++

Author: Zadamsa

include/ipfixprobe/flowifc.hpp

@@ -48,7 +48,7 @@
 
 #include <string>
 
-#include <arpa/inet.h>
+//#include <arpa/inet.h>
 
 namespace ipxp {
 

include/ipfixprobe/packet.hpp

@@ -51,9 +51,6 @@ struct Packet : public Record {
 	uint16_t ethertype;
 
 	uint16_t ip_len; /**< Length of IP header + its payload */
-		uint16_t tcp_window;
-	uint64_t tcp_options;
-	uint32_t tcp_mss;
 	uint16_t ip_payload_len; /**< Length of IP payload */
 	uint8_t ip_version;
 	uint8_t ip_ttl;

include/ipfixprobe/parser-stats.hpp

@@ -32,6 +32,8 @@
 #include <ipfixprobe/packet.hpp>
 #include <telemetry.hpp>
 
+#include "ipProtocol.hpp"
+
 namespace ipxp {
 
 static constexpr std::size_t MAX_VLAN_ID = 4096;
@@ -132,9 +134,9 @@ struct VlanStats {
 			ipv6_bytes += pkt.packet_len;
 		}
 
-		if (pkt.ip_proto == IPPROTO_TCP) {
+		if (pkt.ip_proto == IPProtocol::TCP) {
 			tcp_packets++;
-		} else if (pkt.ip_proto == IPPROTO_UDP) {
+		} else if (pkt.ip_proto == IPProtocol::UDP) {
 			udp_packets++;
 		}
 

src/plugins/process/basicPlus/CMakeLists.txt

@@ -0,0 +1,31 @@
+project(ipfixprobe-process-basicplus VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-basicplus plugin")
+
+add_library(ipfixprobe-process-basicplus MODULE
+	src/basicplus.cpp
+	src/basicplus.hpp
+)
+
+set_target_properties(ipfixprobe-process-basicplus PROPERTIES
+	CXX_VISIBILITY_PRESET hidden
+	VISIBILITY_INLINES_HIDDEN YES
+)
+
+target_link_libraries(ipfixprobe-process-basicplus PRIVATE
+	ipfixprobe-output-ipfix
+)
+
+target_include_directories(ipfixprobe-process-basicplus PRIVATE
+	${CMAKE_SOURCE_DIR}/include/
+)
+
+if(ENABLE_NEMEA)
+	target_link_libraries(ipfixprobe-process-basicplus PRIVATE
+		-Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive
+		unirec::unirec
+		trap::trap
+	)
+endif()
+
+install(TARGETS ipfixprobe-process-basicplus
+	LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/"
+)

src/plugins/process/basicPlus/README.md

@@ -0,0 +1,200 @@
+/**
+ * @file
+ * @brief Plugin for parsing basicplus traffic.
+ * @author Jiri Havranek <[email protected]>
+ * @author Pavel Siska <[email protected]>
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * Provides a plugin that extracts basic IP and TCP fields from packets,
+ * stores them in per-flow plugin data, and exposes fields via FieldManager.
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
+#include "basicPlus.hpp"
+
+#include <iostream>
+
+#include <pluginManifest.hpp>
+#include <pluginRegistrar.hpp>
+#include <pluginFactory.hpp>
+#include <fieldSchema.hpp>
+#include <fieldManager.hpp>
+#include <tcpData.hpp>
+
+namespace ipxp {
+
+static const PluginManifest basicPlusPluginManifest = {
+	.name = "basicplus",
+	.description = "Basicplus process plugin for parsing basicplus traffic.",
+	.pluginVersion = "1.0.0",
+	.apiVersion = "1.0.0",
+	.usage =
+		[]() {
+			/*OptionsParser parser(
+				"basicplus",
+				"Extend basic fields with TTL, TCP window, options, MSS and SYN size");
+			parser.usage(std::cout);*/
+		},
+};
+
+
+static FieldSchema createBasicPlusSchema(FieldManager& fieldManager, FieldHandlers<BasicPlusFields>& handlers)
+{
+	FieldSchema schema = fieldManager.createFieldSchema("basicplus");
+
+	auto [ipTTLField, ipTTLRevField] = schema.addScalarDirectionalFields(
+    "IP_TTL", "IP_TTL_REV",
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->ipTTL[Direction::Forward]; },
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->ipTTL[Direction::Reverse]; }
+	);
+	handlers.insert(BasicPlusFields::IP_TTL, ipTTLField);
+	handlers.insert(BasicPlusFields::IP_TTL_REV, ipTTLRevField);
+
+	auto [ipFlagField, ipFlagRevField] = schema.addScalarDirectionalFields(
+    "IP_FLG", "IP_FLG_REV",
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->ipFlag[Direction::Forward]; },
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->ipFlag[Direction::Reverse]; }
+	);
+	handlers.insert(BasicPlusFields::IP_FLG, ipFlagField);
+	handlers.insert(BasicPlusFields::IP_FLG_REV, ipFlagRevField);
+
+	auto [tcpWinField, tcpWinRevField] = schema.addScalarDirectionalFields(
+    "TCP_WIN", "TCP_WIN_REV",
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpWindow[Direction::Forward]; },
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpWindow[Direction::Reverse]; }
+	);
+	handlers.insert(BasicPlusFields::TCP_WIN, tcpWinField);
+	handlers.insert(BasicPlusFields::TCP_WIN_REV, tcpWinRevField);
+
+	auto [tcpOptField, tcpOptRevField] = schema.addScalarDirectionalFields(
+    "TCP_OPT", "TCP_OPT_REV",
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpOption[Direction::Forward]; },
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpOption[Direction::Reverse]; }
+	);
+	handlers.insert(BasicPlusFields::TCP_OPT, tcpOptField);
+	handlers.insert(BasicPlusFields::TCP_OPT_REV, tcpOptRevField);
+
+	auto [tcpMSSField, tcpMSSRevField] = schema.addScalarDirectionalFields(
+    "TCP_MSS", "TCP_MSS_REV",
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpMSS[Direction::Forward]; },
+		[](const void* context) { return reinterpret_cast<const BasicPlusData*>(context)->tcpMSS[Direction::Reverse]; }
+	);
+	handlers.insert(BasicPlusFields::TCP_MSS, tcpMSSField);
+	handlers.insert(BasicPlusFields::TCP_MSS_REV, tcpMSSRevField);
+
+	handlers.insert(BasicPlusFields::TCP_SYN_SIZE, schema.addScalarField("TCP_SYN_SIZE", [](const void* context) {
+		return static_cast<const BasicPlusData*>(context)->tcpSynSize;
+	}));
+
+	return schema;
+}
+
+BasicPlusPlugin::BasicPlusPlugin([[maybe_unused]]const std::string& params, FieldManager& fieldManager)
+{
+	createBasicPlusSchema(fieldManager, m_fieldHandlers);
+}
+
+PluginInitResult BasicPlusPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
+{
+	auto* pluginData = std::construct_at(reinterpret_cast<BasicPlusData*>(pluginContext));
+
+	pluginData->ipTTL[Direction::Forward] = flowContext.packet.ip_ttl;
+	m_fieldHandlers[BasicPlusFields::IP_TTL].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->ipFlag[Direction::Forward] = flowContext.packet.ip_flags;
+	m_fieldHandlers[BasicPlusFields::IP_FLG].setAsAvailable(flowContext.flowRecord);
+
+	constexpr std::size_t TCP = 6;
+	if (flowContext.packet.ip_proto != TCP) {
+		return {
+			.constructionState = ConstructionState::Constructed,
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
+
+	pluginData->tcpWindow[Direction::Forward] = flowContext.packet.tcp_window;
+	m_fieldHandlers[BasicPlusFields::TCP_WIN].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->tcpOption[Direction::Forward] = flowContext.packet.tcp_options;
+	m_fieldHandlers[BasicPlusFields::TCP_OPT].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->tcpMSS[Direction::Forward] = flowContext.packet.tcp_mss;
+	m_fieldHandlers[BasicPlusFields::TCP_MSS].setAsAvailable(flowContext.flowRecord);
+
+	if (TCPFlags(flowContext.packet.tcp_flags).bitfields.synchronize) { // check if SYN packet
+		pluginData->tcpSynSize = flowContext.packet.ip_len;
+		m_fieldHandlers[BasicPlusFields::TCP_SYN_SIZE].setAsAvailable(flowContext.flowRecord);
+	}
+
+	return {
+		.constructionState = ConstructionState::Constructed,
+		.updateRequirement = UpdateRequirement::RequiresUpdate,
+		.flowAction = FlowAction::NoAction,
+	};
+}
+
+PluginUpdateResult BasicPlusPlugin::onUpdate(const FlowContext& flowContext, void* pluginContext)
+{
+	auto* pluginData = reinterpret_cast<BasicPlusData*>(pluginContext);
+	
+	pluginData->ipTTL[flowContext.packet.source_pkt] 
+		= std::min(pluginData->ipTTL[flowContext.packet.source_pkt], flowContext.packet.ip_ttl);
+
+	constexpr std::size_t TCP = 6;
+	if (flowContext.packet.ip_proto != TCP) {
+		return {
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
+
+	pluginData->tcpOption[flowContext.packet.source_pkt] |= flowContext.packet.tcp_options;
+
+	if (flowContext.packet.source_pkt == Direction::Forward) {
+		return {
+			.updateRequirement = UpdateRequirement::RequiresUpdate,
+			.flowAction = FlowAction::NoAction,
+		};
+	}
+
+	pluginData->ipTTL[Direction::Reverse] = flowContext.packet.ip_ttl;
+	m_fieldHandlers[BasicPlusFields::IP_TTL_REV].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->ipFlag[Direction::Reverse] = flowContext.packet.ip_flags;
+	m_fieldHandlers[BasicPlusFields::IP_FLG_REV].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->tcpWindow[Direction::Reverse] = flowContext.packet.tcp_window;
+	m_fieldHandlers[BasicPlusFields::TCP_WIN_REV].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->tcpOption[Direction::Reverse] = flowContext.packet.tcp_options;
+	m_fieldHandlers[BasicPlusFields::TCP_OPT_REV].setAsAvailable(flowContext.flowRecord);
+
+	pluginData->tcpMSS[Direction::Reverse] = flowContext.packet.tcp_mss;
+	m_fieldHandlers[BasicPlusFields::TCP_MSS_REV].setAsAvailable(flowContext.flowRecord);
+
+	return {
+		.updateRequirement = UpdateRequirement::NoUpdateNeeded,
+		.flowAction = FlowAction::NoAction,
+	};
+}
+
+void BasicPlusPlugin::onDestroy(void* pluginContext) 
+{
+	std::destroy_at(reinterpret_cast<BasicPlusData*>(pluginContext));
+}
+
+PluginDataMemoryLayout BasicPlusPlugin::getDataMemoryLayout() const noexcept
+{
+	return {
+		.size = sizeof(BasicPlusData),
+		.alignment = alignof(BasicPlusData),
+	};
+}
+
+static const PluginRegistrar<BasicPlusPlugin, PluginFactory<ProcessPlugin, const std::string&, FieldManager&>>
+	basicPlusRegistrar(basicPlusPluginManifest);
+
+} // namespace ipxp

src/plugins/process/basicPlus/src/basicPlus.cpp

@@ -0,0 +1,84 @@
+/**
+ * @file
+ * @brief Plugin for parsing basicplus traffic.
+ * @author Jiri Havranek <[email protected]>
+ * @author Pavel Siska <[email protected]>
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * Provides a plugin that extracts basic IP and TCP fields from packets,
+ * stores them in per-flow plugin data, and exposes fields via FieldManager.
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
+#pragma once
+
+#include <sstream>
+#include <string>
+
+#include <processPlugin.hpp>
+#include <fieldManager.hpp>
+#include <fieldHandlersEnum.hpp>
+
+#include "basicPlusData.hpp"
+#include "basicPlusFields.hpp"
+
+namespace ipxp {
+
+/**
+ * @class BasicPlusPlugin
+ * @brief A plugin for collecting basic statistics about the flow: IP TTL, flags, TCP window, options, MSS and SYN length.
+ */
+class BasicPlusPlugin : public ProcessPlugin {
+public:
+	/**
+	 * @brief Constructs the BasicPlus plugin.
+	 *
+	 * @param parameters Plugin parameters as a string (currently unused).
+	 * @param fieldManager Reference to the FieldManager for field registration.
+	 */
+	BasicPlusPlugin(const std::string& params, FieldManager& manager);
+
+	/**
+	 * @brief Initializes plugin data for a new flow.
+	 *
+	 * Constructs `BasicPlusData` in `pluginContext` and initializes it with
+	 * the first packet's IP TTL and flags. If flow is TCP also adds MSS, options
+	 * and window. If TCP SYN packet, also adds SYN length.
+	 *
+	 * @param flowContext Contextual information about the flow to fill new record.
+	 * @param pluginContext Pointer to pre-allocated memory to create record.
+	 * @return Result of the initialization process.
+	 */
+	PluginInitResult onInit(const FlowContext& flowContext, void* pluginContext) override;
+
+	/**
+	 * @brief Updates plugin data with values from new packet.
+	 *
+	 * Updates `BasicPlusData` to obtain minimum IP TTL and TCP options cumulative
+	 * from `pluginContext`. Also updates same fields as `onInit` from reverse direction.
+	 *
+	 * @param flowContext Contextual information about the flow to be updated.
+	 * @param pluginContext Pointer to `BasicPlusData`.
+	 * @return Result of the update, may not require new packets if both directions are observed.
+	 */
+	PluginUpdateResult onUpdate(const FlowContext& flowContext, void* pluginContext) override;
+
+	/**
+	 * @brief Cleans up and destroys `BasicPlusData`.
+	 * @param pluginContext Pointer to `BasicPlusData`.
+	 */
+	void onDestroy(void* pluginContext) override;
+
+	/**
+	 * @brief Provides the memory layout of `BasicPlusData`.
+	 * @return Memory layout description for the plugin data.
+	 */
+	PluginDataMemoryLayout getDataMemoryLayout() const noexcept override;
+
+private:
+	FieldHandlers<BasicPlusFields> m_fieldHandlers;
+};
+
+} // namespace ipxp

src/plugins/process/basicPlus/src/basicPlus.hpp

@@ -0,0 +1,34 @@
+/**
+ * @file
+ * @brief Export data of basicplus plugin.
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
+#pragma once
+
+#include <directionalField.hpp>
+
+namespace ipxp
+{
+
+/**
+ * @struct BasicPlusExport
+ * @brief Structure representing extended basic flow export fields.
+ *
+ * Contains directional fields for various IP and TCP header values, as well as
+ * additional TCP-specific metrics.
+ */
+struct BasicPlusData {
+	DirectionalField<uint8_t> ipTTL;        ///< Directional IP Time-To-Live value
+	DirectionalField<uint8_t> ipFlag;       ///< Directional IP flag value
+	DirectionalField<uint16_t> tcpWindow;   ///< Directional TCP window size
+	DirectionalField<uint64_t> tcpOption;   ///< Directional TCP option value
+	DirectionalField<uint32_t> tcpMSS;      ///< Directional TCP Maximum Segment Size
+	uint16_t tcpSynSize{0};                 ///< Size of TCP SYN packet
+};  
+
+} // namespace ipxp
+