Merge pull request #162 from BonnyAD9/export-vlan-id

Add vlan plugin

Author: SiskaPavel

.gitignore

@@ -99,9 +99,16 @@ ipfixprobe_stats
 ipfixprobe-*.tar.gz
 
 # Test Outputs
-tests/*.log
-tests/*.trs
+tests/*/*.log
+tests/*/*.trs
 tests/output/
+tests/functional/output
+# Unit test binaries
+tests/unit/byte_utils
+tests/unit/flowifc
+tests/unit/options
+tests/unit/unirec
+tests/unit/utils
 
 # Mac Finder metafile
 **/.DS_Store

Makefile.am

@@ -129,6 +129,8 @@ ipfixprobe_process_src=\
 		process/ssadetector.cpp \
 		process/icmp.hpp \
 		process/icmp.cpp \
+		process/vlan.hpp \
+		process/vlan.cpp \
 		process/nettisa.hpp \
 		process/nettisa.cpp
 

README.md

@@ -635,6 +635,14 @@ The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple
 |:------------------:|:------:|:---------------------------------------:|
 | SSA_CONF_LEVEL     | uint8  | 1 if SSA sequence detected, 0 otherwise |
 
+### VLAN
+
+List of fields exported together with basic flow fields on the interface by VLAN plugin.
+
+| Output field | Type   | Description                |
+|:------------:|:------:|:--------------------------:|
+| VLAN_ID      | uint16 | Vlan ID (used in flow key) |
+
 ## Simplified function diagram
 Diagram below shows how `ipfixprobe` works.
 

include/ipfixprobe/ipfix-elements.hpp

@@ -83,6 +83,8 @@ namespace ipxp {
 
 #define ETHERTYPE(F)                  F(0,      256,    2,   nullptr)
 
+#define VLAN_ID(F)                    F(0,       58,    2,   nullptr)
+
 #define L2_SRC_MAC(F)                 F(0,       56,    6,   flow.src_mac)
 #define L2_DST_MAC(F)                 F(0,       80,    6,   flow.dst_mac)
 
@@ -509,6 +511,9 @@ namespace ipxp {
 #define IPFIX_ICMP_TEMPLATE(F) \
    F(L4_ICMP_TYPE_CODE)
 
+#define IPFIX_VLAN_TEMPLATE(F) \
+   F(VLAN_ID)
+
 #define IPFIX_NETTISA_TEMPLATE(F) \
   F(NTS_MEAN) \
   F(NTS_MIN) \
@@ -523,7 +528,7 @@ namespace ipxp {
   F(NTS_MAX_DIFFTIMES) \
   F(NTS_TIME_DISTRIBUTION) \
   F(NTS_SWITCHING_RATIO)
-  
+
 #ifdef WITH_FLEXPROBE
 #define IPFIX_FLEXPROBE_DATA_TEMPLATE(F) F(FX_FRAME_SIGNATURE) F(FX_INPUT_INTERFACE)
 #define IPFIX_FLEXPROBE_TCP_TEMPLATE(F) F(FX_TCP_TRACKING)

include/ipfixprobe/options.hpp

@@ -35,6 +35,7 @@
 #include <stdexcept>
 #include <string>
 #include <iostream>
+#include <cstdint>
 
 namespace ipxp {
 

include/ipfixprobe/utils.hpp

@@ -37,6 +37,7 @@
 #include <utility>
 #include <algorithm>
 #include <stdexcept>
+#include <cstdint>
 
 namespace ipxp {
 

pcaps/vlan.pcap

@@ -0,0 +1,58 @@
+/**
+ * \file vlan.cpp
+ * \brief Plugin for parsing vlan traffic.
+ * \author Jakub Antonín Štigler xstigl00@[email protected]
+ * \date 2023
+ */
+/*
+ * Copyright (C) 2023 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ *
+ *
+ */
+
+#include <iostream>
+
+#include "vlan.hpp"
+
+namespace ipxp {
+
+int RecordExtVLAN::REGISTERED_ID = -1;
+
+__attribute__((constructor)) static void register_this_plugin()
+{
+   static PluginRecord rec = PluginRecord("vlan", [](){return new VLANPlugin();});
+   register_plugin(&rec);
+   RecordExtVLAN::REGISTERED_ID = register_extension();
+}
+
+ProcessPlugin *VLANPlugin::copy()
+{
+   return new VLANPlugin(*this);
+}
+
+int VLANPlugin::post_create(Flow &rec, const Packet &pkt)
+{
+   auto ext = new RecordExtVLAN();
+   ext->vlan_id = pkt.vlan_id;
+   rec.add_extension(ext);
+   return 0;
+}
+
+}
+

process/create_plugin.sh

@@ -0,0 +1,125 @@
+/**
+ * \file vlan.hpp
+ * \brief Plugin for parsing vlan traffic.
+ * \author Jakub Antonín Štigler xstigl00@[email protected]
+ * \date 2023
+ */
+/*
+ * Copyright (C) 2023 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ *
+ *
+ */
+
+#ifndef IPXP_PROCESS_VLAN_HPP
+#define IPXP_PROCESS_VLAN_HPP
+
+#include <cstring>
+
+#ifdef WITH_NEMEA
+  #include "fields.h"
+#endif
+
+#include <ipfixprobe/process.hpp>
+#include <ipfixprobe/flowifc.hpp>
+#include <ipfixprobe/packet.hpp>
+#include <ipfixprobe/ipfix-elements.hpp>
+
+#include <cstdint>
+#include <string>
+#include <sstream>
+
+namespace ipxp {
+
+#define VLAN_UNIREC_TEMPLATE "VLAN_ID"
+
+UR_FIELDS (
+   uint16 VLAN_ID
+)
+
+/**
+ * \brief Flow record extension header for storing parsed VLAN data.
+ */
+struct RecordExtVLAN : public RecordExt {
+   static int REGISTERED_ID;
+
+   // vlan id is in the host byte order
+   uint16_t vlan_id;
+
+   RecordExtVLAN() : RecordExt(REGISTERED_ID), vlan_id(0)
+   {
+   }
+
+#ifdef WITH_NEMEA
+   virtual void fill_unirec(ur_template_t *tmplt, void *record)
+   {
+      ur_set(tmplt, record, F_VLAN_ID, vlan_id);
+   }
+
+   const char *get_unirec_tmplt() const
+   {
+      return VLAN_UNIREC_TEMPLATE;
+   }
+#endif
+
+   virtual int fill_ipfix(uint8_t *buffer, int size)
+   {
+      const int LEN = sizeof(vlan_id);
+
+      if (size < LEN) {
+         return -1;
+      }
+
+      *reinterpret_cast<uint16_t *>(buffer) = htons(vlan_id);
+      return 0;
+   }
+
+   const char **get_ipfix_tmplt() const
+   {
+      static const char *ipfix_template[] = {
+         IPFIX_VLAN_TEMPLATE(IPFIX_FIELD_NAMES)
+         NULL
+      };
+      return ipfix_template;
+   }
+
+   std::string get_text() const
+   {
+      std::ostringstream out;
+      out << "vlan_id=\"" << vlan_id << '"';
+      return out.str();
+   }
+};
+
+/**
+ * \brief Process plugin for parsing VLAN packets.
+ */
+class VLANPlugin : public ProcessPlugin
+{
+public:
+   OptionsParser *get_parser() const { return new OptionsParser("vlan", "Parse VLAN traffic"); }
+   std::string get_name() const { return "vlan"; }
+   RecordExt *get_ext() const { return new RecordExtVLAN(); }
+   ProcessPlugin *copy();
+
+   int post_create(Flow &rec, const Packet &pkt);
+};
+
+}
+#endif /* IPXP_PROCESS_VLAN_HPP */
+