generate empty icmp plugin

Author: BonnyAD9

Makefile.am

@@ -126,14 +126,16 @@ ipfixprobe_process_src=\
 		process/md5.cpp \
 		process/common.hpp \
 		process/ssadetector.hpp \
-		process/ssadetector.cpp
+		process/ssadetector.cpp \
+		process/icmp.hpp \
+		process/icmp.cpp
 
 if WITH_QUIC
 ipfixprobe_process_src+=\
 		process/quic.hpp \
 		process/quic.cpp \
 		process/quic_parser.cpp \
-		process/quic_parser.hpp 
+		process/quic_parser.hpp
 
 endif
 

include/ipfixprobe/ipfix-elements.hpp

@@ -502,6 +502,9 @@ namespace ipxp {
    F(OSQUERY_KERNEL_VERSION) \
    F(OSQUERY_SYSTEM_HOSTNAME)
 
+#define IPFIX_ICMP_TEMPLATE(F) \
+   F(L4_ICMP_TYPE_CODE)
+
 #ifdef WITH_FLEXPROBE
 #define IPFIX_FLEXPROBE_DATA_TEMPLATE(F) F(FX_FRAME_SIGNATURE) F(FX_INPUT_INTERFACE)
 #define IPFIX_FLEXPROBE_TCP_TEMPLATE(F) F(FX_TCP_TRACKING)
@@ -544,7 +547,8 @@ namespace ipxp {
    IPFIX_FLEXPROBE_DATA_TEMPLATE(F) \
    IPFIX_FLEXPROBE_TCP_TEMPLATE(F) \
    IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) \
-   IPFIX_SSADETECTOR_TEMPLATE(F)
+   IPFIX_SSADETECTOR_TEMPLATE(F) \
+   IPFIX_ICMP_TEMPLATE(F)
 
 /**
  * Helper macro, convert FIELD into its name as a C literal.

process/icmp.cpp

@@ -0,0 +1,105 @@
+/**
+ * \file icmp.cpp
+ * \brief Plugin for parsing icmp traffic.
+ * \author Jakub Antonín Štigler xstigl00@[email protected]
+ * \date 2023
+ */
+/*
+ * Copyright (C) 2023 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#include <iostream>
+
+#include "icmp.hpp"
+
+namespace ipxp {
+
+int RecordExtICMP::REGISTERED_ID = -1;
+
+__attribute__((constructor)) static void register_this_plugin()
+{
+   static PluginRecord rec = PluginRecord("icmp", [](){return new ICMPPlugin();});
+   register_plugin(&rec);
+   RecordExtICMP::REGISTERED_ID = register_extension();
+}
+
+ICMPPlugin::ICMPPlugin()
+{
+}
+
+ICMPPlugin::~ICMPPlugin()
+{
+}
+
+void ICMPPlugin::init(const char *params)
+{
+}
+
+void ICMPPlugin::close()
+{
+}
+
+ProcessPlugin *ICMPPlugin::copy()
+{
+   return new ICMPPlugin(*this);
+}
+
+int ICMPPlugin::pre_create(Packet &pkt)
+{
+   return 0;
+}
+
+int ICMPPlugin::post_create(Flow &rec, const Packet &pkt)
+{
+   return 0;
+}
+
+int ICMPPlugin::pre_update(Flow &rec, Packet &pkt)
+{
+   return 0;
+}
+
+int ICMPPlugin::post_update(Flow &rec, const Packet &pkt)
+{
+   return 0;
+}
+
+void ICMPPlugin::pre_export(Flow &rec)
+{
+}
+
+}
+

process/icmp.hpp

@@ -0,0 +1,127 @@
+/**
+ * \file icmp.hpp
+ * \brief Plugin for parsing icmp traffic.
+ * \author Jakub Antonín Štigler xstigl00@[email protected]
+ * \date 2023
+ */
+/*
+ * Copyright (C) 2023 CESNET
+ *
+ * LICENSE TERMS
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#ifndef IPXP_PROCESS_ICMP_HPP
+#define IPXP_PROCESS_ICMP_HPP
+
+#include <cstring>
+
+#ifdef WITH_NEMEA
+  #include "fields.h"
+#endif
+
+#include <ipfixprobe/process.hpp>
+#include <ipfixprobe/flowifc.hpp>
+#include <ipfixprobe/packet.hpp>
+#include <ipfixprobe/ipfix-elements.hpp>
+
+namespace ipxp {
+
+#define ICMP_UNIREC_TEMPLATE "ICMP_TYPE,ICMP_CODE"
+
+UR_FIELDS (
+   uint8 ICMP_TYPE,
+   uint8 ICMP_CODE
+)
+
+/**
+ * \brief Flow record extension header for storing parsed ICMP data.
+ */
+struct RecordExtICMP : public RecordExt {
+   static int REGISTERED_ID;
+
+   RecordExtICMP() : RecordExt(REGISTERED_ID)
+   {
+   }
+
+#ifdef WITH_NEMEA
+   virtual void fill_unirec(ur_template_t *tmplt, void *record)
+   {
+   }
+
+   const char *get_unirec_tmplt() const
+   {
+      return ICMP_UNIREC_TEMPLATE;
+   }
+#endif
+
+   virtual int fill_ipfix(uint8_t *buffer, int size)
+   {
+      return 0;
+   }
+
+   const char **get_ipfix_tmplt() const
+   {
+      static const char *ipfix_template[] = {
+         IPFIX_ICMP_TEMPLATE(IPFIX_FIELD_NAMES)
+         NULL
+      };
+      return ipfix_template;
+   }
+};
+
+/**
+ * \brief Process plugin for parsing ICMP packets.
+ */
+class ICMPPlugin : public ProcessPlugin
+{
+public:
+   ICMPPlugin();
+   ~ICMPPlugin();
+   void init(const char *params);
+   void close();
+   OptionsParser *get_parser() const { return new OptionsParser("icmp", "Parse ICMP traffic"); }
+   std::string get_name() const { return "icmp"; }
+   RecordExt *get_ext() const { return new RecordExtICMP(); }
+   ProcessPlugin *copy();
+
+   int pre_create(Packet &pkt);
+   int post_create(Flow &rec, const Packet &pkt);
+   int pre_update(Flow &rec, Packet &pkt);
+   int post_update(Flow &rec, const Packet &pkt);
+   void pre_export(Flow &rec);
+};
+
+}
+#endif /* IPXP_PROCESS_ICMP_HPP */
+