++

Author: Zadamsa

new-process-api/flowRecord.hpp

@@ -50,8 +50,8 @@ class FlowRecord {
 public:
 	uint64_t hash;
 
-	uint64_t timeCreation;
-	uint64_t timeLastUpdate;
+	Timestamp timeCreation;
+	Timestamp timeLastUpdate;
 
 	FlowKey flowKey;
 

new-process-api/ipAddress.hpp

@@ -9,6 +9,8 @@
 #include <algorithm>
 #include <format>
 
+#include <ipfixprobe/ipaddr.hpp>
+
 namespace ipxp {
 
 union IPAddress {
@@ -35,6 +37,11 @@ union IPAddress {
 			ipv6.begin(), ipv6.end(), reinterpret_cast<std::byte*>(u8.data()));
 	}
 
+	constexpr IPAddress(const ipaddr_t address) noexcept
+	{
+		// TODO
+	}
+
 	constexpr bool isIPv4() const noexcept
 	{
 		return u32[1] == 0 && 

new-process-api/process/basicPlus/src/basicPlus.o

@@ -21,12 +21,12 @@ namespace ipxp
  * @brief Structure representing one packet burst. Contains packets, bytes which belong to that burst with begin and end timestamps.
  */
 struct Burst {
-    constexpr static uint64_t MAX_INTERPACKET_TIMEDIFF = 1'000'000;
+    constexpr static timeval MAX_INTERPACKET_TIMEDIFF = {1, 0}; ///< Maximum time difference between packets in one burst (1 second).
 
     std::reference_wrapper<uint32_t> packets;
 	std::reference_wrapper<uint32_t> bytes;
-	std::reference_wrapper<uint64_t> start;
-	std::reference_wrapper<uint64_t> end;
+	std::reference_wrapper<Timestamp> start;
+	std::reference_wrapper<Timestamp> end;
 
     /**
 	 * @brief Checks if the given timestamp belongs to the burst.
@@ -35,11 +35,10 @@ struct Burst {
      * @return true if the timestamp belongs to the burst, false otherwise.
 	 */
     constexpr
-    bool belongs(const uint64_t time) const noexcept 
+    bool belongs(const timeval time) const noexcept 
     {
-        return time - end < MAX_INTERPACKET_TIMEDIFF;
+        return Timestamp(time) - end < MAX_INTERPACKET_TIMEDIFF;
     }
 };
 
-
 } // namespace ipxp

new-process-api/process/bstats/src/burst.hpp

@@ -101,20 +101,20 @@ void BurstStatsPlugin::updateBursts(Burst& burst, FlowRecord& flowRecord,
 	const Packet& packet) noexcept
 {
 	burst.packets++;
-	burst.bytes += packet.realLength;	
-	burst.end.get() = packet.timestamp;
+	burst.bytes += packet.ip_payload_len;	
+	burst.end.get() = packet.ts;
 	if (burst.packets == 1) {
-		burst.start.get() = packet.timestamp;
+		burst.start.get() = packet.ts;
 	}
 }
 
 PluginUpdateResult BurstStatsPlugin::onUpdate(const FlowContext& flowContext, void* pluginContext)
 {
 	auto* pluginData = reinterpret_cast<BurstStatsData*>(pluginContext);
 
-	std::optional<Burst> burst = pluginData->back(flowContext.packet.direction);
-	if (!burst.has_value() || !burst->belongs(flowContext.packet.timestamp)) {
-		burst = pluginData->push(flowContext.packet.direction);
+	std::optional<Burst> burst = pluginData->back(flowContext.packet.source_pkt);
+	if (!burst.has_value() || !burst->belongs(flowContext.packet.ts)) {
+		burst = pluginData->push(flowContext.packet.source_pkt);
 	}
 	if (!burst.has_value()) {
 		return {

new-process-api/process/bstats/src/burstStats.cpp

@@ -14,6 +14,8 @@
 #include <optional>
 #include <span>
 
+#include <timestamp.hpp>
+
 #include "burst.hpp"
 
 namespace ipxp
@@ -30,8 +32,8 @@ class BurstStatsData {
 
 	DirectionalField<boost::container::static_vector<uint32_t, MAX_BURST_COUNT>> packets;
 	DirectionalField<boost::container::static_vector<uint32_t, MAX_BURST_COUNT>> bytes;
-	DirectionalField<boost::container::static_vector<uint64_t, MAX_BURST_COUNT>> start;
-	DirectionalField<boost::container::static_vector<uint64_t, MAX_BURST_COUNT>> end;
+	DirectionalField<boost::container::static_vector<Timestamp, MAX_BURST_COUNT>> start;
+	DirectionalField<boost::container::static_vector<Timestamp, MAX_BURST_COUNT>> end;
 
 public:
 
@@ -63,9 +65,9 @@ class BurstStatsData {
 	 * @param direction The direction for which to retrieve the start timestamps span.
 	 * @return A span over the start timestamps.
 	 */
-	std::span<const uint64_t> getStartTimestamps(const Direction direction) const noexcept
+	std::span<const Timestamp> getStartTimestamps(const Direction direction) const noexcept
 	{
-		return std::span<const uint64_t>(start[direction].data(), static_cast<std::size_t>(start[direction].size()));
+		return std::span<const Timestamp>(start[direction].data(), static_cast<std::size_t>(start[direction].size()));
 	}
 
 	/**
@@ -74,9 +76,9 @@ class BurstStatsData {
 	 * @param direction The direction for which to retrieve the end timestamps span.
 	 * @return A span over the end timestamps.
 	 */
-	std::span<const uint64_t> getEndTimestamps(const Direction direction) const noexcept
+	std::span<const Timestamp> getEndTimestamps(const Direction direction) const noexcept
 	{
-		return std::span<const uint64_t>(&*end[direction].begin(), static_cast<std::size_t>(end[direction].size()));
+		return std::span<const Timestamp>(end[direction].data(), static_cast<std::size_t>(end[direction].size()));
 	}
 
 	/**
@@ -112,8 +114,8 @@ class BurstStatsData {
 
 		packets[direction].push_back(0);
 		bytes[direction].push_back(0);
-		start[direction].push_back(0);
-		end[direction].push_back(0);
+		start[direction].push_back({});
+		end[direction].push_back({});
 
 		return back(direction);
 	}

new-process-api/process/bstats/src/burstStats.o

@@ -17,6 +17,13 @@ std::string_view toStringView(const T& container) noexcept
         reinterpret_cast<const char*>(container.data()), container.size());
 }
 
+constexpr static inline 
+std::string_view toStringView(const auto* data, const std::size_t size) noexcept 
+{
+    return std::string_view(
+        reinterpret_cast<const char*>(data), size);
+}
+
 constexpr static inline
 auto split(std::string_view view, const char delimiter) noexcept
 {

new-process-api/process/bstats/src/burstStatsData.hpp

@@ -24,10 +24,10 @@
 #include <utils.hpp>
 #include <dnsParser/dnsParser.hpp>
 #include <utils/stringViewUtils.hpp>
+#include <utils/spanUtils.hpp>
 
 namespace ipxp {
 
-
 static const PluginManifest dnsPluginManifest = {
 	.name = "dns",
 	.description = "Dns process plugin for parsing dns traffic.",
@@ -89,7 +89,7 @@ DNSPlugin::DNSPlugin([[maybe_unused]]const std::string& params, FieldManager& ma
 PluginInitResult DNSPlugin::onInit(const FlowContext& flowContext, void* pluginContext)
 {
 	constexpr uint16_t DNS_PORT = 53;
-	if (flowContext.packet.flowKey.srcPort != DNS_PORT && flowContext.packet.flowKey.dstPort != DNS_PORT) {
+	if (flowContext.packet.src_port != DNS_PORT && flowContext.packet.dst_port != DNS_PORT) {
 		return {
 			.constructionState = ConstructionState::NotConstructed,
 			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
@@ -100,8 +100,8 @@ PluginInitResult DNSPlugin::onInit(const FlowContext& flowContext, void* pluginC
 	auto* pluginData = std::construct_at(reinterpret_cast<DNSData*>(pluginContext));
 	// TODO USE VALUES FROM DISSECTOR
 	constexpr uint8_t TCP = 6;
-	const bool isDNSOverTCP = flowContext.packet.flowKey.l4Protocol == TCP;
-	if (parseDNS(flowContext.packet.payload, isDNSOverTCP, flowContext.flowRecord, *pluginData)) {
+	const bool isDNSOverTCP = flowContext.packet.ip_proto == TCP;
+	if (parseDNS(toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len), isDNSOverTCP, flowContext.flowRecord, *pluginData)) {
 		return {
 			.constructionState = ConstructionState::Constructed,
 			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
@@ -122,8 +122,8 @@ PluginUpdateResult DNSPlugin::onUpdate(const FlowContext& flowContext, void* plu
 
 	// TODO USE VALUES FROM DISSECTOR
 	constexpr uint8_t TCP = 6;
-	const bool isDNSOverTCP = flowContext.packet.flowKey.l4Protocol == TCP;
-	if (parseDNS(flowContext.packet.payload, isDNSOverTCP, flowContext.flowRecord, *pluginData)) {
+	const bool isDNSOverTCP = flowContext.packet.ip_proto == TCP;
+	if (parseDNS(toSpan<const std::byte>(flowContext.packet.payload, flowContext.packet.payload_len), isDNSOverTCP, flowContext.flowRecord, *pluginData)) {
 		return {
 			.updateRequirement = UpdateRequirement::NoUpdateNeeded,
 			.flowAction = FlowAction::Flush,