr) { + m_exts = ext; + } else { + RecordExt* ext_ptr = m_exts; + while (ext_ptr->m_next != nullptr) { + ext_ptr = ext_ptr->m_next; + } + ext_ptr->m_next = ext; + } + } + + /** + * \brief Get given extension. + * \param [in] id Type of extension. + * \return Pointer to the requested extension or nullptr if extension is not present. + */ + RecordExt* get_extension(int id) const + { + RecordExt* ext = m_exts; + while (ext != nullptr) { + if (ext->m_ext_id == id) { + return ext; + } + ext = ext->m_next; + } + return nullptr; + } + /** + * \brief Remove given extension. + * \param [in] id Type of extension. + * \return True when successfully removed + */ + bool remove_extension(int id) + { + RecordExt* ext = m_exts; + RecordExt* prev_ext = nullptr; + + while (ext != nullptr) { + if (ext->m_ext_id == id) { + if (prev_ext == nullptr) { // at beginning + m_exts = ext->m_next; + } else if (ext->m_next == nullptr) { // at end + prev_ext->m_next = nullptr; + } else { // in middle + prev_ext->m_next = ext->m_next; + } + ext->m_next = nullptr; + delete ext; + return true; + } + prev_ext = ext; + ext = ext->m_next; + } + return false; + } + + /** + * \brief Remove extension headers. + */ + void remove_extensions() + { + if (m_exts != nullptr) { + delete m_exts; + m_exts = nullptr; + } + } + + /** + * \brief Constructor. + */ + Record() + : m_exts(nullptr) + { + } + + /** + * \brief Destructor. + */ + virtual ~Record() { remove_extensions(); } }; #define FLOW_END_INACTIVE 0x01 -#define FLOW_END_ACTIVE 0x02 -#define FLOW_END_EOF 0x03 -#define FLOW_END_FORCED 0x04 -#define FLOW_END_NO_RES 0x05 +#define FLOW_END_ACTIVE 0x02 +#define FLOW_END_EOF 0x03 +#define FLOW_END_FORCED 0x04 +#define FLOW_END_NO_RES 0x05 /** * \brief Flow record struct constaining basic flow record data and extension headers. */ struct Flow : public Record { - uint64_t flow_hash; - - struct timeval time_first; - struct timeval time_last; - uint64_t src_bytes; - uint64_t dst_bytes; - uint32_t src_packets; - uint32_t dst_packets; - uint8_t src_tcp_flags; - uint8_t dst_tcp_flags; - - uint8_t ip_version; - - uint8_t ip_proto; - uint16_t src_port; - uint16_t dst_port; - ipaddr_t src_ip; - ipaddr_t dst_ip; - - uint8_t src_mac[6]; - uint8_t dst_mac[6]; - uint8_t end_reason; + uint64_t flow_hash; + + struct timeval time_first; + struct timeval time_last; + uint64_t src_bytes; + uint64_t dst_bytes; + uint32_t src_packets; + uint32_t dst_packets; + uint8_t src_tcp_flags; + uint8_t dst_tcp_flags; + + uint8_t ip_version; + + uint8_t ip_proto; + uint16_t src_port; + uint16_t dst_port; + ipaddr_t src_ip; + ipaddr_t dst_ip; + + uint8_t src_mac[6]; + uint8_t dst_mac[6]; + uint8_t end_reason; }; -} +} // namespace ipxp #endif /* IPXP_FLOWIFC_HPP */ diff --git a/include/ipfixprobe/input.hpp b/include/ipfixprobe/input.hpp deleted file mode 100644 index aa5c09359..000000000 --- a/include/ipfixprobe/input.hpp +++ /dev/null @@ -1,83 +0,0 @@ -/** - * \file input.hpp - * \brief Generic interface of input plugin - * \author Vaclav Bartos - * \author Jiri Havranek - * \date 2021 - */ -/* - * Copyright (C) 2021 CESNET - * - * LICENSE TERMS - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * 3. Neither the name of the Company nor the names of its contributors - * may be used to endorse or promote products derived from this - * software without specific prior written permission. - * - * - * - */ - -#ifndef IPXP_INPUT_HPP -#define IPXP_INPUT_HPP - -#include -#include -#include - -#include "telemetry-utils.hpp" -#include "plugin.hpp" -#include "packet.hpp" -#include "parser-stats.hpp" - -namespace ipxp { - -/** - * \brief Base class for packet receivers. - */ -class InputPlugin : public TelemetryUtils, public Plugin -{ -public: - enum class Result { - TIMEOUT = 0, - PARSED, - NOT_PARSED, - END_OF_FILE, - ERROR - }; - - uint64_t m_seen; - uint64_t m_parsed; - uint64_t m_dropped; - - InputPlugin(); - virtual ~InputPlugin() {} - - virtual Result get(PacketBlock &packets) = 0; - - void set_telemetry_dirs( - std::shared_ptr plugin_dir, - std::shared_ptr queues_dir); - -protected: - virtual void configure_telemetry_dirs( - std::shared_ptr plugin_dir, - std::shared_ptr queues_dir) {}; - - ParserStats m_parser_stats; - -private: - void create_parser_stats_telemetry(std::shared_ptr queues_dir); -}; - -} -#endif /* IPXP_INPUT_TEMPLATE_HPP */ diff --git a/include/ipfixprobe/inputPlugin.hpp b/include/ipfixprobe/inputPlugin.hpp new file mode 100644 index 000000000..456af4052 --- /dev/null +++ b/include/ipfixprobe/inputPlugin.hpp @@ -0,0 +1,120 @@ +/** + * @file + * @brief Base class and factory for packet input plugins + * @author Pavel Siska + * @date 2025 + * + * This file defines the base class for input plugins, responsible for processing + * incoming packets, maintaining statistics, and integrating with the telemetry system. + * It also includes a factory template for plugin creation. + * + * Copyright (c) 2025 CESNET + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#pragma once + +#include "api.hpp" +#include "packet.hpp" +#include "parser-stats.hpp" +#include "plugin.hpp" +#include "telemetry-utils.hpp" + +#include +#include +#include + +#include + +namespace ipxp { + +/** + * \brief Base class for packet receivers. + * + * InputPlugin is an abstract base class for processing network packets. + * It provides functionality for handling telemetry directories and maintains + * statistics on processed packets. + */ +class IPXP_API InputPlugin + : public TelemetryUtils + , public Plugin { +public: + enum class Result { + TIMEOUT = 0, + PARSED, + NOT_PARSED, + END_OF_FILE, + ERROR, + }; + + virtual ~InputPlugin() = default; + + /** + * @brief Retrieves a block of packets. + * @param packets Reference to a PacketBlock to store received packets. + * @return The result of the packet retrieval operation. + */ + virtual Result get(PacketBlock& packets) = 0; + + /** + * @brief Sets the telemetry directories for this plugin. + * @param plugin_dir Shared pointer to the plugin-specific telemetry directory. + * @param queues_dir Shared pointer to the telemetry directory for queues. + */ + void set_telemetry_dirs( + std::shared_ptr plugin_dir, + std::shared_ptr queues_dir); + + /// Number of packets seen by the plugin. + uint64_t m_seen = 0; + /// Number of packets successfully parsed. + uint64_t m_parsed = 0; + /// Number of packets dropped. + uint64_t m_dropped = 0; + +protected: + /** + * @brief Configures the telemetry directories. + * + * This method can be overridden by derived classes to perform additional + * setup for telemetry directories. + * + * @param plugin_dir Shared pointer to the plugin-specific telemetry directory. + * @param queues_dir Shared pointer to the telemetry directory for queues. + */ + virtual void configure_telemetry_dirs( + std::shared_ptr plugin_dir, + std::shared_ptr queues_dir) + { + (void) plugin_dir; + (void) queues_dir; + }; + + /// Statistics related to packet parsing. + ParserStats m_parser_stats = {}; + +private: + void create_parser_stats_telemetry(std::shared_ptr queues_dir); +}; + +/** + * @brief Factory template for creating plugins. + * + * This template allows dynamic creation of plugin instances based on the specified + * base class and constructor argument types. + * + * @tparam Base The base class for the plugin. + * @tparam Args The argument types required for the plugin constructor. + */ +template +class IPXP_API PluginFactory; + +/** + * @brief Type alias for the InputPlugin factory. + * + * Provides a factory for creating InputPlugin instances using a string-based constructor. + */ +using InputPluginFactory = PluginFactory; + +} // namespace ipxp diff --git a/include/ipfixprobe/ipaddr.hpp b/include/ipfixprobe/ipaddr.hpp index 8e11e1b94..b80f9c5f7 100644 --- a/include/ipfixprobe/ipaddr.hpp +++ b/include/ipfixprobe/ipaddr.hpp @@ -31,18 +31,15 @@ namespace ipxp { -enum IP : uint8_t { - v4 = 4, - v6 = 6 -}; +enum IP : uint8_t { v4 = 4, v6 = 6 }; /** * \brief Store IPv4 or IPv6 address. */ typedef union ipaddr_u { - uint8_t v6[16]; /**< IPv6 address. */ - uint32_t v4; /**< IPv4 address */ + uint8_t v6[16]; /**< IPv6 address. */ + uint32_t v4; /**< IPv4 address */ } ipaddr_t; -} +} // namespace ipxp #endif /* IPXP_IPADDR_HPP */ diff --git a/include/ipfixprobe/ipfix-basiclist.hpp b/include/ipfixprobe/ipfix-basiclist.hpp index 59c343bb4..56f823007 100644 --- a/include/ipfixprobe/ipfix-basiclist.hpp +++ b/include/ipfixprobe/ipfix-basiclist.hpp @@ -29,41 +29,44 @@ #ifndef IPFIXBASICLIST #define IPFIXBASICLIST -#include -#include +#include "api.hpp" + #include + +#include #include +#include namespace ipxp { -struct IpfixBasicList { +struct IPXP_API IpfixBasicList { public: - static const uint8_t IpfixBasicListRecordHdrSize = 12; - static const uint8_t IpfixBasicListHdrSize = 9; - static const uint8_t flag = 255; // Maximum size see rfc631; - static const uint8_t hdrSemantic = 3; - - enum ePEMNumber { - CesnetPEM = 8057, - }; + static const uint8_t IpfixBasicListRecordHdrSize = 12; + static const uint8_t IpfixBasicListHdrSize = 9; + static const uint8_t flag = 255; // Maximum size see rfc631; + static const uint8_t hdrSemantic = 3; - ePEMNumber hdrEnterpriseNum; + enum ePEMNumber { + CesnetPEM = 8057, + }; + ePEMNumber hdrEnterpriseNum; - static uint64_t Tv2Ts(timeval input); + static uint64_t Tv2Ts(timeval input); - int32_t HeaderSize(); - int32_t FillBuffer(uint8_t *buffer, uint16_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int16_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, uint32_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int32_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, struct timeval *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, uint8_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int8_t *values, uint16_t len, uint16_t fieldID); + int32_t HeaderSize(); + int32_t FillBuffer(uint8_t* buffer, uint16_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int16_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, uint32_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int32_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, struct timeval* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, uint8_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int8_t* values, uint16_t len, uint16_t fieldID); private: - int32_t FillBufferHdr(uint8_t *buffer, uint16_t length, uint16_t elementLength, uint16_t fieldID); + int32_t + FillBufferHdr(uint8_t* buffer, uint16_t length, uint16_t elementLength, uint16_t fieldID); }; -} +} // namespace ipxp #endif // ifndef IPFIXBASICLIST diff --git a/include/ipfixprobe/ipfix-elements.hpp b/include/ipfixprobe/ipfix-elements.hpp index d9f894bcf..c266dac4e 100644 --- a/include/ipfixprobe/ipfix-elements.hpp +++ b/include/ipfixprobe/ipfix-elements.hpp @@ -43,7 +43,6 @@ namespace ipxp { * 4. Source memory pointer (to copy value from) */ - /** * Difference between NTP and UNIX epoch in number of seconds. */ @@ -57,7 +56,8 @@ namespace ipxp { /** * Create 64 bit NTP timestamp which consist of 32 bit seconds part and 32 bit fraction part. */ -#define MK_NTP_TS(ts) (((uint64_t) (ts.tv_sec + EPOCH_DIFF) << 32) | (uint64_t) NTP_USEC_TO_FRAC(ts.tv_usec)) +#define MK_NTP_TS(ts) \ + (((uint64_t) (ts.tv_sec + EPOCH_DIFF) << 32) | (uint64_t) NTP_USEC_TO_FRAC(ts.tv_usec)) /** * Convert FIELD to its "attributes", i.e. BYTES(FIELD) used in the source code produces @@ -67,243 +67,244 @@ namespace ipxp { #define FIELD(EN, ID, LEN, SRC) EN, ID, LEN, SRC /* The list of known IPFIX elements: */ -#define BYTES(F) F(0, 1, 8, &flow.src_bytes) -#define BYTES_REV(F) F(29305, 1, 8, &flow.dst_bytes) -#define PACKETS(F) F(0, 2, 8, (temp = (uint64_t) flow.src_packets, &temp)) -#define PACKETS_REV(F) F(29305, 2, 8, (temp = (uint64_t) flow.dst_packets, &temp)) -#define FLOW_START_MSEC(F) F(0, 152, 8, (temp = ((uint64_t) flow.time_first.tv_sec) * 1000 + (flow.time_first.tv_usec / 1000), &temp)) -#define FLOW_END_MSEC(F) F(0, 153, 8, (temp = ((uint64_t) flow.time_last.tv_sec) * 1000 + (flow.time_last.tv_usec / 1000), &temp)) -#define FLOW_START_USEC(F) F(0, 154, 8, (temp = MK_NTP_TS(flow.time_first), &temp)) -#define FLOW_END_USEC(F) F(0, 155, 8, (temp = MK_NTP_TS(flow.time_last), &temp)) -#define OBSERVATION_MSEC(F) F(0, 323, 8, nullptr) -#define INPUT_INTERFACE(F) F(0, 10, 4, &this->dir_bit_field) -#define OUTPUT_INTERFACE(F) F(0, 14, 2, nullptr) -#define FLOW_END_REASON(F) F(0, 136, 1, &flow.end_reason) -#define FLOW_ID(F) F(0, 148, 8, &flow.flow_hash) - -#define ETHERTYPE(F) F(0, 256, 2, nullptr) - -#define VLAN_ID(F) F(0, 58, 2, nullptr) - -#define L2_SRC_MAC(F) F(0, 56, 6, flow.src_mac) -#define L2_DST_MAC(F) F(0, 80, 6, flow.dst_mac) - -#define L3_PROTO(F) F(0, 60, 1, &flow.ip_version) -#define L3_IPV4_ADDR_SRC(F) F(0, 8, 4, &flow.src_ip.v4) -#define L3_IPV4_ADDR_DST(F) F(0, 12, 4, &flow.dst_ip.v4) -#define L3_IPV4_TOS(F) F(0, 5, 1, nullptr) -#define L3_IPV6_ADDR_SRC(F) F(0, 27, 16, &flow.src_ip.v6) -#define L3_IPV6_ADDR_DST(F) F(0, 28, 16, &flow.dst_ip.v6) -#define L3_IPV4_IDENTIFICATION(F) F(0, 54, 2, nullptr) -#define L3_IPV4_FRAGMENT(F) F(0, 88, 2, nullptr) -#define L3_IPV4_TTL(F) F(0, 192, 1, nullptr) -#define L3_IPV6_TTL(F) F(0, 192, 1, nullptr) -#define L3_TTL(F) F(0, 192, 1, nullptr) -#define L3_TTL_REV(F) F(29305, 192, 1, nullptr) -#define L3_FLAGS(F) F(0, 197, 1, nullptr) -#define L3_FLAGS_REV(F) F(29305, 197, 1, nullptr) - -#define L4_PROTO(F) F(0, 4, 1, &flow.ip_proto) -#define L4_TCP_FLAGS(F) F(0, 6, 1, &flow.src_tcp_flags) -#define L4_TCP_FLAGS_REV(F) F(29305, 6, 1, &flow.dst_tcp_flags) -#define L4_PORT_SRC(F) F(0, 7, 2, &flow.src_port) -#define L4_PORT_DST(F) F(0, 11, 2, &flow.dst_port) -#define L4_ICMP_TYPE_CODE(F) F(0, 32, 2, nullptr) -#define L4_TCP_WIN(F) F(0, 186, 2, nullptr) -#define L4_TCP_WIN_REV(F) F(29305, 186, 2, nullptr) -#define L4_TCP_OPTIONS(F) F(0, 209, 8, nullptr) -#define L4_TCP_OPTIONS_REV(F) F(29305, 209, 8, nullptr) - - -#define L4_TCP_MSS(F) F(8057, 900, 4, nullptr) -#define L4_TCP_MSS_REV(F) F(8057, 901, 4, nullptr) -#define L4_TCP_SYN_SIZE(F) F(8057, 902, 2, nullptr) - -#define HTTP_DOMAIN(F) F(39499, 1, -1, nullptr) -#define HTTP_REFERER(F) F(39499, 3, -1, nullptr) -#define HTTP_URI(F) F(39499, 2, -1, nullptr) -#define HTTP_CONTENT_TYPE(F) F(39499, 10, -1, nullptr) -#define HTTP_STATUS(F) F(39499, 12, 2, nullptr) -#define HTTP_USERAGENT(F) F(39499, 20, -1, nullptr) -#define HTTP_METHOD(F) F(8057, 200, -1, nullptr) -#define HTTP_SERVER(F) F(8057, 201, -1, nullptr) -#define HTTP_SET_COOKIE_NAMES(F) F(8057, 202, -1, nullptr) - -#define RTSP_METHOD(F) F(16982, 600, -1, nullptr) -#define RTSP_USERAGENT(F) F(16982, 601, -1, nullptr) -#define RTSP_URI(F) F(16982, 602, -1, nullptr) -#define RTSP_STATUS(F) F(16982, 603, 2, nullptr) -#define RTSP_CONTENT_TYPE(F) F(16982, 604, -1, nullptr) -#define RTSP_SERVER(F) F(16982, 605, -1, nullptr) - -#define DNS_RCODE(F) F(8057, 1, 1, nullptr) -#define DNS_NAME(F) F(8057, 2, -1, nullptr) -#define DNS_QTYPE(F) F(8057, 3, 2, nullptr) -#define DNS_CLASS(F) F(8057, 4, 2, nullptr) -#define DNS_RR_TTL(F) F(8057, 5, 4, nullptr) -#define DNS_RLENGTH(F) F(8057, 6, 2, nullptr) -#define DNS_RDATA(F) F(8057, 7, -1, nullptr) -#define DNS_PSIZE(F) F(8057, 8, 2, nullptr) -#define DNS_DO(F) F(8057, 9, 1, nullptr) -#define DNS_ID(F) F(8057, 10, 2, nullptr) -#define DNS_ATYPE(F) F(8057, 11, 2, nullptr) -#define DNS_ANSWERS(F) F(8057, 14, 2, nullptr) - -#define SIP_MSG_TYPE(F) F(8057, 100, 2, nullptr) -#define SIP_STATUS_CODE(F) F(8057, 101, 2, nullptr) -#define SIP_CALL_ID(F) F(8057, 102, -1, nullptr) -#define SIP_CALLING_PARTY(F) F(8057, 103, -1, nullptr) -#define SIP_CALLED_PARTY(F) F(8057, 104, -1, nullptr) -#define SIP_VIA(F) F(8057, 105, -1, nullptr) -#define SIP_USER_AGENT(F) F(8057, 106, -1, nullptr) -#define SIP_REQUEST_URI(F) F(8057, 107, -1, nullptr) -#define SIP_CSEQ(F) F(8057, 108, -1, nullptr) - -#define NTP_LEAP(F) F(8057, 18, 1, nullptr) -#define NTP_VERSION(F) F(8057, 19, 1, nullptr) -#define NTP_MODE(F) F(8057, 20, 1, nullptr) -#define NTP_STRATUM(F) F(8057, 21, 1, nullptr) -#define NTP_POLL(F) F(8057, 22, 1, nullptr) -#define NTP_PRECISION(F) F(8057, 23, 1, nullptr) -#define NTP_DELAY(F) F(8057, 24, 4, nullptr) -#define NTP_DISPERSION(F) F(8057, 25, 4, nullptr) -#define NTP_REF_ID(F) F(8057, 26, -1, nullptr) -#define NTP_REF(F) F(8057, 27, -1, nullptr) -#define NTP_ORIG(F) F(8057, 28, -1, nullptr) -#define NTP_RECV(F) F(8057, 29, -1, nullptr) -#define NTP_SENT(F) F(8057, 30, -1, nullptr) - -#define ARP_HA_FORMAT(F) F(8057, 31, 2, nullptr) -#define ARP_PA_FORMAT(F) F(8057, 32, 2, nullptr) -#define ARP_OPCODE(F) F(8057, 33, 2, nullptr) -#define ARP_SRC_HA(F) F(8057, 34, -1, nullptr) -#define ARP_SRC_PA(F) F(8057, 35, -1, nullptr) -#define ARP_DST_HA(F) F(8057, 36, -1, nullptr) -#define ARP_DST_PA(F) F(8057, 37, -1, nullptr) - -#define TLS_SNI(F) F(8057, 808, -1, nullptr) -#define TLS_VERSION(F) F(39499, 333, 2, nullptr) -#define TLS_ALPN(F) F(39499, 337, -1, nullptr) -#define TLS_JA3(F) F(39499, 357, -1, nullptr) -#define TLS_JA4(F) F(39499, 358, -1, nullptr) -#define TLS_EXT_TYPE(F) F(0, 291, -1, nullptr) -#define TLS_EXT_LEN(F) F(0, 291, -1, nullptr) - -#define SMTP_COMMANDS(F) F(8057, 810, 4, nullptr) -#define SMTP_MAIL_COUNT(F) F(8057, 811, 4, nullptr) -#define SMTP_RCPT_COUNT(F) F(8057, 812, 4, nullptr) -#define SMTP_SENDER(F) F(8057, 813, -1, nullptr) -#define SMTP_RECIPIENT(F) F(8057, 814, -1, nullptr) -#define SMTP_STATUS_CODES(F) F(8057, 815, 4, nullptr) -#define SMTP_CODE_2XX_COUNT(F) F(8057, 816, 4, nullptr) -#define SMTP_CODE_3XX_COUNT(F) F(8057, 817, 4, nullptr) -#define SMTP_CODE_4XX_COUNT(F) F(8057, 818, 4, nullptr) -#define SMTP_CODE_5XX_COUNT(F) F(8057, 819, 4, nullptr) -#define SMTP_DOMAIN(F) F(8057, 820, -1, nullptr) - -#define SSDP_LOCATION_PORT(F) F(8057, 821, 2, nullptr) -#define SSDP_SERVER(F) F(8057, 822, -1, nullptr) -#define SSDP_USER_AGENT(F) F(8057, 823, -1, nullptr) -#define SSDP_NT(F) F(8057, 824, -1, nullptr) -#define SSDP_ST(F) F(8057, 825, -1, nullptr) - -#define DNSSD_QUERIES(F) F(8057, 826, -1, nullptr) -#define DNSSD_RESPONSES(F) F(8057, 827, -1, nullptr) - -#define OVPN_CONF_LEVEL(F) F(8057, 828, 1, nullptr) -#define SSA_CONF_LEVEL(F) F(8057, 903, 1, nullptr) - -#define NB_NAME(F) F(8057, 831, -1, nullptr) -#define NB_SUFFIX(F) F(8057, 832, 1, nullptr) - - -#define IDP_CONTENT(F) F(8057, 850, -1, nullptr) -#define IDP_CONTENT_REV(F) F(8057, 851, -1, nullptr) - -#define STATS_PCKT_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1013 (uint16*) -#define STATS_PCKT_TIMESTAMPS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1014 (time*) -#define STATS_PCKT_TCPFLGS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1015 (uint8*) -#define STATS_PCKT_DIRECTIONS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1016 (int8*) - -#define SBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1050 (uint16*) -#define SBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1051 (uint16*) -#define SBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1052 (time*) -#define SBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1053 (time*) -#define DBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1054 (uint16*) -#define DBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1055 (uint16*) -#define DBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1056 (time*) -#define DBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1057 (time*) - -#define D_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1063 (uint32*) -#define D_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1062 (uint32*) -#define S_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1060 (uint32*) -#define S_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1061 (uint32*) - -#define QUIC_SNI(F) F(8057, 890, -1, nullptr) -#define QUIC_USER_AGENT(F) F(8057, 891, -1, nullptr) -#define QUIC_VERSION(F) F(8057, 892, 4, nullptr) -#define QUIC_CLIENT_VERSION(F) F(8057, 893, 4, nullptr) -#define QUIC_TOKEN_LENGTH(F) F(8057, 894, 8, nullptr) -#define QUIC_OCCID(F) F(8057, 895, -1, nullptr) -#define QUIC_OSCID(F) F(8057, 896, -1, nullptr) -#define QUIC_SCID(F) F(8057, 897, -1, nullptr) -#define QUIC_RETRY_SCID(F) F(8057, 898, -1, nullptr) -#define QUIC_MULTIPLEXED(F) F(8057, 899, 1, nullptr) -#define QUIC_ZERO_RTT(F) F(8057, 889, 1, nullptr) -#define QUIC_SERVER_PORT(F) F(8057, 887, 2, nullptr) -#define QUIC_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id888 (uint16*) -#define QUIC_CH_PARSED(F) F(8057, 886, 1, nullptr) -#define QUIC_TLS_EXT_TYPE(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id885 (uint16*) -#define QUIC_TLS_EXT_LEN(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id884 (uint16*) -#define QUIC_TLS_EXT(F) F(8057, 883, -1, nullptr) - - -#define OSQUERY_PROGRAM_NAME(F) F(8057, 852, -1, nullptr) -#define OSQUERY_USERNAME(F) F(8057, 853, -1, nullptr) -#define OSQUERY_OS_NAME(F) F(8057, 854, -1, nullptr) -#define OSQUERY_OS_MAJOR(F) F(8057, 855, 2, nullptr) -#define OSQUERY_OS_MINOR(F) F(8057, 856, 2, nullptr) -#define OSQUERY_OS_BUILD(F) F(8057, 857, -1, nullptr) -#define OSQUERY_OS_PLATFORM(F) F(8057, 858, -1, nullptr) -#define OSQUERY_OS_PLATFORM_LIKE(F) F(8057, 859, -1, nullptr) -#define OSQUERY_OS_ARCH(F) F(8057, 860, -1, nullptr) -#define OSQUERY_KERNEL_VERSION(F) F(8057, 861, -1, nullptr) -#define OSQUERY_SYSTEM_HOSTNAME(F) F(8057, 862, -1, nullptr) - -#ifdef WITH_FLEXPROBE -#define FX_FRAME_SIGNATURE(F) F(5715, 1010, 18, nullptr) -#define FX_INPUT_INTERFACE(F) F(5715, 1015, 1, nullptr) -#define FX_TCP_TRACKING(F) F(5715, 1020, 1, nullptr) -#endif - -#define WG_CONF_LEVEL(F) F(8057, 1100, 1, nullptr) -#define WG_SRC_PEER(F) F(8057, 1101, 4, nullptr) -#define WG_DST_PEER(F) F(8057, 1102, 4, nullptr) - -#define NTS_MEAN(F) F(8057, 1020, 4, nullptr) -#define NTS_MIN(F) F(8057, 1021, 2, nullptr) -#define NTS_MAX(F) F(8057, 1022, 2, nullptr) -#define NTS_STDEV(F) F(8057, 1023, 4, nullptr) -#define NTS_KURTOSIS(F) F(8057, 1024, 4, nullptr) -#define NTS_ROOT_MEAN_SQUARE(F) F(8057, 1025, 4, nullptr) -#define NTS_AVERAGE_DISPERSION(F) F(8057, 1026, 4, nullptr) -#define NTS_MEAN_SCALED_TIME(F) F(8057, 1027, 4, nullptr) -#define NTS_MEAN_DIFFTIMES(F) F(8057, 1028, 4, nullptr) -#define NTS_MIN_DIFFTIMES(F) F(8057, 1029, 4, nullptr) -#define NTS_MAX_DIFFTIMES(F) F(8057, 1030, 4, nullptr) -#define NTS_TIME_DISTRIBUTION(F) F(8057, 1031, 4, nullptr) -#define NTS_SWITCHING_RATIO(F) F(8057, 1032, 4, nullptr) - -#define MQTT_TYPE_CUMULATIVE(F) F(8057, 1033, 2, nullptr) -#define MQTT_VERSION(F) F(8057, 1034, 1, nullptr) -#define MQTT_CONNECTION_FLAGS(F) F(8057, 1035, 1, nullptr) -#define MQTT_KEEP_ALIVE(F) F(8057, 1036, 2, nullptr) -#define MQTT_LAST_RETURN_CODE(F) F(8057, 1037, 1, nullptr) -#define MQTT_PUBLISH_FLAGS(F) F(8057, 1038, 1, nullptr) -#define MQTT_TOPICS(F) F(8057, 1039, -1, nullptr) - -#define MPLS_TOP_LABEL_STACK_SECTION F(0, 70, -1, nullptr) - +#define BYTES(F) F(0, 1, 8, &flow.src_bytes) +#define BYTES_REV(F) F(29305, 1, 8, &flow.dst_bytes) +#define PACKETS(F) F(0, 2, 8, (temp = (uint64_t) flow.src_packets, &temp)) +#define PACKETS_REV(F) F(29305, 2, 8, (temp = (uint64_t) flow.dst_packets, &temp)) +#define FLOW_START_MSEC(F) \ + F(0, \ + 152, \ + 8, \ + (temp = ((uint64_t) flow.time_first.tv_sec) * 1000 + (flow.time_first.tv_usec / 1000), \ + &temp)) +#define FLOW_END_MSEC(F) \ + F(0, \ + 153, \ + 8, \ + (temp = ((uint64_t) flow.time_last.tv_sec) * 1000 + (flow.time_last.tv_usec / 1000), &temp)) +#define FLOW_START_USEC(F) F(0, 154, 8, (temp = MK_NTP_TS(flow.time_first), &temp)) +#define FLOW_END_USEC(F) F(0, 155, 8, (temp = MK_NTP_TS(flow.time_last), &temp)) +#define OBSERVATION_MSEC(F) F(0, 323, 8, nullptr) +#define INPUT_INTERFACE(F) F(0, 10, 4, &this->dir_bit_field) +#define OUTPUT_INTERFACE(F) F(0, 14, 2, nullptr) +#define FLOW_END_REASON(F) F(0, 136, 1, &flow.end_reason) +#define FLOW_ID(F) F(0, 148, 8, &flow.flow_hash) + +#define ETHERTYPE(F) F(0, 256, 2, nullptr) + +#define VLAN_ID(F) F(0, 58, 2, nullptr) + +#define L2_SRC_MAC(F) F(0, 56, 6, flow.src_mac) +#define L2_DST_MAC(F) F(0, 80, 6, flow.dst_mac) + +#define L3_PROTO(F) F(0, 60, 1, &flow.ip_version) +#define L3_IPV4_ADDR_SRC(F) F(0, 8, 4, &flow.src_ip.v4) +#define L3_IPV4_ADDR_DST(F) F(0, 12, 4, &flow.dst_ip.v4) +#define L3_IPV4_TOS(F) F(0, 5, 1, nullptr) +#define L3_IPV6_ADDR_SRC(F) F(0, 27, 16, &flow.src_ip.v6) +#define L3_IPV6_ADDR_DST(F) F(0, 28, 16, &flow.dst_ip.v6) +#define L3_IPV4_IDENTIFICATION(F) F(0, 54, 2, nullptr) +#define L3_IPV4_FRAGMENT(F) F(0, 88, 2, nullptr) +#define L3_IPV4_TTL(F) F(0, 192, 1, nullptr) +#define L3_IPV6_TTL(F) F(0, 192, 1, nullptr) +#define L3_TTL(F) F(0, 192, 1, nullptr) +#define L3_TTL_REV(F) F(29305, 192, 1, nullptr) +#define L3_FLAGS(F) F(0, 197, 1, nullptr) +#define L3_FLAGS_REV(F) F(29305, 197, 1, nullptr) + +#define L4_PROTO(F) F(0, 4, 1, &flow.ip_proto) +#define L4_TCP_FLAGS(F) F(0, 6, 1, &flow.src_tcp_flags) +#define L4_TCP_FLAGS_REV(F) F(29305, 6, 1, &flow.dst_tcp_flags) +#define L4_PORT_SRC(F) F(0, 7, 2, &flow.src_port) +#define L4_PORT_DST(F) F(0, 11, 2, &flow.dst_port) +#define L4_ICMP_TYPE_CODE(F) F(0, 32, 2, nullptr) +#define L4_TCP_WIN(F) F(0, 186, 2, nullptr) +#define L4_TCP_WIN_REV(F) F(29305, 186, 2, nullptr) +#define L4_TCP_OPTIONS(F) F(0, 209, 8, nullptr) +#define L4_TCP_OPTIONS_REV(F) F(29305, 209, 8, nullptr) + +#define L4_TCP_MSS(F) F(8057, 900, 4, nullptr) +#define L4_TCP_MSS_REV(F) F(8057, 901, 4, nullptr) +#define L4_TCP_SYN_SIZE(F) F(8057, 902, 2, nullptr) + +#define HTTP_DOMAIN(F) F(39499, 1, -1, nullptr) +#define HTTP_REFERER(F) F(39499, 3, -1, nullptr) +#define HTTP_URI(F) F(39499, 2, -1, nullptr) +#define HTTP_CONTENT_TYPE(F) F(39499, 10, -1, nullptr) +#define HTTP_STATUS(F) F(39499, 12, 2, nullptr) +#define HTTP_USERAGENT(F) F(39499, 20, -1, nullptr) +#define HTTP_METHOD(F) F(8057, 200, -1, nullptr) +#define HTTP_SERVER(F) F(8057, 201, -1, nullptr) +#define HTTP_SET_COOKIE_NAMES(F) F(8057, 202, -1, nullptr) + +#define RTSP_METHOD(F) F(16982, 600, -1, nullptr) +#define RTSP_USERAGENT(F) F(16982, 601, -1, nullptr) +#define RTSP_URI(F) F(16982, 602, -1, nullptr) +#define RTSP_STATUS(F) F(16982, 603, 2, nullptr) +#define RTSP_CONTENT_TYPE(F) F(16982, 604, -1, nullptr) +#define RTSP_SERVER(F) F(16982, 605, -1, nullptr) + +#define DNS_RCODE(F) F(8057, 1, 1, nullptr) +#define DNS_NAME(F) F(8057, 2, -1, nullptr) +#define DNS_QTYPE(F) F(8057, 3, 2, nullptr) +#define DNS_CLASS(F) F(8057, 4, 2, nullptr) +#define DNS_RR_TTL(F) F(8057, 5, 4, nullptr) +#define DNS_RLENGTH(F) F(8057, 6, 2, nullptr) +#define DNS_RDATA(F) F(8057, 7, -1, nullptr) +#define DNS_PSIZE(F) F(8057, 8, 2, nullptr) +#define DNS_DO(F) F(8057, 9, 1, nullptr) +#define DNS_ID(F) F(8057, 10, 2, nullptr) +#define DNS_ATYPE(F) F(8057, 11, 2, nullptr) +#define DNS_ANSWERS(F) F(8057, 14, 2, nullptr) + +#define SIP_MSG_TYPE(F) F(8057, 100, 2, nullptr) +#define SIP_STATUS_CODE(F) F(8057, 101, 2, nullptr) +#define SIP_CALL_ID(F) F(8057, 102, -1, nullptr) +#define SIP_CALLING_PARTY(F) F(8057, 103, -1, nullptr) +#define SIP_CALLED_PARTY(F) F(8057, 104, -1, nullptr) +#define SIP_VIA(F) F(8057, 105, -1, nullptr) +#define SIP_USER_AGENT(F) F(8057, 106, -1, nullptr) +#define SIP_REQUEST_URI(F) F(8057, 107, -1, nullptr) +#define SIP_CSEQ(F) F(8057, 108, -1, nullptr) + +#define NTP_LEAP(F) F(8057, 18, 1, nullptr) +#define NTP_VERSION(F) F(8057, 19, 1, nullptr) +#define NTP_MODE(F) F(8057, 20, 1, nullptr) +#define NTP_STRATUM(F) F(8057, 21, 1, nullptr) +#define NTP_POLL(F) F(8057, 22, 1, nullptr) +#define NTP_PRECISION(F) F(8057, 23, 1, nullptr) +#define NTP_DELAY(F) F(8057, 24, 4, nullptr) +#define NTP_DISPERSION(F) F(8057, 25, 4, nullptr) +#define NTP_REF_ID(F) F(8057, 26, -1, nullptr) +#define NTP_REF(F) F(8057, 27, -1, nullptr) +#define NTP_ORIG(F) F(8057, 28, -1, nullptr) +#define NTP_RECV(F) F(8057, 29, -1, nullptr) +#define NTP_SENT(F) F(8057, 30, -1, nullptr) + +#define ARP_HA_FORMAT(F) F(8057, 31, 2, nullptr) +#define ARP_PA_FORMAT(F) F(8057, 32, 2, nullptr) +#define ARP_OPCODE(F) F(8057, 33, 2, nullptr) +#define ARP_SRC_HA(F) F(8057, 34, -1, nullptr) +#define ARP_SRC_PA(F) F(8057, 35, -1, nullptr) +#define ARP_DST_HA(F) F(8057, 36, -1, nullptr) +#define ARP_DST_PA(F) F(8057, 37, -1, nullptr) + +#define TLS_SNI(F) F(8057, 808, -1, nullptr) +#define TLS_VERSION(F) F(39499, 333, 2, nullptr) +#define TLS_ALPN(F) F(39499, 337, -1, nullptr) +#define TLS_JA3(F) F(39499, 357, -1, nullptr) +#define TLS_JA4(F) F(39499, 358, -1, nullptr) +#define TLS_EXT_TYPE(F) F(0, 291, -1, nullptr) +#define TLS_EXT_LEN(F) F(0, 291, -1, nullptr) + +#define SMTP_COMMANDS(F) F(8057, 810, 4, nullptr) +#define SMTP_MAIL_COUNT(F) F(8057, 811, 4, nullptr) +#define SMTP_RCPT_COUNT(F) F(8057, 812, 4, nullptr) +#define SMTP_SENDER(F) F(8057, 813, -1, nullptr) +#define SMTP_RECIPIENT(F) F(8057, 814, -1, nullptr) +#define SMTP_STATUS_CODES(F) F(8057, 815, 4, nullptr) +#define SMTP_CODE_2XX_COUNT(F) F(8057, 816, 4, nullptr) +#define SMTP_CODE_3XX_COUNT(F) F(8057, 817, 4, nullptr) +#define SMTP_CODE_4XX_COUNT(F) F(8057, 818, 4, nullptr) +#define SMTP_CODE_5XX_COUNT(F) F(8057, 819, 4, nullptr) +#define SMTP_DOMAIN(F) F(8057, 820, -1, nullptr) + +#define SSDP_LOCATION_PORT(F) F(8057, 821, 2, nullptr) +#define SSDP_SERVER(F) F(8057, 822, -1, nullptr) +#define SSDP_USER_AGENT(F) F(8057, 823, -1, nullptr) +#define SSDP_NT(F) F(8057, 824, -1, nullptr) +#define SSDP_ST(F) F(8057, 825, -1, nullptr) + +#define DNSSD_QUERIES(F) F(8057, 826, -1, nullptr) +#define DNSSD_RESPONSES(F) F(8057, 827, -1, nullptr) + +#define OVPN_CONF_LEVEL(F) F(8057, 828, 1, nullptr) +#define SSA_CONF_LEVEL(F) F(8057, 903, 1, nullptr) + +#define NB_NAME(F) F(8057, 831, -1, nullptr) +#define NB_SUFFIX(F) F(8057, 832, 1, nullptr) + +#define IDP_CONTENT(F) F(8057, 850, -1, nullptr) +#define IDP_CONTENT_REV(F) F(8057, 851, -1, nullptr) + +#define STATS_PCKT_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1013 (uint16*) +#define STATS_PCKT_TIMESTAMPS(F) \ + F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1014 (time*) +#define STATS_PCKT_TCPFLGS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1015 (uint8*) +#define STATS_PCKT_DIRECTIONS(F) \ + F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1016 (int8*) + +#define SBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1050 (uint16*) +#define SBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1051 (uint16*) +#define SBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1052 (time*) +#define SBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1053 (time*) +#define DBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1054 (uint16*) +#define DBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1055 (uint16*) +#define DBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1056 (time*) +#define DBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1057 (time*) + +#define D_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1063 (uint32*) +#define D_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1062 (uint32*) +#define S_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1060 (uint32*) +#define S_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1061 (uint32*) + +#define QUIC_SNI(F) F(8057, 890, -1, nullptr) +#define QUIC_USER_AGENT(F) F(8057, 891, -1, nullptr) +#define QUIC_VERSION(F) F(8057, 892, 4, nullptr) +#define QUIC_CLIENT_VERSION(F) F(8057, 893, 4, nullptr) +#define QUIC_TOKEN_LENGTH(F) F(8057, 894, 8, nullptr) +#define QUIC_OCCID(F) F(8057, 895, -1, nullptr) +#define QUIC_OSCID(F) F(8057, 896, -1, nullptr) +#define QUIC_SCID(F) F(8057, 897, -1, nullptr) +#define QUIC_RETRY_SCID(F) F(8057, 898, -1, nullptr) +#define QUIC_MULTIPLEXED(F) F(8057, 899, 1, nullptr) +#define QUIC_ZERO_RTT(F) F(8057, 889, 1, nullptr) +#define QUIC_SERVER_PORT(F) F(8057, 887, 2, nullptr) +#define QUIC_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id888 (uint16*) +#define QUIC_CH_PARSED(F) F(8057, 886, 1, nullptr) +#define QUIC_TLS_EXT_TYPE(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id885 (uint16*) +#define QUIC_TLS_EXT_LEN(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id884 (uint16*) +#define QUIC_TLS_EXT(F) F(8057, 883, -1, nullptr) + +#define OSQUERY_PROGRAM_NAME(F) F(8057, 852, -1, nullptr) +#define OSQUERY_USERNAME(F) F(8057, 853, -1, nullptr) +#define OSQUERY_OS_NAME(F) F(8057, 854, -1, nullptr) +#define OSQUERY_OS_MAJOR(F) F(8057, 855, 2, nullptr) +#define OSQUERY_OS_MINOR(F) F(8057, 856, 2, nullptr) +#define OSQUERY_OS_BUILD(F) F(8057, 857, -1, nullptr) +#define OSQUERY_OS_PLATFORM(F) F(8057, 858, -1, nullptr) +#define OSQUERY_OS_PLATFORM_LIKE(F) F(8057, 859, -1, nullptr) +#define OSQUERY_OS_ARCH(F) F(8057, 860, -1, nullptr) +#define OSQUERY_KERNEL_VERSION(F) F(8057, 861, -1, nullptr) +#define OSQUERY_SYSTEM_HOSTNAME(F) F(8057, 862, -1, nullptr) + +#define WG_CONF_LEVEL(F) F(8057, 1100, 1, nullptr) +#define WG_SRC_PEER(F) F(8057, 1101, 4, nullptr) +#define WG_DST_PEER(F) F(8057, 1102, 4, nullptr) + +#define NTS_MEAN(F) F(8057, 1020, 4, nullptr) +#define NTS_MIN(F) F(8057, 1021, 2, nullptr) +#define NTS_MAX(F) F(8057, 1022, 2, nullptr) +#define NTS_STDEV(F) F(8057, 1023, 4, nullptr) +#define NTS_KURTOSIS(F) F(8057, 1024, 4, nullptr) +#define NTS_ROOT_MEAN_SQUARE(F) F(8057, 1025, 4, nullptr) +#define NTS_AVERAGE_DISPERSION(F) F(8057, 1026, 4, nullptr) +#define NTS_MEAN_SCALED_TIME(F) F(8057, 1027, 4, nullptr) +#define NTS_MEAN_DIFFTIMES(F) F(8057, 1028, 4, nullptr) +#define NTS_MIN_DIFFTIMES(F) F(8057, 1029, 4, nullptr) +#define NTS_MAX_DIFFTIMES(F) F(8057, 1030, 4, nullptr) +#define NTS_TIME_DISTRIBUTION(F) F(8057, 1031, 4, nullptr) +#define NTS_SWITCHING_RATIO(F) F(8057, 1032, 4, nullptr) + +#define MQTT_TYPE_CUMULATIVE(F) F(8057, 1033, 2, nullptr) +#define MQTT_VERSION(F) F(8057, 1034, 1, nullptr) +#define MQTT_CONNECTION_FLAGS(F) F(8057, 1035, 1, nullptr) +#define MQTT_KEEP_ALIVE(F) F(8057, 1036, 2, nullptr) +#define MQTT_LAST_RETURN_CODE(F) F(8057, 1037, 1, nullptr) +#define MQTT_PUBLISH_FLAGS(F) F(8057, 1038, 1, nullptr) +#define MQTT_TOPICS(F) F(8057, 1039, -1, nullptr) + +#define MPLS_TOP_LABEL_STACK_SECTION F(0, 70, -1, nullptr) /** * IPFIX Templates - list of elements @@ -317,288 +318,270 @@ namespace ipxp { */ #ifdef IPXP_TS_MSEC -#define FLOW_START FLOW_START_MSEC -#define FLOW_END FLOW_END_MSEC +#define FLOW_START FLOW_START_MSEC +#define FLOW_END FLOW_END_MSEC #else -#define FLOW_START FLOW_START_USEC -#define FLOW_END FLOW_END_USEC +#define FLOW_START FLOW_START_USEC +#define FLOW_END FLOW_END_USEC #endif - -#define BASIC_TMPLT_V4(F) \ - F(FLOW_END_REASON) \ - F(BYTES) \ - F(BYTES_REV) \ - F(PACKETS) \ - F(PACKETS_REV) \ - F(FLOW_START) \ - F(FLOW_END) \ - F(L3_PROTO) \ - F(L4_PROTO) \ - F(L4_TCP_FLAGS) \ - F(L4_TCP_FLAGS_REV) \ - F(L4_PORT_SRC) \ - F(L4_PORT_DST) \ - F(INPUT_INTERFACE) \ - F(L3_IPV4_ADDR_SRC) \ - F(L3_IPV4_ADDR_DST) \ - F(L2_SRC_MAC) \ - F(L2_DST_MAC) - -#define BASIC_TMPLT_V6(F) \ - F(FLOW_END_REASON) \ - F(BYTES) \ - F(BYTES_REV) \ - F(PACKETS) \ - F(PACKETS_REV) \ - F(FLOW_START) \ - F(FLOW_END) \ - F(L3_PROTO) \ - F(L4_PROTO) \ - F(L4_TCP_FLAGS) \ - F(L4_TCP_FLAGS_REV) \ - F(L4_PORT_SRC) \ - F(L4_PORT_DST) \ - F(INPUT_INTERFACE) \ - F(L3_IPV6_ADDR_SRC) \ - F(L3_IPV6_ADDR_DST) \ - F(L2_SRC_MAC) \ - F(L2_DST_MAC) - -#define IPFIX_HTTP_TEMPLATE(F) \ - F(HTTP_USERAGENT) \ - F(HTTP_METHOD) \ - F(HTTP_DOMAIN) \ - F(HTTP_REFERER) \ - F(HTTP_URI) \ - F(HTTP_CONTENT_TYPE) \ - F(HTTP_SERVER) \ - F(HTTP_SET_COOKIE_NAMES) \ - F(HTTP_STATUS) - -#define IPFIX_RTSP_TEMPLATE(F) \ - F(RTSP_METHOD) \ - F(RTSP_USERAGENT) \ - F(RTSP_URI) \ - F(RTSP_STATUS)\ - F(RTSP_SERVER) \ - F(RTSP_CONTENT_TYPE) - -#define IPFIX_TLS_TEMPLATE(F) \ - F(TLS_VERSION) \ - F(TLS_SNI) \ - F(TLS_ALPN) \ - F(TLS_JA3) \ - F(TLS_JA4) \ - F(TLS_EXT_TYPE) \ - F(TLS_EXT_LEN) - -#define IPFIX_NTP_TEMPLATE(F) \ - F(NTP_LEAP) \ - F(NTP_VERSION) \ - F(NTP_MODE) \ - F(NTP_STRATUM) \ - F(NTP_POLL) \ - F(NTP_PRECISION) \ - F(NTP_DELAY) \ - F(NTP_DISPERSION) \ - F(NTP_REF_ID) \ - F(NTP_REF) \ - F(NTP_ORIG) \ - F(NTP_RECV) \ - F(NTP_SENT) - -#define IPFIX_DNS_TEMPLATE(F) \ - F(DNS_ANSWERS) \ - F(DNS_RCODE) \ - F(DNS_QTYPE) \ - F(DNS_CLASS) \ - F(DNS_RR_TTL) \ - F(DNS_RLENGTH) \ - F(DNS_PSIZE) \ - F(DNS_DO) \ - F(DNS_ID) \ - F(DNS_NAME) \ - F(DNS_RDATA) - -#define IPFIX_PASSIVEDNS_TEMPLATE(F) \ - F(DNS_ID) \ - F(DNS_RR_TTL) \ - F(DNS_ATYPE) \ - F(DNS_RDATA) \ - F(DNS_NAME) - -#define IPFIX_SMTP_TEMPLATE(F) \ - F(SMTP_COMMANDS) \ - F(SMTP_MAIL_COUNT) \ - F(SMTP_RCPT_COUNT) \ - F(SMTP_STATUS_CODES) \ - F(SMTP_CODE_2XX_COUNT) \ - F(SMTP_CODE_3XX_COUNT) \ - F(SMTP_CODE_4XX_COUNT) \ - F(SMTP_CODE_5XX_COUNT) \ - F(SMTP_DOMAIN) \ - F(SMTP_SENDER) \ - F(SMTP_RECIPIENT) - -#define IPFIX_SIP_TEMPLATE(F) \ - F(SIP_MSG_TYPE) \ - F(SIP_STATUS_CODE) \ - F(SIP_CSEQ) \ - F(SIP_CALLING_PARTY) \ - F(SIP_CALLED_PARTY) \ - F(SIP_CALL_ID) \ - F(SIP_USER_AGENT) \ - F(SIP_REQUEST_URI) \ - F(SIP_VIA) - -#define IPFIX_MQTT_TEMPLATE(F) \ - F(MQTT_TYPE_CUMULATIVE) \ - F(MQTT_VERSION) \ - F(MQTT_CONNECTION_FLAGS) \ - F(MQTT_KEEP_ALIVE) \ - F(MQTT_LAST_RETURN_CODE) \ - F(MQTT_PUBLISH_FLAGS) \ - F(MQTT_TOPICS) - -#define IPFIX_PSTATS_TEMPLATE(F) \ - F(STATS_PCKT_SIZES) \ - F(STATS_PCKT_TIMESTAMPS) \ - F(STATS_PCKT_TCPFLGS) \ - F(STATS_PCKT_DIRECTIONS) - -#define IPFIX_OVPN_TEMPLATE(F) \ - F(OVPN_CONF_LEVEL) - -#define IPFIX_SSADETECTOR_TEMPLATE(F) \ - F(SSA_CONF_LEVEL) - -#define IPFIX_SSDP_TEMPLATE(F) \ - F(SSDP_LOCATION_PORT) \ - F(SSDP_NT) \ - F(SSDP_USER_AGENT)\ - F(SSDP_ST) \ - F(SSDP_SERVER) - -#define IPFIX_DNSSD_TEMPLATE(F) \ - F(DNSSD_QUERIES) \ - F(DNSSD_RESPONSES) - -#define IPFIX_IDPCONTENT_TEMPLATE(F) \ - F(IDP_CONTENT) \ - F(IDP_CONTENT_REV) - -#define IPFIX_BSTATS_TEMPLATE(F) \ - F(SBI_BRST_PACKETS) \ - F(SBI_BRST_BYTES) \ - F(SBI_BRST_TIME_START) \ - F(SBI_BRST_TIME_STOP) \ - F(DBI_BRST_PACKETS) \ - F(DBI_BRST_BYTES) \ - F(DBI_BRST_TIME_START) \ - F(DBI_BRST_TIME_STOP) - -#define IPFIX_NETBIOS_TEMPLATE(F) \ - F(NB_SUFFIX) \ - F(NB_NAME) - -#define IPFIX_NETBIOS_TEMPLATE(F) \ - F(NB_SUFFIX) \ - F(NB_NAME) - -#define IPFIX_BASICPLUS_TEMPLATE(F) \ - F(L3_TTL) \ - F(L3_TTL_REV) \ - F(L3_FLAGS) \ - F(L3_FLAGS_REV) \ - F(L4_TCP_WIN) \ - F(L4_TCP_WIN_REV) \ - F(L4_TCP_OPTIONS) \ - F(L4_TCP_OPTIONS_REV) \ - F(L4_TCP_MSS) \ - F(L4_TCP_MSS_REV) \ - F(L4_TCP_SYN_SIZE) - -#define IPFIX_PHISTS_TEMPLATE(F) \ - F(S_PHISTS_SIZES) \ - F(S_PHISTS_IPT) \ - F(D_PHISTS_SIZES) \ - F(D_PHISTS_IPT) - -#define IPFIX_WG_TEMPLATE(F) \ - F(WG_CONF_LEVEL) \ - F(WG_SRC_PEER) \ - F(WG_DST_PEER) - -#define IPFIX_QUIC_TEMPLATE(F) \ - F(QUIC_SNI) \ - F(QUIC_USER_AGENT) \ - F(QUIC_VERSION) \ - F(QUIC_CLIENT_VERSION) \ - F(QUIC_TOKEN_LENGTH) \ - F(QUIC_OCCID) \ - F(QUIC_OSCID) \ - F(QUIC_SCID) \ - F(QUIC_RETRY_SCID) \ - F(QUIC_MULTIPLEXED) \ - F(QUIC_ZERO_RTT) \ - F(QUIC_SERVER_PORT) \ - F(QUIC_PACKETS) \ - F(QUIC_CH_PARSED) \ - F(QUIC_TLS_EXT_TYPE) \ - F(QUIC_TLS_EXT_LEN) \ - F(QUIC_TLS_EXT) - -#define IPFIX_OSQUERY_TEMPLATE(F) \ - F(OSQUERY_PROGRAM_NAME) \ - F(OSQUERY_USERNAME) \ - F(OSQUERY_OS_NAME) \ - F(OSQUERY_OS_MAJOR) \ - F(OSQUERY_OS_MINOR) \ - F(OSQUERY_OS_BUILD) \ - F(OSQUERY_OS_PLATFORM) \ - F(OSQUERY_OS_PLATFORM_LIKE) \ - F(OSQUERY_OS_ARCH) \ - F(OSQUERY_KERNEL_VERSION) \ - F(OSQUERY_SYSTEM_HOSTNAME) - -#define IPFIX_ICMP_TEMPLATE(F) \ - F(L4_ICMP_TYPE_CODE) - -#define IPFIX_VLAN_TEMPLATE(F) \ - F(VLAN_ID) - -#define IPFIX_NETTISA_TEMPLATE(F) \ - F(NTS_MEAN) \ - F(NTS_MIN) \ - F(NTS_MAX) \ - F(NTS_STDEV) \ - F(NTS_KURTOSIS) \ - F(NTS_ROOT_MEAN_SQUARE) \ - F(NTS_AVERAGE_DISPERSION) \ - F(NTS_MEAN_SCALED_TIME) \ - F(NTS_MEAN_DIFFTIMES) \ - F(NTS_MIN_DIFFTIMES) \ - F(NTS_MAX_DIFFTIMES) \ - F(NTS_TIME_DISTRIBUTION) \ - F(NTS_SWITCHING_RATIO) - - -#define IPFIX_FLOW_HASH_TEMPLATE(F) \ - F(FLOW_ID) - -#define IPFIX_MPLS_TEMPLATE(F) \ - F(MPLS_TOP_LABEL_STACK_SECTION) - -#ifdef WITH_FLEXPROBE -#define IPFIX_FLEXPROBE_DATA_TEMPLATE(F) F(FX_FRAME_SIGNATURE) F(FX_INPUT_INTERFACE) -#define IPFIX_FLEXPROBE_TCP_TEMPLATE(F) F(FX_TCP_TRACKING) -#define IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) -#else -#define IPFIX_FLEXPROBE_DATA_TEMPLATE(F) -#define IPFIX_FLEXPROBE_TCP_TEMPLATE(F) -#define IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) -#endif +#define BASIC_TMPLT_V4(F) \ + F(FLOW_END_REASON) \ + F(BYTES) \ + F(BYTES_REV) \ + F(PACKETS) \ + F(PACKETS_REV) \ + F(FLOW_START) \ + F(FLOW_END) \ + F(L3_PROTO) \ + F(L4_PROTO) \ + F(L4_TCP_FLAGS) \ + F(L4_TCP_FLAGS_REV) \ + F(L4_PORT_SRC) \ + F(L4_PORT_DST) \ + F(INPUT_INTERFACE) \ + F(L3_IPV4_ADDR_SRC) \ + F(L3_IPV4_ADDR_DST) \ + F(L2_SRC_MAC) \ + F(L2_DST_MAC) + +#define BASIC_TMPLT_V6(F) \ + F(FLOW_END_REASON) \ + F(BYTES) \ + F(BYTES_REV) \ + F(PACKETS) \ + F(PACKETS_REV) \ + F(FLOW_START) \ + F(FLOW_END) \ + F(L3_PROTO) \ + F(L4_PROTO) \ + F(L4_TCP_FLAGS) \ + F(L4_TCP_FLAGS_REV) \ + F(L4_PORT_SRC) \ + F(L4_PORT_DST) \ + F(INPUT_INTERFACE) \ + F(L3_IPV6_ADDR_SRC) \ + F(L3_IPV6_ADDR_DST) \ + F(L2_SRC_MAC) \ + F(L2_DST_MAC) + +#define IPFIX_HTTP_TEMPLATE(F) \ + F(HTTP_USERAGENT) \ + F(HTTP_METHOD) \ + F(HTTP_DOMAIN) \ + F(HTTP_REFERER) \ + F(HTTP_URI) \ + F(HTTP_CONTENT_TYPE) \ + F(HTTP_SERVER) \ + F(HTTP_SET_COOKIE_NAMES) \ + F(HTTP_STATUS) + +#define IPFIX_RTSP_TEMPLATE(F) \ + F(RTSP_METHOD) \ + F(RTSP_USERAGENT) \ + F(RTSP_URI) \ + F(RTSP_STATUS) \ + F(RTSP_SERVER) \ + F(RTSP_CONTENT_TYPE) + +#define IPFIX_TLS_TEMPLATE(F) \ + F(TLS_VERSION) \ + F(TLS_SNI) \ + F(TLS_ALPN) \ + F(TLS_JA3) \ + F(TLS_JA4) \ + F(TLS_EXT_TYPE) \ + F(TLS_EXT_LEN) + +#define IPFIX_NTP_TEMPLATE(F) \ + F(NTP_LEAP) \ + F(NTP_VERSION) \ + F(NTP_MODE) \ + F(NTP_STRATUM) \ + F(NTP_POLL) \ + F(NTP_PRECISION) \ + F(NTP_DELAY) \ + F(NTP_DISPERSION) \ + F(NTP_REF_ID) \ + F(NTP_REF) \ + F(NTP_ORIG) \ + F(NTP_RECV) \ + F(NTP_SENT) + +#define IPFIX_DNS_TEMPLATE(F) \ + F(DNS_ANSWERS) \ + F(DNS_RCODE) \ + F(DNS_QTYPE) \ + F(DNS_CLASS) \ + F(DNS_RR_TTL) \ + F(DNS_RLENGTH) \ + F(DNS_PSIZE) \ + F(DNS_DO) \ + F(DNS_ID) \ + F(DNS_NAME) \ + F(DNS_RDATA) + +#define IPFIX_PASSIVEDNS_TEMPLATE(F) \ + F(DNS_ID) \ + F(DNS_RR_TTL) \ + F(DNS_ATYPE) \ + F(DNS_RDATA) \ + F(DNS_NAME) + +#define IPFIX_SMTP_TEMPLATE(F) \ + F(SMTP_COMMANDS) \ + F(SMTP_MAIL_COUNT) \ + F(SMTP_RCPT_COUNT) \ + F(SMTP_STATUS_CODES) \ + F(SMTP_CODE_2XX_COUNT) \ + F(SMTP_CODE_3XX_COUNT) \ + F(SMTP_CODE_4XX_COUNT) \ + F(SMTP_CODE_5XX_COUNT) \ + F(SMTP_DOMAIN) \ + F(SMTP_SENDER) \ + F(SMTP_RECIPIENT) + +#define IPFIX_SIP_TEMPLATE(F) \ + F(SIP_MSG_TYPE) \ + F(SIP_STATUS_CODE) \ + F(SIP_CSEQ) \ + F(SIP_CALLING_PARTY) \ + F(SIP_CALLED_PARTY) \ + F(SIP_CALL_ID) \ + F(SIP_USER_AGENT) \ + F(SIP_REQUEST_URI) \ + F(SIP_VIA) + +#define IPFIX_MQTT_TEMPLATE(F) \ + F(MQTT_TYPE_CUMULATIVE) \ + F(MQTT_VERSION) \ + F(MQTT_CONNECTION_FLAGS) \ + F(MQTT_KEEP_ALIVE) \ + F(MQTT_LAST_RETURN_CODE) \ + F(MQTT_PUBLISH_FLAGS) \ + F(MQTT_TOPICS) + +#define IPFIX_PSTATS_TEMPLATE(F) \ + F(STATS_PCKT_SIZES) \ + F(STATS_PCKT_TIMESTAMPS) \ + F(STATS_PCKT_TCPFLGS) \ + F(STATS_PCKT_DIRECTIONS) + +#define IPFIX_OVPN_TEMPLATE(F) F(OVPN_CONF_LEVEL) + +#define IPFIX_SSADETECTOR_TEMPLATE(F) F(SSA_CONF_LEVEL) + +#define IPFIX_SSDP_TEMPLATE(F) \ + F(SSDP_LOCATION_PORT) \ + F(SSDP_NT) \ + F(SSDP_USER_AGENT) \ + F(SSDP_ST) \ + F(SSDP_SERVER) + +#define IPFIX_DNSSD_TEMPLATE(F) \ + F(DNSSD_QUERIES) \ + F(DNSSD_RESPONSES) + +#define IPFIX_IDPCONTENT_TEMPLATE(F) \ + F(IDP_CONTENT) \ + F(IDP_CONTENT_REV) + +#define IPFIX_BSTATS_TEMPLATE(F) \ + F(SBI_BRST_PACKETS) \ + F(SBI_BRST_BYTES) \ + F(SBI_BRST_TIME_START) \ + F(SBI_BRST_TIME_STOP) \ + F(DBI_BRST_PACKETS) \ + F(DBI_BRST_BYTES) \ + F(DBI_BRST_TIME_START) \ + F(DBI_BRST_TIME_STOP) + +#define IPFIX_NETBIOS_TEMPLATE(F) \ + F(NB_SUFFIX) \ + F(NB_NAME) + +#define IPFIX_NETBIOS_TEMPLATE(F) \ + F(NB_SUFFIX) \ + F(NB_NAME) + +#define IPFIX_BASICPLUS_TEMPLATE(F) \ + F(L3_TTL) \ + F(L3_TTL_REV) \ + F(L3_FLAGS) \ + F(L3_FLAGS_REV) \ + F(L4_TCP_WIN) \ + F(L4_TCP_WIN_REV) \ + F(L4_TCP_OPTIONS) \ + F(L4_TCP_OPTIONS_REV) \ + F(L4_TCP_MSS) \ + F(L4_TCP_MSS_REV) \ + F(L4_TCP_SYN_SIZE) + +#define IPFIX_PHISTS_TEMPLATE(F) \ + F(S_PHISTS_SIZES) \ + F(S_PHISTS_IPT) \ + F(D_PHISTS_SIZES) \ + F(D_PHISTS_IPT) + +#define IPFIX_WG_TEMPLATE(F) \ + F(WG_CONF_LEVEL) \ + F(WG_SRC_PEER) \ + F(WG_DST_PEER) + +#define IPFIX_QUIC_TEMPLATE(F) \ + F(QUIC_SNI) \ + F(QUIC_USER_AGENT) \ + F(QUIC_VERSION) \ + F(QUIC_CLIENT_VERSION) \ + F(QUIC_TOKEN_LENGTH) \ + F(QUIC_OCCID) \ + F(QUIC_OSCID) \ + F(QUIC_SCID) \ + F(QUIC_RETRY_SCID) \ + F(QUIC_MULTIPLEXED) \ + F(QUIC_ZERO_RTT) \ + F(QUIC_SERVER_PORT) \ + F(QUIC_PACKETS) \ + F(QUIC_CH_PARSED) \ + F(QUIC_TLS_EXT_TYPE) \ + F(QUIC_TLS_EXT_LEN) \ + F(QUIC_TLS_EXT) + +#define IPFIX_OSQUERY_TEMPLATE(F) \ + F(OSQUERY_PROGRAM_NAME) \ + F(OSQUERY_USERNAME) \ + F(OSQUERY_OS_NAME) \ + F(OSQUERY_OS_MAJOR) \ + F(OSQUERY_OS_MINOR) \ + F(OSQUERY_OS_BUILD) \ + F(OSQUERY_OS_PLATFORM) \ + F(OSQUERY_OS_PLATFORM_LIKE) \ + F(OSQUERY_OS_ARCH) \ + F(OSQUERY_KERNEL_VERSION) \ + F(OSQUERY_SYSTEM_HOSTNAME) + +#define IPFIX_ICMP_TEMPLATE(F) F(L4_ICMP_TYPE_CODE) + +#define IPFIX_VLAN_TEMPLATE(F) F(VLAN_ID) + +#define IPFIX_NETTISA_TEMPLATE(F) \ + F(NTS_MEAN) \ + F(NTS_MIN) \ + F(NTS_MAX) \ + F(NTS_STDEV) \ + F(NTS_KURTOSIS) \ + F(NTS_ROOT_MEAN_SQUARE) \ + F(NTS_AVERAGE_DISPERSION) \ + F(NTS_MEAN_SCALED_TIME) \ + F(NTS_MEAN_DIFFTIMES) \ + F(NTS_MIN_DIFFTIMES) \ + F(NTS_MAX_DIFFTIMES) \ + F(NTS_TIME_DISTRIBUTION) \ + F(NTS_SWITCHING_RATIO) + +#define IPFIX_FLOW_HASH_TEMPLATE(F) F(FLOW_ID) + +#define IPFIX_MPLS_TEMPLATE(F) F(MPLS_TOP_LABEL_STACK_SECTION) /** * List of all known templated. @@ -606,37 +589,34 @@ namespace ipxp { * This macro is define in order to use all elements of all defined * templates at once. */ -#define IPFIX_ENABLED_TEMPLATES(F) \ - BASIC_TMPLT_V4(F) \ - BASIC_TMPLT_V6(F) \ - IPFIX_HTTP_TEMPLATE(F) \ - IPFIX_RTSP_TEMPLATE(F) \ - IPFIX_TLS_TEMPLATE(F) \ - IPFIX_NTP_TEMPLATE(F) \ - IPFIX_SIP_TEMPLATE(F) \ - IPFIX_DNS_TEMPLATE(F) \ - IPFIX_PASSIVEDNS_TEMPLATE(F) \ - IPFIX_PSTATS_TEMPLATE(F) \ - IPFIX_OVPN_TEMPLATE(F) \ - IPFIX_SMTP_TEMPLATE(F) \ - IPFIX_SSDP_TEMPLATE(F) \ - IPFIX_DNSSD_TEMPLATE(F) \ - IPFIX_IDPCONTENT_TEMPLATE(F) \ - IPFIX_NETBIOS_TEMPLATE(F) \ - IPFIX_BASICPLUS_TEMPLATE(F) \ - IPFIX_BSTATS_TEMPLATE(F) \ - IPFIX_PHISTS_TEMPLATE(F) \ - IPFIX_WG_TEMPLATE(F) \ - IPFIX_QUIC_TEMPLATE(F) \ - IPFIX_OSQUERY_TEMPLATE(F) \ - IPFIX_FLEXPROBE_DATA_TEMPLATE(F) \ - IPFIX_FLEXPROBE_TCP_TEMPLATE(F) \ - IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) \ - IPFIX_SSADETECTOR_TEMPLATE(F) \ - IPFIX_ICMP_TEMPLATE(F) \ - IPFIX_VLAN_TEMPLATE(F) \ - IPFIX_NETTISA_TEMPLATE(F) \ - IPFIX_FLOW_HASH_TEMPLATE(F) +#define IPFIX_ENABLED_TEMPLATES(F) \ + BASIC_TMPLT_V4(F) \ + BASIC_TMPLT_V6(F) \ + IPFIX_HTTP_TEMPLATE(F) \ + IPFIX_RTSP_TEMPLATE(F) \ + IPFIX_TLS_TEMPLATE(F) \ + IPFIX_NTP_TEMPLATE(F) \ + IPFIX_SIP_TEMPLATE(F) \ + IPFIX_DNS_TEMPLATE(F) \ + IPFIX_PASSIVEDNS_TEMPLATE(F) \ + IPFIX_PSTATS_TEMPLATE(F) \ + IPFIX_OVPN_TEMPLATE(F) \ + IPFIX_SMTP_TEMPLATE(F) \ + IPFIX_SSDP_TEMPLATE(F) \ + IPFIX_DNSSD_TEMPLATE(F) \ + IPFIX_IDPCONTENT_TEMPLATE(F) \ + IPFIX_NETBIOS_TEMPLATE(F) \ + IPFIX_BASICPLUS_TEMPLATE(F) \ + IPFIX_BSTATS_TEMPLATE(F) \ + IPFIX_PHISTS_TEMPLATE(F) \ + IPFIX_WG_TEMPLATE(F) \ + IPFIX_QUIC_TEMPLATE(F) \ + IPFIX_OSQUERY_TEMPLATE(F) \ + IPFIX_SSADETECTOR_TEMPLATE(F) \ + IPFIX_ICMP_TEMPLATE(F) \ + IPFIX_VLAN_TEMPLATE(F) \ + IPFIX_NETTISA_TEMPLATE(F) \ + IPFIX_FLOW_HASH_TEMPLATE(F) /** * Helper macro, convert FIELD into its name as a C literal. @@ -646,5 +626,5 @@ namespace ipxp { */ #define IPFIX_FIELD_NAMES(F) #F, -} +} // namespace ipxp #endif /* IPXP_IPFIX_ELEMENTS_HPP */ diff --git a/include/ipfixprobe/options.hpp b/include/ipfixprobe/options.hpp index 06223e1f9..e7c14e566 100644 --- a/include/ipfixprobe/options.hpp +++ b/include/ipfixprobe/options.hpp @@ -29,63 +29,67 @@ #ifndef IPXP_OPTIONS_HPP #define IPXP_OPTIONS_HPP -#include -#include +#include "api.hpp" + +#include #include +#include +#include #include #include -#include -#include +#include namespace ipxp { -class OptionsParser -{ +class IPXP_API OptionsParser { public: - static const char DELIM = ';'; - typedef std::function OptionParserFunc; - enum OptionFlags : uint32_t { - RequiredArgument = 1, - OptionalArgument = 2, - NoArgument = 4 - }; + static const char DELIM = ';'; + typedef std::function OptionParserFunc; + enum OptionFlags : uint32_t { RequiredArgument = 1, OptionalArgument = 2, NoArgument = 4 }; - OptionsParser(); - OptionsParser(const std::string &name, const std::string &info); - ~OptionsParser(); - OptionsParser(OptionsParser &p) = delete; - OptionsParser(OptionsParser &&p) = delete; - void operator=(OptionsParser &p) = delete; - void operator=(OptionsParser &&p) = delete; - void parse(const char *args) const; - void parse(int argc, const char **argv) const; - void usage(std::ostream &os, int indentation = 0, std::string mod_name = "") const; + OptionsParser(); + OptionsParser(const std::string& name, const std::string& info); + ~OptionsParser(); + OptionsParser(OptionsParser& p) = delete; + OptionsParser(OptionsParser&& p) = delete; + void operator=(OptionsParser& p) = delete; + void operator=(OptionsParser&& p) = delete; + void parse(const char* args) const; + void parse(int argc, const char** argv) const; + void usage(std::ostream& os, int indentation = 0, std::string mod_name = "") const; protected: - std::string m_name; - std::string m_info; - char m_delim; - struct Option { - std::string m_short; - std::string m_long; - std::string m_hint; - std::string m_description; - OptionParserFunc m_parser; - OptionFlags m_flags; - }; - std::vector