ipfixprobe - introduce process OSQUERY plugin

Author: Pavel Siska

src/plugins/process/CMakeLists.txt

@@ -6,3 +6,4 @@ add_subdirectory(ntp)
 add_subdirectory(nettisa)
 add_subdirectory(vlan)
 add_subdirectory(flowHash)
+add_subdirectory(osquery)

src/plugins/process/osquery/CMakeLists.txt

@@ -0,0 +1,19 @@
+project(ipfixprobe-process-osquery VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-osquery plugin")
+
+add_library(ipfixprobe-process-osquery MODULE
+    src/osquery.cpp
+    src/osquery.hpp
+)
+
+set_target_properties(ipfixprobe-process-osquery PROPERTIES
+    CXX_VISIBILITY_PRESET hidden
+	VISIBILITY_INLINES_HIDDEN YES
+)
+
+target_include_directories(ipfixprobe-process-osquery PRIVATE
+	${CMAKE_SOURCE_DIR}/include/
+)
+
+install(TARGETS ipfixprobe-process-osquery
+    LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/"
+)

src/plugins/process/osquery/README.md

@@ -1,30 +1,13 @@
 /**
- * \file osqueryplugin.cpp
- * \brief Plugin for parsing osquery traffic.
- * \author Anton Aheyeu [email protected]
- * \date 2021
- */
-
-/*
- * Copyright (C) 2021 CESNET
- *
- * LICENSE TERMS
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- * 3. Neither the name of the Company nor the names of its contributors
- *    may be used to endorse or promote products derived from this
- *    software without specific prior written permission.
- *
+ * @file
+ * @brief Plugin for parsing osquery traffic.
+ * @author Anton Aheyeu [email protected]
+ * @author Pavel Siska <[email protected]>
+ * @date 2025
  *
+ * Copyright (c) 2025 CESNET
  *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
 #include "osquery.hpp"
@@ -35,23 +18,28 @@
 #include <iostream>
 #include <sstream>
 
+#include <ipfixprobe/pluginFactory/pluginManifest.hpp>
+#include <ipfixprobe/pluginFactory/pluginRegistrar.hpp>
+
 #define HEX(x) std::setw(2) << std::setfill('0') << std::hex << (int) (x)
 
 namespace ipxp {
 
-int RecordExtOSQUERY::REGISTERED_ID = -1;
+int RecordExtOSQUERY::REGISTERED_ID = ProcessPluginIDGenerator::instance().generatePluginID();
 
-__attribute__((constructor)) static void register_this_plugin()
-{
-	static PluginRecord rec = PluginRecord("osquery", []() { return new OSQUERYPlugin(); });
-	register_plugin(&rec);
-	RecordExtOSQUERY::REGISTERED_ID = register_extension();
-}
+static const PluginManifest osqueryPluginManifest = {
+	.name = "osquery",
+	.description = "Osquery process plugin for parsing osquery traffic.",
+	.pluginVersion = "1.0.0",
+	.apiVersion = "1.0.0",
+	.usage = nullptr,
+};
 
-OSQUERYPlugin::OSQUERYPlugin()
+OSQUERYPlugin::OSQUERYPlugin(const std::string& params)
 	: manager(nullptr)
 	, numberOfSuccessfullyRequests(0)
 {
+	init(params.c_str());
 }
 
 OSQUERYPlugin::OSQUERYPlugin(const OSQUERYPlugin& p)
@@ -647,4 +635,7 @@ int OsqueryRequestManager::getPositionForParseJson()
 	return -1;
 }
 
+static const PluginRegistrar<OSQUERYPlugin, ProcessPluginFactory>
+	osqueryRegistrar(osqueryPluginManifest);
+
 } // namespace ipxp

src/plugins/process/osquery.cpp …/plugins/process/osquery/src/osquery.cppsrc/plugins/process/osquery.cpp renamed to src/plugins/process/osquery/src/osquery.cpp src/plugins/process/osquery.cpp renamed to src/plugins/process/osquery/src/osquery.cpp

@@ -1,35 +1,18 @@
 /**
- * \file osqueryplugin.hpp
- * \brief Plugin for parsing osquery traffic.
- * \author Anton Aheyeu [email protected]
- * \date 2021
- */
-
-/*
- * Copyright (C) 2021 CESNET
- *
- * LICENSE TERMS
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- * 3. Neither the name of the Company nor the names of its contributors
- *    may be used to endorse or promote products derived from this
- *    software without specific prior written permission.
- *
+ * @file
+ * @brief Plugin for parsing osquery traffic.
+ * @author Anton Aheyeu [email protected]
+ * @author Pavel Siska <[email protected]>
+ * @date 2025
  *
+ * Copyright (c) 2025 CESNET
  *
+ * SPDX-License-Identifier: BSD-3-Clause
  */
 
-#ifndef IPXP_PROCESS_OSQUERY_HPP
-#define IPXP_PROCESS_OSQUERY_HPP
+#pragma once
 
+#include <cstring>
 #include <sstream>
 #include <string>
 
@@ -44,7 +27,7 @@
 #include <ipfixprobe/flowifc.hpp>
 #include <ipfixprobe/ipfix-elements.hpp>
 #include <ipfixprobe/packet.hpp>
-#include <ipfixprobe/process.hpp>
+#include <ipfixprobe/processPlugin.hpp>
 
 #define DEFAULT_FILL_TEXT "UNDEFINED"
 
@@ -529,7 +512,7 @@ struct OsqueryRequestManager {
  */
 class OSQUERYPlugin : public ProcessPlugin {
 public:
-	OSQUERYPlugin();
+	OSQUERYPlugin(const std::string& params);
 	~OSQUERYPlugin();
 	OSQUERYPlugin(const OSQUERYPlugin& p);
 	void init(const char* params);
@@ -553,4 +536,3 @@ class OSQUERYPlugin : public ProcessPlugin {
 };
 
 } // namespace ipxp
-#endif /* IPXP_PROCESS_OSQUERY_HPP */