Merge branch 'master' into icmp-plugin

Author: BonnyAD9

ChangeLog

@@ -1,3 +1,9 @@
+2023-05-16 ipfixprobe-4.8.0
+	* DPDK: bugfix of HW timestamps
+	* DPDK: compliance, different constant names
+	* pstats: bugfix of recognition of zero length packets
+	* SSADetector: add new plugin to detect possible SYN-SYNACK-ACK
+
 2023-03-27 ipfixprobe-4.7.4
 	* Support parsing of ipv6 mobility header
 	* Support TLS v1.3

Makefile.am

@@ -159,7 +159,9 @@ endif
 if WITH_DPDK
 ipfixprobe_input_src+=\
         input/dpdk.cpp \
-        input/dpdk.h
+        input/dpdk.h \
+	input/dpdk-ring.cpp \
+	input/dpdk-ring.h
 endif
 
 ipfixprobe_headers_src=\

NEWS

@@ -1,3 +1,23 @@
+2023-05-05 (SiskaPavel): Merge pull request #148 from CESNET/dpdk-version
+2023-05-05 (Pavel Siska): dpdk - support HW timestamp only when metadata are available
+2023-05-04 (Pavel Siska): Dpdk - support different constant names acros dpdk versions
+2023-04-18 (SiskaPavel): Merge pull request #146 from CESNET/ssadetector_plugin
+2023-04-18 (SiskaPavel): Merge pull request #143 from BonnyAD9/http-invalid-method
+2023-04-18 (Karel Hynek): Merge pull request #145 from CESNET/pstats_zerolen_fix
+2023-04-18 (Karel Hynek): SSADetector: Updated coding style, Removed unnamed constants
+2023-04-17 (Karel Hynek): PSTATS BUGFIX: Fixed zero-len packets recognition
+2023-04-04 (Jakub Antonín Štigler): Increase the method field size in http
+2023-03-27 (Jakub Antonín Štigler): Set back the default size of http method
+2023-03-27 (Jakub Antonín Štigler): parse http requests with invalid header
+2023-03-27 (SiskaPavel): Merge pull request #142 from CESNET/new_version
+2023-03-15 (Karel Hynek): SSADetector: Added functional tests
+2023-03-15 (Karel Hynek): SSADetector: Added ext record modification methods
+2023-03-15 (Karel Hynek): SSADetector: Added transition functions to detection automaton
+2023-03-15 (Karel Hynek): SSADetector: SSADetectorRecord EXT completely defined
+2023-03-15 (Karel Hynek): SSADetector: Added pkt table structure
+2023-03-15 (Karel Hynek): SSADetector: Added pkt entry structure
+2023-03-15 (jirakja7): SSADetector plugin: initial files.
+
 2023-03-20 (Jakub Antonín Štigler): Skip ipv6 mobility header
 2023-03-15 (Karel Hynek): Updated .gitignore
 2023-03-13 (Karel Hynek): tls: Updated tls test reference

README.md

@@ -159,6 +159,9 @@ Here are the examples of various plugins usage:
 # The following `dpdk` interfaces are given without parameters; their configuration is inherited from the first one.
 # Example for the queue of 3 DPDK input plugins (q=3):
 `./ipfixprobe -i "dpdk;p=0;q=3;e=-c 0x1 -a  <[domain:]bus:devid.func>" -i dpdk -i dpdk -p http "-p" bstats -p tls -o "ipfix;h=127.0.0.1"`
+
+# Read packets using DPDK input interface as secondary process with shared memory (DPDK rings) - in this case, 4 DPDK rings are used
+`./ipfixprobe -i 'dpdk-ring;r=rx_ipfixprobe_0;e= --proc-type=secondary' -i 'dpdk-ring;r=rx_ipfixprobe_1' -i 'dpdk-ring;r=rx_ipfixprobe_2' -i 'dpdk-ring;r=rx_ipfixprobe_3' -o 'text'`
 ```
 
 ## Flow Data Extension - Processing Plugins
@@ -559,7 +562,7 @@ ipfixprobe 'pcap;file=pcaps/http.pcap' -p "phists;includezeros" -o 'unirec;i=u:h
 
 List of fields exported together with basic flow fields on the interface by BSTATS plugin.
 The plugin is compiled to export the first `BSTATS_MAXELENCOUNT` (15 by default) burst in each direction.
-The bursts are computed separately for each direction. Burst is defined by `MINIMAL_PACKETS_IN_BURST` (3 by default) and by `MAXIMAL_INTERPKT_TIME` (1000 ms by default) between packets to be included in a burst.
+The bursts are computed separately for each direction. Burst is defined by `MINIMAL_PACKETS_IN_BURST` (3 by default) and by `MAXIMAL_INTERPKT_TIME` (1000 ms by default) between packets to be included in a burst. When the flow contains less then `MINIMAL_PACKETS_IN_BURST` packets, the fields are not exported to reduce output bandwidth.
 
 | Output field        | Type    | Description                                                     |
 |:-------------------:|:-------:|:---------------------------------------------------------------:|
@@ -598,6 +601,15 @@ List of fields exported together with basic flow fields on interface by icmp plu
 |:------------------:|:------:|:-------------------------------:|
 | L4_ICMP_TYPE_CODE  | uint16 | ICMP type (MSB) and code (LSB)  |
 
+### SSADetector
+
+List of fields exported together with basic flow fields on interface by ssadetector plugin.
+The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple occurrences of this pattern suggest a tunneled connection.
+
+| Output field       | Type   | Description                             |
+|:------------------:|:------:|:---------------------------------------:|
+| SSA_CONF_LEVEL     | uint8  | 1 if SSA sequence detected, 0 otherwise |
+
 ## Simplified function diagram
 Diagram below shows how `ipfixprobe` works.
 

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.69])
-AC_INIT([ipfixprobe], [4.7.4], [[email protected]])
+AC_INIT([ipfixprobe], [4.8.0], [[email protected]])
 
 AC_CONFIG_SRCDIR([main.cpp])
 AC_CONFIG_HEADERS([config.h])

include/ipfixprobe/byte-utils.hpp

@@ -24,22 +24,7 @@
  *    may be used to endorse or promote products derived from this
  *    software without specific prior written permission.
  *
- * ALTERNATIVELY, provided that this notice is retained in full, this
- * product may be distributed under the terms of the GNU General Public
- * License (GPL) version 2 or later, in which case the provisions
- * of the GPL apply INSTEAD OF those given above.
  *
- * This software is provided ``as is'', and any express or implied
- * warranties, including, but not limited to, the implied warranties of
- * merchantability and fitness for a particular purpose are disclaimed.
- * In no event shall the company or contributors be liable for any
- * direct, indirect, incidental, special, exemplary, or consequential
- * damages (including, but not limited to, procurement of substitute
- * goods or services; loss of use, data, or profits; or business
- * interruption) however caused and on any theory of liability, whether
- * in contract, strict liability, or tort (including negligence or
- * otherwise) arising in any way out of the use of this software, even
- * if advised of the possibility of such damage.
  *
  */
 

include/ipfixprobe/flowifc.hpp

@@ -25,22 +25,7 @@
  *    may be used to endorse or promote products derived from this
  *    software without specific prior written permission.
  *
- * ALTERNATIVELY, provided that this notice is retained in full, this
- * product may be distributed under the terms of the GNU General Public
- * License (GPL) version 2 or later, in which case the provisions
- * of the GPL apply INSTEAD OF those given above.
  *
- * This software is provided ``as is'', and any express or implied
- * warranties, including, but not limited to, the implied warranties of
- * merchantability and fitness for a particular purpose are disclaimed.
- * In no event shall the company or contributors be liable for any
- * direct, indirect, incidental, special, exemplary, or consequential
- * damages (including, but not limited to, procurement of substitute
- * goods or services; loss of use, data, or profits; or business
- * interruption) however caused and on any theory of liability, whether
- * in contract, strict liability, or tort (including negligence or
- * otherwise) arising in any way out of the use of this software, even
- * if advised of the possibility of such damage.
  *
  */
 

include/ipfixprobe/input.hpp

@@ -23,22 +23,7 @@
  *    may be used to endorse or promote products derived from this
  *    software without specific prior written permission.
  *
- * ALTERNATIVELY, provided that this notice is retained in full, this
- * product may be distributed under the terms of the GNU General Public
- * License (GPL) version 2 or later, in which case the provisions
- * of the GPL apply INSTEAD OF those given above.
  *
- * This software is provided ``as is'', and any express or implied
- * warranties, including, but not limited to, the implied warranties of
- * merchantability and fitness for a particular purpose are disclaimed.
- * In no event shall the company or contributors be liable for any
- * direct, indirect, incidental, special, exemplary, or consequential
- * damages (including, but not limited to, procurement of substitute
- * goods or services; loss of use, data, or profits; or business
- * interruption) however caused and on any theory of liability, whether
- * in contract, strict liability, or tort (including negligence or
- * otherwise) arising in any way out of the use of this software, even
- * if advised of the possibility of such damage.
  *
  */
 

include/ipfixprobe/ipaddr.hpp

@@ -22,22 +22,7 @@
  *    may be used to endorse or promote products derived from this
  *    software without specific prior written permission.
  *
- * ALTERNATIVELY, provided that this notice is retained in full, this
- * product may be distributed under the terms of the GNU General Public
- * License (GPL) version 2 or later, in which case the provisions
- * of the GPL apply INSTEAD OF those given above.
  *
- * This software is provided ``as is'', and any express or implied
- * warranties, including, but not limited to, the implied warranties of
- * merchantability and fitness for a particular purpose are disclaimed.
- * In no event shall the company or contributors be liable for any
- * direct, indirect, incidental, special, exemplary, or consequential
- * damages (including, but not limited to, procurement of substitute
- * goods or services; loss of use, data, or profits; or business
- * interruption) however caused and on any theory of liability, whether
- * in contract, strict liability, or tort (including negligence or
- * otherwise) arising in any way out of the use of this software, even
- * if advised of the possibility of such damage.
  *
  */
 

include/ipfixprobe/ipfix-basiclist.hpp

@@ -22,22 +22,7 @@
  *    may be used to endorse or promote products derived from this
  *    software without specific prior written permission.
  *
- * ALTERNATIVELY, provided that this notice is retained in full, this
- * product may be distributed under the terms of the GNU General Public
- * License (GPL) version 2 or later, in which case the provisions
- * of the GPL apply INSTEAD OF those given above.
  *
- * This software is provided as is'', and any express or implied
- * warranties, including, but not limited to, the implied warranties of
- * merchantability and fitness for a particular purpose are disclaimed.
- * In no event shall the company or contributors be liable for any
- * direct, indirect, incidental, special, exemplary, or consequential
- * damages (including, but not limited to, procurement of substitute
- * goods or services; loss of use, data, or profits; or business
- * interruption) however caused and on any theory of liability, whether
- * in contract, strict liability, or tort (including negligence or
- * otherwise) arising in any way out of the use of this software, even
- * if advised of the possibility of such damage.
  *
  */