Merge remote-tracking branch 'origin/netflow' into devel

Author: Lukas955

include/ipfixcol2/api.h.in

@@ -105,6 +105,8 @@ extern "C" {
 // Note: Following codes preservers the same numbering as libfds
 /** Status code for success                                               */
 #define IPX_OK             (0)
+/** Status code for the end of a context                                      */
+#define IPX_EOC            (-1)
 /** Status code for ready operation                                       */
 #define IPX_READY          (-11)
 /** Status code for memory allocation error                               */

include/ipfixcol2/message_ipfix.h

@@ -116,11 +116,12 @@ struct ipx_ipfix_record {
  * \param[in] plugin_ctx Context of the plugin
  * \param[in] msg_ctx    Message context (info about Transport Session, ODID, etc.)
  * \param[in] msg_data   Pointer to the IPFIX (or NetFlow) Message header
+ * \param[in] msg_size   Total size of the IPFIX (or NetFlow) Message
  * \return Pointer or NULL (memory allocation error)
  */
 IPX_API ipx_msg_ipfix_t *
 ipx_msg_ipfix_create(const ipx_ctx_t *plugin_ctx, const struct ipx_msg_ctx *msg_ctx,
-    uint8_t *msg_data);
+    uint8_t *msg_data, uint16_t msg_size);
 
 /**
  * \brief Destroy a message wrapper with a parsed IPFIX packet

src/core/CMakeLists.txt

@@ -17,6 +17,14 @@ set(CORE_SOURCE
     configurator/plugin_mgr.hpp
     configurator/model.cpp
     configurator/model.hpp
+    netflow2ipfix/netflow2ipfix.h
+    netflow2ipfix/netflow5.c
+    netflow2ipfix/netflow9.c
+    netflow2ipfix/netflow9_templates.c
+    netflow2ipfix/netflow9_templates.h
+    netflow2ipfix/netflow9_parsers.c
+    netflow2ipfix/netflow9_parsers.h
+    netflow2ipfix/netflow_structs.h
     api.c
     context.c
     context.h
@@ -76,4 +84,4 @@ set_target_properties(ipfixcol2 PROPERTIES  # by default, hide all symbols
 install(
     TARGETS ipfixcol2
     DESTINATION bin
-)
+)

src/core/message_ipfix.c

@@ -60,7 +60,7 @@ ipx_msg_ipfix_size(uint32_t rec_cnt, size_t rec_size)
 
 ipx_msg_ipfix_t *
 ipx_msg_ipfix_create(const ipx_ctx_t *plugin_ctx, const struct ipx_msg_ctx *msg_ctx,
-    uint8_t *msg_data)
+    uint8_t *msg_data, uint16_t msg_size)
 {
     const size_t rec_size = ipx_ctx_recsize_get(plugin_ctx);
     const size_t new_size = ipx_msg_ipfix_size(REC_DEF_CNT, rec_size);
@@ -72,6 +72,7 @@ ipx_msg_ipfix_create(const ipx_ctx_t *plugin_ctx, const struct ipx_msg_ctx *msg_
     ipx_msg_header_init(&wrapper->msg_header, IPX_MSG_IPFIX);
     wrapper->ctx = *msg_ctx;
     wrapper->raw_pkt = msg_data;
+    wrapper->raw_size = msg_size;
     wrapper->sets.cnt_alloc = SET_DEF_CNT;
     wrapper->rec_info.cnt_alloc = REC_DEF_CNT;
     wrapper->rec_info.rec_size = rec_size;

src/core/message_ipfix.h

@@ -67,6 +67,8 @@ struct ipx_msg_ipfix {
     struct ipx_msg_ctx ctx;
     /** Raw IPFIX packet from a source (in Network Byte Order)               */
     uint8_t *raw_pkt;
+    /** Size of raw message                                                  */
+    uint16_t raw_size;
 
     struct {
         /** Array of sets (valid only when #cnt_valid <= SET_DEF_CNT)       */

src/core/netflow2ipfix/netflow2ipfix.h

@@ -0,0 +1,185 @@
+/**
+ * @file src/core/netflow2ipfix/netflow2ipfix.h
+ * @author Lukas Hutak <[email protected]>
+ * @brief Main NetFlow v5/v9 to IPFIX converter functions (header file)
+ * @date 2018-2019
+ *
+ * Copyright(c) 2019 CESNET z.s.p.o.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef IPFIXCOL2_NETFLOW2IPFIX_H
+#define IPFIXCOL2_NETFLOW2IPFIX_H
+
+#include <stdint.h>
+#include <stddef.h>
+#include <ipfixcol2.h>
+
+/**
+ * @defgroup nf5_to_ipfix NetFlow v5 to IPFIX
+ * @brief Conversion from NetFlow v5 Messages to IPFIX Messages
+ *
+ * The converter helps to convert a stream of NetFlow Messages from a NetFlow exporter to stream
+ * of IPFIX Messages. Messages are processed individually and should be passed to the
+ * converter in the order send by the exporter. If it is necessary to convert streams from
+ * multiple exporters at time, you MUST create an independent instance for each stream.
+ *
+ * @note
+ *   If stream of NetFlow packets contains a soft error (such as missing one or more packets,
+ *   reordered packets), a warning message is printed on the standard output. Generated stream of
+ *   IPFIX Messages don't contain these error (i.e. independent sequence numbers are generated)
+ *
+ * @{
+ */
+
+/// Auxiliary definition of NetFlow v5 to IPFIX converter internals
+typedef struct ipx_nf5_conv ipx_nf5_conv_t;
+
+/**
+ * @brief Initialize NetFlow v5 to IPFIX converter
+ *
+ * @note
+ *   Template refresh interval (@p tmplt_refresh) refers to exporter timestamps in NetFlow
+ *   Messages to convert, not to wall-clock time.
+ * @param[in] ident         Instance identification (only for log messages!)
+ * @param[in] vlevel        Verbosity level of the converter (i.e. amount of log messages)
+ * @param[in] tmplt_refresh Template refresh interval (seconds, 0 == disabled)
+ * @param[in] odid          Observation Domain ID of IPFIX Messages (e.g. 0)
+ * @return Pointer to the converter or NULL (memory allocation error)
+ */
+ipx_nf5_conv_t *
+ipx_nf5_conv_init(const char *ident, enum ipx_verb_level vlevel, uint32_t tmplt_refresh,
+    uint32_t odid);
+
+/**
+ * @brief Destroy NetFlow v5 to IPFIX converter
+ * @param[in] conv Converter to destroy
+ */
+void
+ipx_nf5_conv_destroy(ipx_nf5_conv_t *conv);
+
+/**
+ * @brief Convert NetFlow v5 message to IPFIX message
+ *
+ * The function accepts a message wrapper @p wrapper that should hold a NetFlow v5 Message.
+ * If the NetFlow Message is successfully converted, a content of the wrapper is replaced
+ * with the IPFIX Message and the original NetFlow Message is not accessible anymore and it is
+ * freed.
+ *
+ * @note
+ *   In case of an error (i.e. return code different from #IPX_OK) the original NetFlow Message
+ *   in the wrapper is untouched.
+ * @note
+ *   Sequence number of the first IPFIX Message is deduced from the first NetFlow message to
+ *   convert. Sequence numbers of following converted messages is incremented independently
+ *   on the original NetFlow sequence number to avoid creation of invalid messages. In other words,
+ *   missing or reordered NetFlow messages don't affect correctness of the IPFIX stream.
+ *
+ * @param[in] conv    Message converter
+ * @param[in] wrapper Message wrapper
+ * @return #IPX_OK on success
+ * @return #IPX_ERR_FORMAT in case of invalid NetFlow Message format
+ * @return #IPX_ERR_NOMEM in case of a memory allocation error
+ */
+int
+ipx_nf5_conv_process(ipx_nf5_conv_t *conv, ipx_msg_ipfix_t *wrapper);
+
+/**
+ * @brief Change verbosity level
+ *
+ * @param[in] conv   Message converter
+ * @param[in] v_new  New verbosity level
+ */
+void
+ipx_nf5_conv_verb(ipx_nf5_conv_t *conv, enum ipx_verb_level v_new);
+
+/**
+ * @}
+ */
+
+/**
+ * @defgroup nf9_to_ipfix NetFlow v9 to IPFIX
+ * @brief Conversion from NetFlow v9 Messages to IPFIX Messages
+ *
+ * The converter helps to convert a stream of NetFlow Messages from combination of a NetFlow
+ * exporter and a Source ID (a.k.a. Observation Domain ID) to stream of IPFIX Messages. Messages
+ * are processed individually and should be passed to the converter in the order send by the
+ * exporter. If it is necessary to convert streams from the same exporter with different Source
+ * IDs or from multiple exporters at time, you MUST create an independent instance for each
+ * stream (i.e. combination of an Exporter and Source ID).
+ *
+ * @note
+ *   NetFlow Field Specifiers with ID > 127 are not backwards compatible with IPFIX Information
+ *   Elements, therefore, after conversion these specifiers are defined as Enterprise Specific
+ *   fields with Enterprise Number 4294967294 (128 <= ID <= 32767) or Enterprise Number 4294967295
+ *   (32768 <= ID <= 65535). In the latter case, the ID of the field is changed to fit into
+ *   range 0..32767: newID = oldID - 32768.
+ *
+ * @note
+ *   In the context of IPFIX protocol, the Source ID is referred as Observation Domain ID (ODID)
+ *
+ * @{
+ */
+
+/// Auxiliary definition of NetFlow v9 to IPFIX converter internals
+typedef struct ipx_nf9_conv ipx_nf9_conv_t;
+
+/**
+ * @brief Initialize NetFlow v9 to IPFIX converter
+ *
+ * @param[in] ident  Instance identification (only for log messages!)
+ * @param[in] vlevel Verbosity level of the converter (i.e. amount of log messages)
+ * @return Pointer to the converter or NULL (memory allocation error)
+ */
+ipx_nf9_conv_t *
+ipx_nf9_conv_init(const char *ident, enum ipx_verb_level vlevel);
+
+/**
+ * @brief Destroy NetFlow v9 to IPFIX converter
+ * @param[in] conv Converter to destroy
+ */
+void
+ipx_nf9_conv_destroy(ipx_nf9_conv_t *conv);
+
+/**
+ * @brief Convert NetFlow v9 Message to IPFIX Message
+ *
+ * The function accepts a message wrapper @p wrapper that should hold a NetFlow v9 Message.
+ * If the NetFlow Message is successfully converted, a content of the wrapper is replaced
+ * with the IPFIX Message and the original NetFlow Message is not accessible anymore and it is
+ * freed.
+ *
+ * @note
+ *   In case of an error (i.e. return code different from #IPX_OK) the original NetFlow Message
+ *   in the wrapper is untouched.
+ * @note
+ *   After conversion the IPFIX Message is not ready to be used for accessing flow records,
+ *   it MUST be processed by the IPFIX Parser first.
+ * @note
+ *   Sequence numbers of IPFIX Messages are incremented independently on NetFlow messages to
+ *   convert and starts from 0. In other words, missing or reordered NetFlow messages don't
+ *   affect correctness of the IPFIX stream.
+ *
+ * @param[in] conv    Message converter
+ * @param[in] wrapper Message wrapper
+ * @return #IPX_OK on success
+ * @return #IPX_ERR_FORMAT in case of invalid NetFlow Message format
+ * @return #IPX_ERR_NOMEM in case of a memory allocation error
+ */
+int
+ipx_nf9_conv_process(ipx_nf9_conv_t *conv, ipx_msg_ipfix_t *wrapper);
+
+/**
+ * @brief Change verbosity level
+ *
+ * @param[in] conv   Message converter
+ * @param[in] v_new  New verbosity level
+ */
+void
+ipx_nf9_conv_verb(ipx_nf9_conv_t *conv, enum ipx_verb_level v_new);
+
+/**
+ * @}
+ */
+
+#endif // IPFIXCOL2_NETFLOW2IPFIX_H