Unirec output plugin: improved plugin implementation

Author: Lukas955

extra_plugins/output/unirec/CMakeLists.txt

@@ -3,14 +3,14 @@ project(unirec)
 
 # Description of the project
 set(UNIREC_DESCRIPTION
-	"Output plugin for IPFIXcol2 that sends flow records in UniRec format into NEMEA modules."
+    "Output plugin for IPFIXcol2 that sends flow records in UniRec format into NEMEA modules."
 )
 
 set(UNIREC_VERSION_MAJOR 1)
 set(UNIREC_VERSION_MINOR 0)
 set(UNIREC_VERSION_PATCH 0)
 set(UNIREC_VERSION
-	${UNIREC_VERSION_MAJOR}.${UNIREC_VERSION_MINOR}.${UNIREC_VERSION_PATCH})
+    ${UNIREC_VERSION_MAJOR}.${UNIREC_VERSION_MINOR}.${UNIREC_VERSION_PATCH})
 
 include(CheckCCompilerFlag)
 include(CheckCXXCompilerFlag)
@@ -25,8 +25,8 @@ find_package(Unirec REQUIRED)
 
 # Set default build type if not specified by user
 if (NOT CMAKE_BUILD_TYPE)
-	set (CMAKE_BUILD_TYPE Release
-		CACHE STRING "Choose type of build (Release/Debug/Coverage)." FORCE)
+    set (CMAKE_BUILD_TYPE Release
+        CACHE STRING "Choose type of build (Release/Debug)." FORCE)
 endif()
 
 # Hard coded definitions
@@ -39,36 +39,36 @@ set(CMAKE_CXX_FLAGS_DEBUG    "-g -O0 -Wall -Wextra -pedantic")
 
 # Header files for source code building
 include_directories(
-	"${IPFIXCOL2_INCLUDE_DIRS}"  # IPFIXcol2 header files
-	"${LIBTRAP_INCLUDE_DIRS}"        # libtrap header files
-	"${UNIREC_INCLUDE_DIRS}"        # unirec header files
+    "${IPFIXCOL2_INCLUDE_DIRS}"  # IPFIXcol2 header files
+    "${LIBTRAP_INCLUDE_DIRS}"    # libtrap header files
+    "${UNIREC_INCLUDE_DIRS}"     # unirec header files
 )
 
 # Create a linkable module
 add_library(unirec-output MODULE
-	configuration.c
-	configuration.h
-	unirecplugin.h
-	unirecplugin.c
-	translator.c
-	translator.h
-	fields.c
-	fields.h
-	map.c
-	map.h
+    src/configuration.c
+    src/configuration.h
+    src/unirecplugin.c
+    src/translator.c
+    src/translator.h
+    src/fields.c
+    src/fields.h
+    src/map.c
+    src/map.h
 )
 
 target_link_libraries(unirec-output
     ${LIBTRAP_LIBRARIES}               # libtrap
-    ${UNIREC_LIBRARIES}               # unirec
+    ${UNIREC_LIBRARIES}                # unirec
+    m                                  # standard math library
 )
 
 install(
-	TARGETS unirec-output
-	LIBRARY DESTINATION "${CMAKE_INSTALL_FULL_LIBDIR}/ipfixcol2/"
+    TARGETS unirec-output
+    LIBRARY DESTINATION "${CMAKE_INSTALL_FULL_LIBDIR}/ipfixcol2/"
 )
 install(
-    FILES unirec-elements.txt
+    FILES config/unirec-elements.txt
     DESTINATION "${CMAKE_INSTALL_FULL_SYSCONFDIR}/ipfixcol2/"
 )
 

extra_plugins/output/unirec/README.rst

@@ -218,3 +218,15 @@ a line: ``"BYTES   uint64   e0id1   Number of bytes in flow"``:
 To map more than one IPFIX IE to one UniRec element, IPFIX IEs may be written as a comma
 separated list of individual IEs (no space before and after comma). For example,
 ``"SRC_IP  ipaddr  e0id8,e0id27  IPv4 or IPv6 source address"``.
+
+
+
+TODO: how to add new element!! lnf + unirec
+
+
+Note
+----
+
+TODO: bidirectional flows are automatically split into two unidirectional flows
+TODO: if multiple IPFIX elements are mapped to the same UniRec field and the result is .....
+

extra_plugins/output/unirec/config/unirec-elements.txt

@@ -0,0 +1,114 @@
+# This file is part of Unirec output plugin for IPFIXcol2
+#
+# Entries in this file show mapping from IPFIX Information Elements to UniRec
+# fields. You can change setting by editing this file. Each entry consists
+# of the following parameters:
+#  - UniRec field name
+#  - UniRec data type (int{8,16,32,64}, uint{8,16,32,64}, float, double, time,
+#      ipaddr, macaddr, char, string, bytes)
+#  - Comma separated list of IPFIX Information Elements identifiers
+#      ("eXXidYY" where XX is Private Enterprise Number and YY is field ID)
+#
+# See ipfixcol2-unirec-output(1) for details
+
+#UNIREC NAME                   UNIREC TYPE   IPFIX IEs        DESCRIPTION
+# --- Basic fields ---
+SRC_IP                         ipaddr        e0id8,e0id27     # IPv4 or IPv6 source address
+DST_IP                         ipaddr        e0id12,e0id28    # IPv4 or IPv6 destination address
+SRC_PORT                       uint16        e0id7            # Transport protocol source port
+DST_PORT                       uint16        e0id11           # Transport protocol destination port
+PROTOCOL                       uint8         e0id4            # Transport protocol
+TCP_FLAGS                      uint8         e0id6            # TCP flags
+BYTES                          uint64        e0id1            # Number of bytes in flow
+PACKETS                        uint32        e0id2            # Number of packets in flow
+TIME_FIRST                     time          e0id152          # Time of the first packet of a flow
+TIME_LAST                      time          e0id153          # Time of the last packet of a flow
+DIR_BIT_FIELD                  uint8         e0id10           # Bit field used for determining incoming/outgoing flow (1 => Incoming, 0 => Outgoing)
+LINK_BIT_FIELD                 uint64        e0id405          # Bit field of links on which was flow seen
+TTL                            uint8         e0id192          # IP time to live
+TOS                            uint8         e0id5            # IP type of service
+
+# --- DNS specific fields ---
+DNS_ANSWERS                    uint16        e8057id0         # DNS answers
+DNS_RCODE                      uint8         e8057id1         # DNS rcode
+DNS_NAME                       string        e8057id2         # DNS name
+DNS_QTYPE                      uint16        e8057id3         # DNS qtype
+DNS_CLASS                      uint16        e8057id4         # DNS class
+DNS_RR_TTL                     uint32        e8057id5         # DNS rr ttl
+DNS_RLENGTH                    uint16        e8057id6         # DNS rlenght
+DNS_RDATA                      bytes         e8057id7         # DNS rdata
+DNS_PSIZE                      uint16        e8057id8         # DNS payload size
+DNS_DO                         uint8         e8057id9         # DNS DNSSEC OK bit
+DNS_ID                         uint16        e8057id10        # DNS transaction id
+
+# --- SMTP specific fields ---
+#SMTP_FLAGS                     uint8         e8057id200       # SMTP flags
+SMTP_COMMAND_FLAGS             uint32        e8057id810       # SMTP command flags
+SMTP_MAIL_CMD_COUNT            uint32        e8057id811       # SMTP MAIL command count
+SMTP_RCPT_CMD_COUNT            uint32        e8057id812       # SMTP RCPT command count
+SMTP_FIRST_SENDER              string        e8057id813       # SMTP first sender
+SMTP_FIRST_RECIPIENT           string        e8057id814       # SMTP first recipient
+SMTP_STAT_CODE_FLAGS           uint32        e8057id815       # SMTP status code flags
+SMTP_2XX_STAT_CODE_COUNT       uint32        e8057id816       # SMTP 2XX status code count
+SMTP_3XX_STAT_CODE_COUNT       uint32        e8057id817       # SMTP 3XX status code count
+SMTP_4XX_STAT_CODE_COUNT       uint32        e8057id818       # SMTP 4XX status code count
+SMTP_5XX_STAT_CODE_COUNT       uint32        e8057id819       # SMTP 5XX status code count
+SMTP_DOMAIN                    string        e8057id820       # SMTP domain
+
+# --- SIP specific fields ---
+SIP_MSG_TYPE                   uint16        e8057id100       # SIP message type
+SIP_STATUS_CODE                uint16        e8057id101       # SIP status code
+SIP_CALL_ID                    string        e8057id102       # SIP call id
+SIP_CALLING_PARTY              string        e8057id103       # SIP from
+SIP_CALLED_PARTY               string        e8057id104       # SIP to
+SIP_VIA                        string        e8057id105       # SIP VIA
+SIP_USER_AGENT                 string        e8057id106       # SIP user agent
+SIP_REQUEST_URI                string        e8057id107       # SIP request uri
+SIP_CSEQ                       string        e8057id108       # SIP CSeq
+
+# --- HTTP elements --- (Flowmon HTTP plugin in MUNI PEN, and CESNET sdm-http(s) plugin in CESNET PEN)
+HTTP_REQUEST_METHOD_ID         uint32        e16982id500,e8057id800               # HTTP request method id
+HTTP_REQUEST_HOST              string        e16982id501,e8057id801,e8057id808    # HTTP(S) request host
+HTTP_REQUEST_URL               string        e16982id502,e8057id802               # HTTP request url
+HTTP_REQUEST_AGENT_ID          uint32        e16982id503                          # HTTP request agent id
+HTTP_REQUEST_AGENT             string        e16982id504,e8057id804               # HTTP request agent
+HTTP_REQUEST_REFERER           string        e16982id505,e8057id803               # HTTP referer
+HTTP_RESPONSE_STATUS_CODE      uint32        e16982id506,e8057id805               # HTTP response status code
+HTTP_RESPONSE_CONTENT_TYPE     string        e16982id507,e8057id806               # HTTP response content type
+HTTP_REQUEST_RANGE             bytes         e8057id821                           # HTTP range
+HTTP_RESPONSE_TIME             uint64        e8057id807,e8057id809                # HTTP(S) application response time
+
+# --- Flowmon (former Invea) specific fields
+INVEA_VOIP_PACKET_TYPE         uint8         e39499id32       # VOIP packet type
+INVEA_SIP_CALL_ID              string        e39499id33       # SIP call ID
+INVEA_SIP_CALLING_PARTY        string        e39499id34       # SIP calling party
+INVEA_SIP_CALLED_PARTY         string        e39499id35       # SIP called party
+INVEA_SIP_VIA                  string        e39499id36       # SIP VIA
+INVEA_SIP_INVITE_RINGING_TIME  time          e39499id37       # SIP INVITE ringing time
+INVEA_SIP_OK_TIME              time          e39499id38       # SIP OK time
+INVEA_SIP_BYE_TIME             time          e39499id39       # SIP BYE time
+INVEA_SIP_RTP_IP4              ipaddr        e39499id40       # SIP RTP IPv4
+INVEA_SIP_RTP_IP6              ipaddr        e39499id41       # SIP RTP IPv6
+INVEA_SIP_RTP_AUDIO            uint16        e39499id42       # SIP RTP audio
+INVEA_SIP_RTP_VIDEO            uint16        e39499id43       # SIP RTP video
+INVEA_SIP_STATS                uint64        e39499id44       # SIP stats
+INVEA_RTP_CODEC                uint8         e39499id45       # RTP codec
+INVEA_RTP_JITTER               uint32        e39499id46       # RTP jitter
+INVEA_RTCP_LOST                uint32        e39499id47       # RTCP lost
+INVEA_RTCP_PACKETS             uint64        e39499id48       # RTCP packets
+INVEA_RTCP_OCTETS              uint64        e39499id49       # RTCP octets
+INVEA_RTCP_SOURCE_COUNT        uint8         e39499id50       # RTCP source count
+INVEA_SIP_USER_AGENT           string        e39499id51       # SIP User Agent
+INVEA_SIP_REQUEST_URI          string        e39499id52       # SIP Request-URI
+
+# --- Heartbeat detection fields ---
+HB_TYPE                        uint8         e8057id700       # TLS content type
+HB_DIR                         uint8         e8057id701       # Heartbeat request/response byte
+HB_SIZE_MSG                    uint16 	     e8057id702       # Heartbeat message size
+HB_SIZE_PAYLOAD                uint16 	     e8057id703       # Heartbeat payload size
+
+# --- Other fields ---
+#FLOWDIR_SYN                    uint8         e8057id299       # Packet with SYN flag only flag
+VENOM                          uint8         e8057id1001      # Venom rootkit detection
+IPV6_TUN_TYPE                  uint8         e16982id405      # IPv6 tunnel type
+

…ra_plugins/output/unirec/configuration.c …lugins/output/unirec/src/configuration.cextra_plugins/output/unirec/configuration.c renamed to extra_plugins/output/unirec/src/configuration.c extra_plugins/output/unirec/configuration.c renamed to extra_plugins/output/unirec/src/configuration.c

@@ -43,17 +43,18 @@
 #define _GNU_SOURCE
 #include <stdio.h>
 #include "configuration.h"
-#include "unirecplugin.h"
 
 #include <ipfixcol2.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <inttypes.h>
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>
 #include <stdarg.h>
 #include <limits.h>
 #include <ctype.h>
+#include <stdbool.h>
 
 /** Timeout configuration */
 enum cfg_timeout_mode {

…ra_plugins/output/unirec/configuration.h …lugins/output/unirec/src/configuration.hextra_plugins/output/unirec/configuration.h renamed to extra_plugins/output/unirec/src/configuration.h extra_plugins/output/unirec/configuration.h renamed to extra_plugins/output/unirec/src/configuration.h

@@ -40,8 +40,6 @@
 #ifndef CONFIGURATION_H
 #define CONFIGURATION_H
 
-#include <stdint.h>
-#include <stdbool.h>
 #include <ipfixcol2.h>
 
 /**
@@ -56,18 +54,18 @@ struct conf_params {
      * Elements marked with '?' are optional and might not be filled (e.g. TCP_FLAGS)
      * For example, "DST_IP,SRC_IP,BYTES,DST_PORT,?TCP_FLAGS,SRC_PORT,PROTOCOL".
      * All fields must be contained in unirec-elements.txt
-     * \note All whitespaces has been removed
+     * \note All whitespaces have been removed
      */
     char *unirec_spec;
-    /** The same as \ref conf_params.unirec_spec, however, question marks has been removed  */
+    /** The same as \ref conf_params.unirec_spec, however, question marks have been removed  */
     char *unirec_fmt;
 };
 
 /**
  * \brief Parse the plugin configuration
  *
  * \warning The configuration MUST be free by configuration_free() function.
- * \param[in,out] ctx IPFIXcol2 context for output messages
+ * \param[in] ctx    Instance context
  * \param[in] params XML configuration
  * \return On success returns a pointer to the configuration. Otherwise returns
  *   NULL.