Implement ICMP plugin

Author: BonnyAD9

process/icmp.cpp

@@ -45,6 +45,8 @@
 
 #include "icmp.hpp"
 
+#include "../input/headers.hpp"
+
 namespace ipxp {
 
 int RecordExtICMP::REGISTERED_ID = -1;
@@ -56,49 +58,27 @@ __attribute__((constructor)) static void register_this_plugin()
    RecordExtICMP::REGISTERED_ID = register_extension();
 }
 
-ICMPPlugin::ICMPPlugin()
-{
-}
-
-ICMPPlugin::~ICMPPlugin()
-{
-}
-
-void ICMPPlugin::init(const char *params)
-{
-}
-
-void ICMPPlugin::close()
-{
-}
-
 ProcessPlugin *ICMPPlugin::copy()
 {
    return new ICMPPlugin(*this);
 }
 
-int ICMPPlugin::pre_create(Packet &pkt)
-{
-   return 0;
-}
-
 int ICMPPlugin::post_create(Flow &rec, const Packet &pkt)
 {
-   return 0;
-}
+   if (pkt.ip_proto == IPPROTO_ICMP ||
+       pkt.ip_proto == IPPROTO_ICMPV6) {
+      if (pkt.payload_len < 2)
+         return 0;
 
-int ICMPPlugin::pre_update(Flow &rec, Packet &pkt)
-{
-   return 0;
-}
+      auto ext = new RecordExtICMP();
 
-int ICMPPlugin::post_update(Flow &rec, const Packet &pkt)
-{
-   return 0;
-}
+      // the type and code are the first two bytes, type on MSB and code on LSB
+      // in the network byte order
+      ext->type_code = *reinterpret_cast<const uint16_t *>(pkt.payload);
 
-void ICMPPlugin::pre_export(Flow &rec)
-{
+      rec.add_extension(ext);
+   }
+   return 0;
 }
 
 }

process/icmp.hpp

@@ -50,18 +50,19 @@
   #include "fields.h"
 #endif
 
+#include <sstream>
+
 #include <ipfixprobe/process.hpp>
 #include <ipfixprobe/flowifc.hpp>
 #include <ipfixprobe/packet.hpp>
 #include <ipfixprobe/ipfix-elements.hpp>
 
 namespace ipxp {
 
-#define ICMP_UNIREC_TEMPLATE "ICMP_TYPE,ICMP_CODE"
+#define ICMP_UNIREC_TEMPLATE "L4_ICMP_TYPE_CODE"
 
 UR_FIELDS (
-   uint8 ICMP_TYPE,
-   uint8 ICMP_CODE
+   uint16 L4_ICMP_TYPE_CODE
 )
 
 /**
@@ -70,8 +71,11 @@ UR_FIELDS (
 struct RecordExtICMP : public RecordExt {
    static int REGISTERED_ID;
 
+   uint16_t type_code;
+
    RecordExtICMP() : RecordExt(REGISTERED_ID)
    {
+      type_code = 0;
    }
 
 #ifdef WITH_NEMEA
@@ -98,6 +102,18 @@ struct RecordExtICMP : public RecordExt {
       };
       return ipfix_template;
    }
+
+   std::string get_text() const
+   {
+      // type is on the first byte, code is on the second byte
+      auto *type_code = reinterpret_cast<const uint8_t *>(&this->type_code);
+
+      std::ostringstream out;
+      out << "type=\"" << (int)type_code[0] << '"'
+         << ",code=\"" << (int)type_code[1] << '"';
+
+      return out.str();
+   }
 };
 
 /**
@@ -106,20 +122,12 @@ struct RecordExtICMP : public RecordExt {
 class ICMPPlugin : public ProcessPlugin
 {
 public:
-   ICMPPlugin();
-   ~ICMPPlugin();
-   void init(const char *params);
-   void close();
    OptionsParser *get_parser() const { return new OptionsParser("icmp", "Parse ICMP traffic"); }
    std::string get_name() const { return "icmp"; }
    RecordExt *get_ext() const { return new RecordExtICMP(); }
    ProcessPlugin *copy();
 
-   int pre_create(Packet &pkt);
    int post_create(Flow &rec, const Packet &pkt);
-   int pre_update(Flow &rec, Packet &pkt);
-   int post_update(Flow &rec, const Packet &pkt);
-   void pre_export(Flow &rec);
 };
 
 }