Moved ipfix probe TLS fields to already existing ones

hynekkar · hynekkar · commit 3b3da76ba06d · 2020-09-09T16:52:45.000+02:00
diff --git a/extra_plugins/output/unirec/config/unirec-elements.txt b/extra_plugins/output/unirec/config/unirec-elements.txt
@@ -139,44 +139,40 @@ HTTP_UA_APP_MIN                uint16        flowmon:httpUaAppMin
 HTTP_UA_APP_BLD                uint16        flowmon:httpUaAppBld
 
 
-# --- TLS elements ---
-TLS_SNI                        string        e8057id808
-TLS_JA3                        string        e8057id830
-
 
 # --- Other fields ---
 IPV6_TUN_TYPE                  uint8         e16982id405      # IPv6 tunnel type
 APP_ID                         bytes         e0id95           # Application ID from libprotoident / NBAR2 / Flowmon's NBAR plugin
 
-# --- Flowmon TLS fields
-TLS_CONTENT_TYPE               uint8         flowmon:tlsContentType       # tlsContentType
-TLS_HANDSHAKE_TYPE             uint32        flowmon:tlsHandshakeType     # https://tools.ietf.org/html/rfc5246#appendix-A.4
-TLS_SETUP_TIME                 uint64        flowmon:tlsSetupTime         # tlsSetupTime
-TLS_SERVER_VERSION             uint16        flowmon:tlsServerVersion     # 8b major and 8b minor, 0x0303 ~ TLS1.2
-TLS_SERVER_RANDOM              bytes         flowmon:tlsServerRandom      # tlsServerRandom
-TLS_SERVER_SESSIONID           bytes         flowmon:tlsServerSessionId   # tlsServerSessionId
-TLS_CIPHER_SUITE               uint16        flowmon:tlsCipherSuite       # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
-TLS_ALPN                       string        flowmon:tlsAlpn              # TLS Application-Layer Protocol Negotiation https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
-TLS_SNI                        string        flowmon:tlsSni               # Server Name Indication https://en.wikipedia.org/wiki/Server_Name_Indication
-TLS_SNI_LENGTH                 uint16        flowmon:tlsSniLength         # Length of TLS_SNI field
-TLS_CLIENT_VERSION             uint16        flowmon:tlsClientVersion     # tlsClientVersion
-TLS_CIPHER_SUITES              bytes         flowmon:tlsCipherSuites      # List of 2B ciphers, beware of network byte order. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
-TLS_CLIENT_RANDOM              bytes         flowmon:tlsClientRandom      # tlsClientRandom
-TLS_CLIENT_SESSIONID           bytes         flowmon:tlsClientSessionId   # tlsClientSessionId
-TLS_EXTENSION_TYPES            bytes         flowmon:tlsExtensionTypes    # tlsExtensionTypes
-TLS_EXTENSION_LENGTHS          bytes         flowmon:tlsExtensionLengths  # tlsExtensionLengths
-TLS_ELLIPTIC_CURVES            bytes         flowmon:tlsEllipticCurves    # tlsEllipticCurves
-TLS_EC_POINTFORMATS            bytes         flowmon:tlsEcPointFormats    # tlsEcPointFormats
-TLS_CLIENT_KEYLENGTH           int32         flowmon:tlsClientKeyLength   # Length of client's key
-TLS_ISSUER_CN                  string        flowmon:tlsIssuerCn          # Common name of certificate issuer
-TLS_SUBJECT_CN                 string        flowmon:tlsSubjectCn         # Certificate Common Name
-TLS_SUBJECT_ON                 string        flowmon:tlsSubjectOn         # Certificate Organization Name
-TLS_VALIDITY_NOTBEFORE         int64         flowmon:tlsValidityNotBefore # UNIX timestamp of certificate creation
-TLS_VALIDITY_NOTAFTER          int64         flowmon:tlsValidityNotAfter  # UNIX timestamp of certificate expiration
-TLS_SIGNATURE_ALG              uint16        flowmon:tlsSignatureAlg      # tlsSignatureAlg
-TLS_PUBLIC_KEYALG              uint16        flowmon:tlsPublicKeyAlg      # tlsPublicKeyAlg
-TLS_PUBLIC_KEYLENGTH           int32         flowmon:tlsPublicKeyLength   # tlsPublicKeyLength
-TLS_JA_3FINGERPRINT            bytes         flowmon:tlsJa3Fingerprint    # tlsJa3Fingerprint
+# --- TLS fields
+TLS_CONTENT_TYPE               uint8         flowmon:tlsContentType                  # tlsContentType
+TLS_HANDSHAKE_TYPE             uint32        flowmon:tlsHandshakeType                # https://tools.ietf.org/html/rfc5246#appendix-A.4
+TLS_SETUP_TIME                 uint64        flowmon:tlsSetupTime                    # tlsSetupTime
+TLS_SERVER_VERSION             uint16        flowmon:tlsServerVersion                # 8b major and 8b minor, 0x0303 ~ TLS1.2
+TLS_SERVER_RANDOM              bytes         flowmon:tlsServerRandom                 # tlsServerRandom
+TLS_SERVER_SESSIONID           bytes         flowmon:tlsServerSessionId              # tlsServerSessionId
+TLS_CIPHER_SUITE               uint16        flowmon:tlsCipherSuite                  # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_ALPN                       string        flowmon:tlsAlpn                         # TLS Application-Layer Protocol Negotiation https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+TLS_SNI                        string        flowmon:tlsSni,e8057id808               # Server Name Indication https://en.wikipedia.org/wiki/Server_Name_Indication
+TLS_SNI_LENGTH                 uint16        flowmon:tlsSniLength                    # Length of TLS_SNI field
+TLS_CLIENT_VERSION             uint16        flowmon:tlsClientVersion                # tlsClientVersion
+TLS_CIPHER_SUITES              bytes         flowmon:tlsCipherSuites                 # List of 2B ciphers, beware of network byte order. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_CLIENT_RANDOM              bytes         flowmon:tlsClientRandom                 # tlsClientRandom
+TLS_CLIENT_SESSIONID           bytes         flowmon:tlsClientSessionId              # tlsClientSessionId
+TLS_EXTENSION_TYPES            bytes         flowmon:tlsExtensionTypes               # tlsExtensionTypes
+TLS_EXTENSION_LENGTHS          bytes         flowmon:tlsExtensionLengths             # tlsExtensionLengths
+TLS_ELLIPTIC_CURVES            bytes         flowmon:tlsEllipticCurves               # tlsEllipticCurves
+TLS_EC_POINTFORMATS            bytes         flowmon:tlsEcPointFormats               # tlsEcPointFormats
+TLS_CLIENT_KEYLENGTH           int32         flowmon:tlsClientKeyLength              # Length of client's key
+TLS_ISSUER_CN                  string        flowmon:tlsIssuerCn                     # Common name of certificate issuer
+TLS_SUBJECT_CN                 string        flowmon:tlsSubjectCn                    # Certificate Common Name
+TLS_SUBJECT_ON                 string        flowmon:tlsSubjectOn                    # Certificate Organization Name
+TLS_VALIDITY_NOTBEFORE         int64         flowmon:tlsValidityNotBefore            # UNIX timestamp of certificate creation
+TLS_VALIDITY_NOTAFTER          int64         flowmon:tlsValidityNotAfter             # UNIX timestamp of certificate expiration
+TLS_SIGNATURE_ALG              uint16        flowmon:tlsSignatureAlg                 # tlsSignatureAlg
+TLS_PUBLIC_KEYALG              uint16        flowmon:tlsPublicKeyAlg                 # tlsPublicKeyAlg
+TLS_PUBLIC_KEYLENGTH           int32         flowmon:tlsPublicKeyLength              # tlsPublicKeyLength
+TLS_JA_3FINGERPRINT            bytes         flowmon:tlsJa3Fingerprint,e8057id830    # tlsJa3Fingerprint
 
 # --- Per-Packet Information elements ---
 #PPI_TLS_REC_LENGTHS           uint16*       e0id291/e8057id1010          # basicList of TLS record lengths
