Merge branch 'master' into export-vlan-id

Author: BonnyAD9

.clang-format

@@ -0,0 +1,28 @@
+---
+Language: Cpp
+BasedOnStyle: WebKit
+
+AlwaysBreakBeforeMultilineStrings: true
+AlignAfterOpenBracket: AlwaysBreak
+AllowAllArgumentsOnNextLine: false
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortFunctionsOnASingleLine: Inline
+AlwaysBreakTemplateDeclarations: Yes
+BinPackArguments: false
+BinPackParameters: false
+BreakInheritanceList: BeforeComma
+ColumnLimit: 100
+Cpp11BracedListStyle: true
+FixNamespaceComments: true
+IndentGotoLabels: false
+KeepEmptyLinesAtTheStartOfBlocks: false
+NamespaceIndentation: None
+ShortNamespaceLines: 0
+SpaceAfterCStyleCast: true
+SpaceAfterTemplateKeyword: false
+SpaceInEmptyBlock: false
+SpacesInContainerLiterals: false
+PointerAlignment: Left
+UseTab: false
+IndentWidth: 4
+...

.github/workflows/c-cpp.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         submodules: recursive
     - name: Install dependencies

.github/workflows/codeql-analysis.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Install dependencies
       run: |

.github/workflows/coverity.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Install dependencies
       run: |
         sudo apt-get update

ChangeLog

@@ -1,3 +1,13 @@
+2023-07-21 ipfixprobe-4.9.2
+	* NetTiSA: Fix time comparison, handle Nan values
+
+2023-07-18 ipfixprobe-4.9.1
+	* NetTiSA: Add new NetTisa process plugin
+	* OVPN: Imporovments (Added rtp header validation function, Improve detection)
+	* HTTP: Add parsing HTTP response headers server and set-cookie names
+	* ICMP: Add new ICMP process plugin
+	* Code format: Changing uncrustify to clang format
+
 2023-06-01 ipfixprobe-4.9.0
 	* flow cache: add VLAN ID to the flow key
 	* SSADetector: detect SYN-SYNACK-ACK sequence to detect VPN within exiting connection

Makefile.am

@@ -130,7 +130,9 @@ ipfixprobe_process_src=\
 		process/icmp.hpp \
 		process/icmp.cpp \
 		process/vlan.hpp \
-		process/vlan.cpp
+		process/vlan.cpp \
+		process/nettisa.hpp \
+		process/nettisa.cpp
 
 if WITH_QUIC
 ipfixprobe_process_src+=\
@@ -184,7 +186,8 @@ ipfixprobe_headers_src=\
 		include/ipfixprobe/packet.hpp \
 		include/ipfixprobe/ring.h \
 		include/ipfixprobe/byte-utils.hpp \
-		include/ipfixprobe/ipfix-elements.hpp
+		include/ipfixprobe/ipfix-elements.hpp \
+		include/ipfixprobe/rtp.hpp
 
 ipfixprobe_src=\
 		$(ipfixprobe_input_src) \

NEWS

@@ -1,3 +1,37 @@
+2023-07-20 (Josef Koumar): NetTiSA: Handle NaN values
+2023-07-18 (Pavel Siska): Nettisa - fix invalid time conversion
+2023-07-18 (Pavel Siska): utils - add function that convert struct timeval to microseconds
+2023-07-18 (Pavel Siska): utils - fix static_assert function to c++11 standard
+
+2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA into README.md
+2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA to Makefile
+2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA plugin
+2023-07-17 (Pavel Siska): NetTiSA: Add NetTiSA IPFIX elements
+2023-07-17 (Pavel Siska): utils - format code with clang-format
+2023-07-17 (Pavel Siska): Byte-utils - introduce htonf() function to convert float to network order
+2023-07-14 (Karel Hynek): OVPN: Code reformat
+2023-07-14 (Karel Hynek): OVPN: checking datapackets for RTP validity to reduce false positives
+2023-07-14 (Karel Hynek): OVPN: Added rtp header validation function
+2023-07-14 (Karel Hynek): OVPN plugin: Improve detection for flows with large small number packets
+2023-07-07 (Jakub Magda): Add new HTTP fields to README.md
+2023-07-07 (Karel Hynek): HTTP: Updated functional tests
+2023-07-07 (Karel Hynek): HTTP: Added missing pointer check
+2023-07-07 (Karel Hynek): HTTP: Code reformat
+2023-07-07 (Karel Hynek): HTTP: FIXED invalid pointer check
+2023-06-28 (Karel Hynek): Changing uncrustify to clang format
+2023-06-17 (Tomas Cejka): actions: update to actions/checkout@v3
+2023-06-17 (Tomas Cejka): coverity: update to actions/checkout@v3
+2023-06-15 (Jakub Magda): Add parsing HTTP response headers server and set-cookie names
+2023-06-06 (Jakub Antoní Stigler): Update functional test references
+2023-06-01 (jaroslavpesek): dpdk - updated README.md for multiport read
+2023-05-23 (Jakub Antoní Stigler): improve readablility
+2023-04-25 (Jakub Antoní Stigler): Add icmp to README
+2023-04-25 (Jakub Antoní Stigler): remove icmp from parser
+2023-04-25 (Jakub Antoní Stigler): Implement fill functions in icmp
+2023-04-25 (Jakub Antoní Stigler): Add binaries to gitignore
+2023-04-25 (Jakub Antoní Stigler): Implement ICMP plugin
+2023-04-25 (Jakub Antoní Stigler): generate empty icmp plugin
+
 2023-05-30 (jaroslavpesek): Merge pull request #157 from CESNET/dpdk-port
 2023-05-29 (Pavel Siska): Ipfixprobed - support dpdk option `lcores`
 2023-05-29 (Pavel Siska): Ipfixprobed - remove dpdk option `cpu_mask`

README.md

@@ -239,18 +239,39 @@ Fields without `_REV` suffix are fields from source flow. Fields with `_REV` are
 | TCP_MSS_REV  | uint32 | TCP maximum segment size    |
 | TCP_SYN_SIZE | uint16 | TCP SYN packet size         |
 
+### NetTiSA
+List of unirec fields exported together with NetTiSA flow fields on interface by nettisa plugin.
+
+| Output field | Type   | Description                 |
+|:------------:|:------:|:---------------------------:|
+| NTS_MEAN               | float   |  The mean of the payload lengths of packets                                   |
+| NTS_MIN                | uint16   |  Minimal value from all packet payload lengths                |
+| NTS_MAX                | uint16   |  Maximum value from all packet payload lengths                    |
+| NTS_STDEV              | float   |  Represents a switching ratio between different values of the sequence of observation.                    |
+| NTS_KURTOSIS           | float  |  The standard deviation is measure of the variation of data from the mean.             |
+| NTS_ROOT_MEAN_SQUARE   | float  |  The measure of the magnitude of payload lengths of packets.             |
+| NTS_AVERAGE_DISPERSION | float  |  The average absolute difference between each payload length of packet and the mean value.        |
+| NTS_MEAN_SCALED_TIME   | float  |  The kurtosis is the measure describing the extent to which the tails of a distribution differ from the tails of a normal distribution.   |
+| NTS_MEAN_DIFFTIMES     | float  | The scaled times is defined as sequence $\{st\} = \{ t_1 - t_1, t_2 - t_1, \dots, t_n - t_1 \}$. We compute the mean of the value with same method as for feature \textit{Mean}.     |
+| NTS_MIN_DIFFTIMES      | float  | The time differences is defined as sequence $ \{dt\} = \{ t_j - t_i \| j = i + 1, i \in \{1, 2, \dots, n - 1\}\}$. We compute the mean of the value with same method as for feature \textit{Mean}.     |
+| NTS_MAX_DIFFTIMES      | float  | Minimal value from all time differences, i.e., min space between packets.          |
+| NTS_TIME_DISTRIBUTION  | float  | Maximum value from all time differences, i.e., max space between packets.          |
+| NTS_SWITCHING_RATIO    | float  | Describes the distribution of time differences between individual packets.          |
+
 ### HTTP
 List of unirec fields exported together with basic flow fields on interface by HTTP plugin.
 
-| Output field                 | Type   | Description                 |
-|:----------------------------:|:------:|:---------------------------:|
-| HTTP_REQUEST_METHOD          | string | HTTP request method         |
-| HTTP_REQUEST_HOST            | string | HTTP request host           |
-| HTTP_REQUEST_URL             | string | HTTP request url            |
-| HTTP_REQUEST_AGENT           | string | HTTP request user agent     |
-| HTTP_REQUEST_REFERER         | string | HTTP request referer        |
-| HTTP_RESPONSE_STATUS_CODE    | uint16 | HTTP response code          |
-| HTTP_RESPONSE_CONTENT_TYPE   | string | HTTP response content type  |
+| Output field                   | Type   | Description                                                 |
+|:------------------------------:|:------:|:-----------------------------------------------------------:|
+| HTTP_REQUEST_METHOD            | string | HTTP request method                                         |
+| HTTP_REQUEST_HOST              | string | HTTP request host                                           |
+| HTTP_REQUEST_URL               | string | HTTP request url                                            |
+| HTTP_REQUEST_AGENT             | string | HTTP request user agent                                     |
+| HTTP_REQUEST_REFERER           | string | HTTP request referer                                        |
+| HTTP_RESPONSE_STATUS_CODE      | uint16 | HTTP response code                                          |
+| HTTP_RESPONSE_CONTENT_TYPE     | string | HTTP response content type                                  |
+| HTTP_RESPONSE_SERVER           | string | HTTP response server                                        |
+| HTTP_RESPONSE_SET_COOKIE_NAMES | string | HTTP response all set-cookie names separated by a delimiter |
 
 ### RTSP
 List of unirec fields exported together with basic flow fields on interface by RTSP plugin.

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.69])
-AC_INIT([ipfixprobe], [4.9.0], [[email protected]])
+AC_INIT([ipfixprobe], [4.9.2], [[email protected]])
 
 AC_CONFIG_SRCDIR([main.cpp])
 AC_CONFIG_HEADERS([config.h])

include/ipfixprobe/byte-utils.hpp

@@ -31,8 +31,9 @@
 #ifndef IPXP_BYTE_UTILS_HPP
 #define IPXP_BYTE_UTILS_HPP
 
-#include <stdint.h>
+#include <arpa/inet.h>
 #include <endian.h>
+#include <stdint.h>
 
 namespace ipxp {
 
@@ -44,21 +45,29 @@ namespace ipxp {
 #if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN
 static inline uint64_t swap_uint64(uint64_t value)
 {
-   return value;
+    return value;
 }
 #elif defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN
 static inline uint64_t swap_uint64(uint64_t value)
 {
-   value = ((value << 8) & 0xFF00FF00FF00FF00ULL ) | ((value >> 8) & 0x00FF00FF00FF00FFULL );
-   value = ((value << 16) & 0xFFFF0000FFFF0000ULL ) | ((value >> 16) & 0x0000FFFF0000FFFFULL );
-   return (value << 32) | (value >> 32);
+    value = ((value << 8) & 0xFF00FF00FF00FF00ULL) | ((value >> 8) & 0x00FF00FF00FF00FFULL);
+    value = ((value << 16) & 0xFFFF0000FFFF0000ULL) | ((value >> 16) & 0x0000FFFF0000FFFFULL);
+    return (value << 32) | (value >> 32);
 }
-# else
-#  error  "Please fix <endian.h>"
-# endif
+#else
+#error "Please fix <endian.h>"
+#endif
 
-void phton64(uint8_t *p, uint64_t v);
-uint64_t pntoh64(const void *p);
+void phton64(uint8_t* p, uint64_t v);
+uint64_t pntoh64(const void* p);
+
+/**
+ * \brief Swaps byte order of float value.
+ * @param value Value to swap
+ * @return Swapped value
+ */
+uint32_t htonf(float value);
+
+} // namespace ipxp
 
-}
 #endif /* IPXP_BYTE_UTILS_HPP */