JSON output: add option to prevent field conversion of octetArray as unsigned integer

The added option preseves the previous behaviour by default.

Author: Lukas955

src/plugins/output/json/README.rst

@@ -89,6 +89,7 @@ Don't forget to remove (or comment) outputs that you don't want to use!
             <ignoreUnknown>true</ignoreUnknown>
             <ignoreOptions>true</ignoreOptions>
             <nonPrintableChar>true</nonPrintableChar>
+            <octetArrayAsUint>true</octetArrayAsUint>
             <numericNames>false</numericNames>
             <splitBiflow>false</splitBiflow>
             <detailedInfo>false</detailedInfo>
@@ -145,8 +146,8 @@ Formatting parameters:
 
 :``ignoreUnknown``:
     Skip unknown Information Elements (i.e. record fields with unknown name and data type).
-    If disabled, data of unknown elements are formatted as unsigned integer (the size of the
-    field ≤ 8 bytes) or binary values. [values: true/false, default: true]
+    If disabled, data of unknown elements are formatted as unsigned integer or hexadecimal values.
+    For more information, see ``octetArrayAsUint`` option. [values: true/false, default: true]
 
 :``ignoreOptions``:
     Skip non-flow records used for reporting metadata about IPFIX Exporting and Metering Processes
@@ -156,6 +157,15 @@ Formatting parameters:
     Ignore non-printable characters (newline, tab, control characters, etc.) in IPFIX strings.
     If disabled, these characters are escaped on output. [values: true/false, default: true]
 
+:``octetArrayAsUint``:
+    Converter each IPFIX field with octetArray type (including IPFIX fields with unknown
+    definitions) as unsigned integer if the size of the field is less or equal to 8 bytes.
+    Fields with the size above the limit are always converted as string representing hexadecimal
+    value, which is typically in network byte order (e.g. "0x71E1"). Keep on mind, that there might
+    be octetArray fields with variable length that might be interpreted differently based on their
+    size. If disabled, octetArray fields are never interpreted as unsigned integers.
+    [values: true/false, default: true]
+
 :``numericNames``:
     Use only short identification of Information Elements (i.e. "enXX:idYY"). If enabled, the
     short version is used even if the definition of the field is known. This option can help to

src/plugins/output/json/src/Config.cpp

@@ -57,10 +57,11 @@ enum params_xml_nodes {
     FMT_UNKNOWN,       /**< Unknown definitions             */
     FMT_OPTIONS,       /**< Ignore Options Template Records */
     FMT_NONPRINT,      /**< Non-printable chars             */
+    FMT_OCTETASUINT,   /**< OctetArray as unsigned integer  */
     FMT_NUMERIC,       /**< Use numeric names               */
     FMT_BFSPLIT,       /**< Split biflow                    */
     FMT_DETAILEDINFO,  /**< Detailed information            */
-    FMT_TMPLTINFO,      /**< Template records                */
+    FMT_TMPLTINFO,     /**< Template records                */
     // Common output
     OUTPUT_LIST,       /**< List of output types            */
     OUTPUT_PRINT,      /**< Print to standard output        */
@@ -142,6 +143,7 @@ static const struct fds_xml_args args_params[] = {
     FDS_OPTS_ELEM(FMT_OPTIONS,   "ignoreOptions",    FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
     FDS_OPTS_ELEM(FMT_NONPRINT,  "nonPrintableChar", FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
     FDS_OPTS_ELEM(FMT_NUMERIC,   "numericNames",     FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
+    FDS_OPTS_ELEM(FMT_OCTETASUINT, "octetArrayAsUint", FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
     FDS_OPTS_ELEM(FMT_BFSPLIT,   "splitBiflow",      FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
     FDS_OPTS_ELEM(FMT_DETAILEDINFO,  "detailedInfo", FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
     FDS_OPTS_ELEM(FMT_TMPLTINFO, "templateInfo", FDS_OPTS_T_BOOL, FDS_OPTS_P_OPT),
@@ -472,6 +474,10 @@ Config::parse_params(fds_xml_ctx_t *params)
             assert(content->type == FDS_OPTS_T_BOOL);
             format.numeric_names = content->val_bool;
             break;
+        case FMT_OCTETASUINT:
+            assert(content->type == FDS_OPTS_T_BOOL);
+            format.octets_as_uint = content->val_bool;
+            break;
         case FMT_BFSPLIT:  // Split biflow records
             assert(content->type == FDS_OPTS_T_BOOL);
             format.split_biflow = content->val_bool;
@@ -506,6 +512,7 @@ Config::default_set()
     format.white_spaces = true;
     format.ignore_unknown = true;
     format.ignore_options = true;
+    format.octets_as_uint = true;
     format.numeric_names = false;
     format.split_biflow = false;
     format.detailed_info = false;

src/plugins/output/json/src/Config.hpp

@@ -56,9 +56,11 @@ struct cfg_format {
     bool proto;
     /** Skip unknown elements                                                                    */
     bool ignore_unknown;
+    /** Converter octetArray type as unsigned integer (only if field size <= 8)                  */
+    bool octets_as_uint;
     /** Convert white spaces in string (do not skip)                                             */
     bool white_spaces;
-    /** Add detailed information about each record                                            */
+    /** Add detailed information about each record                                               */
     bool detailed_info;
     /** Ignore Options Template records                                                          */
     bool ignore_options;

src/plugins/output/json/src/Storage.cpp

@@ -83,7 +83,9 @@ Storage::Storage(const ipx_ctx_t *ctx, const struct cfg_format &fmt)
     if (m_format.split_biflow) {
         m_flags |= FDS_CD2J_REVERSE_SKIP;
     }
-
+    if (!m_format.octets_as_uint) {
+        m_flags |= FDS_CD2J_OCTETS_NOINT;
+    }
 }
 
 Storage::~Storage()