Merge pull request #74 from CESNET/fix_variable_len_ipfix_fields

SiskaPavel · web-flow · commit a622a76f2772 · 2022-03-11T09:26:55.000+01:00
Added new function for variable-length IE IPFIX export
diff --git a/include/ipfixprobe/utils.hpp b/include/ipfixprobe/utils.hpp
@@ -58,6 +58,7 @@ namespace ipxp {
 void parse_range(const std::string &arg, std::string &from, std::string &to, const std::string &delim = "-");
 bool str2bool(std::string str);
 void trim_str(std::string &str);
+uint32_t variable2ipfix_buffer(uint8_t* buffer2write, uint8_t* buffer2read, uint16_t len);
 
 template<typename T> constexpr
 T const& max(const T &a, const T &b) {
diff --git a/process/http.hpp b/process/http.hpp
@@ -59,6 +59,7 @@
 #include <ipfixprobe/flowifc.hpp>
 #include <ipfixprobe/packet.hpp>
 #include <ipfixprobe/ipfix-elements.hpp>
+#include <ipfixprobe/utils.hpp>
 
 namespace ipxp {
 
@@ -132,56 +133,45 @@ struct RecordExtHTTP : public RecordExt {
 
    virtual int fill_ipfix(uint8_t *buffer, int size)
    {
-      int length, total_length = 0;
+      uint16_t length = 0;
+      uint32_t total_length = 0;
 
       length = strlen(user_agent);
-      if (length + 1 > size) {
+      if (uint32_t (length + 1) > (uint32_t) size) {
          return -1;
       }
-      buffer[0] = length;
-      memcpy(buffer + 1, user_agent, length);
-      total_length = length + 1;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) user_agent, length);
 
       length = strlen(method);
-      if (total_length + length + 1 > size) {
+      if (total_length + length + 3 > (uint32_t)size) {
          return -1;
       }
-      buffer[total_length] = length;
-      memcpy(buffer + total_length + 1, method, length);
-      total_length += length + 1;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) method, length);
 
       length = strlen(host);
-      if (total_length + length + 1 > size) {
+      if (total_length + length + 3 > (uint32_t)size) {
          return -1;
       }
-      buffer[total_length] = length;
-      memcpy(buffer + total_length + 1, host, length);
-      total_length += length + 1;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) host, length);
 
       length = strlen(referer);
-      if (total_length + length + 1 > size) {
+      if (total_length + length + 3 > (uint32_t)size) {
          return -1;
       }
-      buffer[total_length] = length;
-      memcpy(buffer + total_length + 1, referer, length);
-      total_length += length + 1;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) referer, length);
 
       length = strlen(uri);
-      if (total_length + length + 4 > size) {
+      if (total_length + length + 4 > (uint32_t)size) {
          return -1;
       }
-      buffer[total_length] = length;
-      memcpy(buffer + total_length + 1, uri, length);
-      total_length += length + 1;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) uri, length);
 
       length = strlen(content_type);
-      if (total_length + length + 3 > size) {
+      if (total_length + length + 3 > (uint32_t)size) {
          return -1;
       }
-      buffer[total_length] = length;
+      total_length += variable2ipfix_buffer(buffer + total_length, (uint8_t*) content_type, length);
 
-      memcpy(buffer + total_length + 1, content_type, length);
-      total_length += length + 1;
       *(uint16_t *) (buffer + total_length) = ntohs(code);
       total_length += 2;
 
diff --git a/process/tls.hpp b/process/tls.hpp
@@ -2,7 +2,8 @@
  * \file tls.hpp
  * \brief Plugin for parsing https traffic.
  * \author Jiri Havranek <havranek@cesnet.cz>
- * \date 2018
+ * \author Karel Hynek <Karel.Hynek@cesnet.cz>
+ * \date 2021
  */
 /*
  * Copyright (C) 2018 CESNET
@@ -47,6 +48,7 @@
 #include <string>
 #include <cstring>
 #include <arpa/inet.h>
+
 #include <sstream>
 #include <iomanip>
 
@@ -58,6 +60,7 @@
 #include <ipfixprobe/flowifc.hpp>
 #include <ipfixprobe/packet.hpp>
 #include <ipfixprobe/ipfix-elements.hpp>
+#include <ipfixprobe/utils.hpp>
 
 namespace ipxp {
 
@@ -109,24 +112,20 @@ struct RecordExtTLS : public RecordExt {
 
    virtual int fill_ipfix(uint8_t *buffer, int size)
    {
-      int sni_len = strlen(sni);
-      int alpn_len = strlen(alpn);
-      int pos = 0;
+      uint16_t sni_len = strlen(sni);
+      uint16_t alpn_len = strlen(alpn);
 
-      if (sni_len + alpn_len + 2 + 16 + 3 > size) {
+      uint32_t pos = 0;
+      uint32_t req_buff_len = (sni_len + 3) + (alpn_len + 3) + (2) + (16 + 3); // (SNI) + (ALPN) + (VERSION) + (JA3)
+      if (req_buff_len > size) {
          return -1;
       }
 
       *(uint16_t *) buffer = ntohs(version);
       pos += 2;
 
-      buffer[pos++] = sni_len;
-      memcpy(buffer + pos, sni, sni_len);
-      pos += sni_len;
-
-      buffer[pos++] = alpn_len;
-      memcpy(buffer + pos, alpn, alpn_len);
-      pos += alpn_len;
+      pos += variable2ipfix_buffer(buffer + pos, (uint8_t*) sni, sni_len);
+      pos += variable2ipfix_buffer(buffer + pos, (uint8_t*) alpn, alpn_len);
 
       buffer[pos++] = 16;
       memcpy(buffer + pos, ja3_hash_bin, 16);
diff --git a/utils.cpp b/utils.cpp
@@ -2,6 +2,7 @@
  * \file utils.cpp
  * \brief Utility functions source
  * \author Jiri Havranek <havranek@cesnet.cz>
+ * \author Karel Hynek <Karel.Hynek@cesnet.cz>
  * \date 2021
  */
 /*
@@ -43,6 +44,8 @@
 
 #include <string>
 #include <utility>
+#include <cstring>
+#include <arpa/inet.h>
 
 #include <ipfixprobe/utils.hpp>
 
@@ -105,4 +108,19 @@ uint64_t pntoh64(const void *p)
    return buffer;
 }
 
+
+uint32_t variable2ipfix_buffer(uint8_t* buffer2write, uint8_t* buffer2read, uint16_t len)
+{
+   uint32_t ptr = 0;
+   if (len >= 255) {
+      buffer2write[ptr++] = 255;
+      *(uint16_t *)(buffer2write + ptr) = ntohs(len);
+      ptr += sizeof(uint16_t);
+   } else {
+      buffer2write[ptr++] = len;
+   }
+   std::memcpy(buffer2write + ptr, buffer2read, len);
+   return ptr + len;
+}
+
 }
