Merge branch 'filter-plugin' into 'devel'

Filter plugin

See merge request monitoring/ipfixcol2!22

Author: sedmicha

include/ipfixcol2/message_ipfix.h

@@ -225,6 +225,15 @@ ipx_msg_ipfix_add_set_ref(struct ipx_msg_ipfix *msg);
 IPX_API struct ipx_ipfix_record *
 ipx_msg_ipfix_add_drec_ref(struct ipx_msg_ipfix **msg_ref);
 
+/**
+ * \brief Set the raw size of an IPFIX message.
+ *
+ * \param[in] msg IPFIX Message wrapper.
+ * \param[in] new_raw_size The new raw_size value.
+ */
+IPX_API void
+ipx_msg_ipfix_set_raw_size(ipx_msg_ipfix_t *msg, uint16_t new_raw_size);
+
 /**@}*/
 #ifdef __cplusplus
 }

src/core/message_ipfix.c

@@ -192,3 +192,9 @@ ipx_msg_ipfix_add_drec_ref(struct ipx_msg_ipfix **msg_ref)
     msg->rec_info.cnt_valid++;
     return ((struct ipx_ipfix_record *) (((uint8_t *) msg->recs) + offset));
 }
+
+void
+ipx_msg_ipfix_set_raw_size(ipx_msg_ipfix_t *msg, uint16_t new_raw_size)
+{
+    msg->raw_size = new_raw_size;
+}

src/plugins/intermediate/CMakeLists.txt

@@ -1,2 +1,3 @@
 # List of output plugin to build and install
-add_subdirectory(anonymization)
+add_subdirectory(anonymization)
+add_subdirectory(filter)

src/plugins/intermediate/filter/CMakeLists.txt

@@ -0,0 +1,28 @@
+add_library(filter-intermediate MODULE
+    msg_builder.h
+    filter.c
+    config.c
+    config.h
+)
+
+install(
+    TARGETS filter-intermediate
+    LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixcol2/"
+)
+
+if (ENABLE_DOC_MANPAGE)
+    # Build a manual page
+    set(SRC_FILE "${CMAKE_CURRENT_SOURCE_DIR}/doc/ipfixcol2-filter-inter.7.rst")
+    set(DST_FILE "${CMAKE_CURRENT_BINARY_DIR}/ipfixcol2-filter-inter.7")
+
+    add_custom_command(TARGET filter-intermediate PRE_BUILD
+        COMMAND ${RST2MAN_EXECUTABLE} --syntax-highlight=none ${SRC_FILE} ${DST_FILE}
+        DEPENDS ${SRC_FILE}
+        VERBATIM
+        )
+
+    install(
+        FILES "${DST_FILE}"
+        DESTINATION "${INSTALL_DIR_MAN}/man7"
+    )
+endif()

src/plugins/intermediate/filter/README.rst

@@ -0,0 +1,76 @@
+Filter (intermediate plugin)
+============================
+
+The plugin performs filtering of flow records based on an filter expression.
+Flow records not matching the specified filtering criteria are discarded.
+
+
+Supported operations
+--------------------
+
+ - Comparison operators `==`, `<`, `>`, `<=`, `>=`, `!=`. If the comparison operator is ommited, the default comparison is `==`.
+
+ - The `contains` operator for substring comparison, e.g. `DNSName contains "example"`.
+
+ - Arithmetic operations `+`, `-`, `*`, `/`, `%`.
+
+ - Bitwise operations not `~`, or `|`, and `&`, xor `^`.
+
+ - The `in` operator for list comparison, e.g. `port in [80, 443]`.
+
+ - The logical `and`, `or`, `not` operators.
+
+
+Value types
+-----------
+
+ - Numbers can be integer or floating point. Integer numbers can also be written in their hexadecimal or binary form using the `0x` or `0b` prefix.
+   Floating point numbers also support the exponential notation such as `1.2345e+2`. A number can be explicitly unsigned using the `u` suffix.
+   Numbers also support size suffixes `B`, `k`, `M`, `G`, `T`, and time suffixes `ns`, `us`, `ms`, `s`, `m`, `d`.
+
+ - Strings are values enclosed in a pair of double quotes `"`. Supported escape sequences are `\n`, `\r`, `\t` and `\"`.
+   The escape sequences to write characters using their octal or hexadecimal value are also supported, e.g. `\ux22` or `\042`.
+
+ - IP addresses are written in their usual format, e.g. `127.0.0.1` or `1234:5678:9abc:def1:2345:6789:abcd:ef12`. The shortened IPv6 version is also supported, e.g. `::ff`.
+   IP addresses can also contain a suffix specifying their prefix length, e.g. `10.0.0.0/16`.
+
+ - MAC addresses are written in their usual format, e.g. `12:34:56:78:9a:bc`.
+
+ - Timestamps use the ISO timestamp format, e.g. `2020-04-05T24:00Z`.
+
+
+IPFIX field identificators
+--------------------------
+
+IPFIX fields can be identified using their name specified in the IPFIX information elements table or their alias defined in the `aliases.xml` file.
+If the IPFIX name is used and the default iana table is being referred, the `iana:` prefix can be ommited.
+Note that one alias can point to multiple IPFIX information elements.
+The default location of the aliases file is `/etc/libfds/system/aliases.xml`.
+
+
+Value mappings
+--------------
+
+Commonly used values can be mapped to a name using the `mappings.xml` file, for example the name `http` when used in an expression `port http` can refer to the value 80.
+These names can have different meanings depending on the IPFIX field they're being compared with.
+The default location of the mappings file is `/etc/libfds/system/mappings.xml`.
+
+
+Example configuration
+---------------------
+
+.. code-block:: xml
+
+    <intermediate>
+        <name>Filter</name>
+        <plugin>filter</plugin>
+        <params>
+            <expr>ip 10.0.0.0/16 and port in [80, 8080]</expr>
+        </params>
+    </intermediate>
+
+Parameters
+----------
+
+:``expr``:
+    The filter expression.

src/plugins/intermediate/filter/config.c

@@ -0,0 +1,124 @@
+/**
+ * \file src/plugins/intermediate/filter/config.c
+ * \author Michal Sedlak <[email protected]>
+ * \brief The filter plugin config
+ * \date 2020
+ */
+
+/* Copyright (C) 2020 CESNET, z.s.p.o.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <stdlib.h>
+
+/*
+ * <params>
+ *   <expr>...</expr>
+ * </params>
+ */
+
+enum params_xml_nodes {
+    FILTER_EXPR = 1,
+};
+
+static const struct fds_xml_args args_params[] = {
+    FDS_OPTS_ROOT("params"),
+    FDS_OPTS_ELEM(FILTER_EXPR, "expr", FDS_OPTS_T_STRING, 0),
+    FDS_OPTS_END
+};
+
+struct config *
+config_parse(ipx_ctx_t *ctx, const char *params)
+{
+    struct config *cfg = NULL;
+    fds_xml_t *parser = NULL;
+
+    cfg = calloc(1, sizeof(struct config));
+    if (!cfg) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        goto error;
+    }
+
+    parser = fds_xml_create();
+    if (!parser) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        goto error;
+    }
+
+    if (fds_xml_set_args(parser, args_params) != FDS_OK) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the description of an XML document!");
+        goto error;
+    }
+
+    fds_xml_ctx_t *params_ctx = fds_xml_parse_mem(parser, params, true);
+    if (params_ctx == NULL) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the configuration: %s", fds_xml_last_err(parser));
+        goto error;
+    }
+
+    const struct fds_xml_cont *content;
+    while (fds_xml_next(params_ctx, &content) == FDS_OK) {
+        switch (content->id) {
+        case FILTER_EXPR:
+            assert(content->type == FDS_OPTS_T_STRING);
+            if (strlen(content->ptr_string) == 0) {
+                IPX_CTX_ERROR(ctx, "Filter expression is empty!");
+                goto error;
+            }
+            cfg->expr = strdup(content->ptr_string);
+            if (!cfg->expr) {
+                IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+                goto error;
+            }
+            break;
+        }
+    }
+
+    fds_xml_destroy(parser);
+    return cfg;
+
+error:
+    fds_xml_destroy(parser);
+    free(cfg);
+    return NULL;
+}
+
+void
+config_destroy(struct config *cfg)
+{
+    free(cfg->expr);
+    free(cfg);
+}

src/plugins/intermediate/filter/config.h

@@ -0,0 +1,57 @@
+/**
+ * \file src/plugins/intermediate/filter/config.h
+ * \author Michal Sedlak <[email protected]>
+ * \brief The filter plugin config header
+ * \date 2020
+ */
+
+/* Copyright (C) 2020 CESNET, z.s.p.o.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include <ipfixcol2.h>
+
+struct config {
+    char *expr;
+};
+
+struct config *
+config_parse(ipx_ctx_t *ctx, const char *params);
+
+void
+config_destroy(struct config *cfg);
+
+#endif // CONFIG_H

src/plugins/intermediate/filter/doc/ipfixcol2-filter-inter.7.rst

@@ -0,0 +1,20 @@
+========================
+ ipfixcol2-filter-inter
+========================
+
+-----------------------------------
+Filter (intermediate plugin)
+-----------------------------------
+
+:Author: Michal Sedlák ([email protected])
+:Date:   2020-08-24
+:Copyright: Copyright © 2020 CESNET, z.s.p.o.
+:Version: 1.0
+:Manual section: 7
+:Manual group: IPFIXcol collector
+
+Description
+-----------
+
+.. include:: ../README.rst
+   :start-line: 3