├── .clang-format ├── .clang-tidy ├── .editorconfig ├── .github ├── actions │ └── install-dependencies │ │ └── action.yml └── workflows │ ├── build.yml │ ├── check.yml │ ├── ciEntryPoint.yml │ ├── copr-upload.yml │ ├── rpm-build.yml │ ├── rpm-install.yml │ └── tests.yml ├── .gitignore ├── CMakeLists.txt ├── Doxyfile ├── LICENSE ├── Makefile ├── README.md ├── cmake ├── build_type.cmake ├── dependencies.cmake ├── installation.cmake └── modules │ ├── FindAtomic.cmake │ ├── FindLIBTRAP.cmake │ ├── FindLZ4.cmake │ ├── FindNFB.cmake │ ├── FindNUMA.cmake │ ├── FindUNIREC.cmake │ └── FindUnwind.cmake ├── debian ├── README.Debian ├── changelog ├── compat ├── control ├── copyright ├── patches │ └── series ├── rules ├── source │ ├── format │ ├── include-binaries │ └── local-options └── watch ├── docker ├── Dockerfile ├── README.md ├── ipfixprobe_wrapper.sh └── process_script.sh ├── docs ├── 404.html ├── Gemfile ├── Gemfile.lock ├── LICENSE ├── README.md ├── _config.yml ├── _data │ ├── footer.yml │ └── navigation.yml ├── _export │ ├── BSTATS.md │ ├── DNS-SD.md │ ├── DNS.md │ ├── Flow Hash.md │ ├── HTTP.md │ ├── ICMP.md │ ├── IDPContent.md │ ├── MPLS.md │ ├── MQTT.md │ ├── NTP.md │ ├── NetBIOS.md │ ├── NetTiSA.md │ ├── OSQUERY.md │ ├── OVPN.md │ ├── PHISTS.md │ ├── PSTATS.md │ ├── PassiveDNS.md │ ├── QUIC.md │ ├── RTSP.md │ ├── SIP.md │ ├── SMTP.md │ ├── SSADetector.md │ ├── SSDP.md │ ├── TLS.md │ ├── VLAN.md │ ├── WG.md │ ├── basic.md │ └── basic_plus.md ├── _get_options │ ├── _defaults.md │ ├── a_rhel_packages.md │ ├── build_from_source.md │ └── openwrt.md ├── _how │ ├── Input plugin.md │ ├── output plugin.md │ └── storage plugin.md ├── _includes │ ├── list-posts.html │ ├── navigation.html │ ├── post-title.html │ ├── relative-src.html │ └── social-icon.html ├── _layouts │ ├── archive.html │ ├── default.html │ ├── page.html │ └── post.html ├── _sass │ ├── blog.scss │ ├── cloudcannon.scss │ ├── contact.scss │ ├── developer.scss │ ├── elements.scss │ ├── footer.scss │ ├── forms.scss │ ├── get_options.scss │ ├── how.scss │ ├── landing-page.scss │ ├── layout.scss │ ├── mixins │ │ ├── columns.scss │ │ └── flexbox.scss │ ├── navigation.scss │ ├── pricing.scss │ ├── staff.scss │ └── variables.scss ├── apple-touch-icon.png ├── blog │ └── index.html ├── css │ └── screen.scss ├── developer.html ├── export.html ├── favicon.png ├── get_options.html ├── how.html ├── images │ ├── _screenshot.png │ ├── dashboard.png │ ├── datacenter.jpeg │ ├── github.png │ ├── ipfixprobe-horizontal.svg │ ├── ipfixprobe_architecture.jpg │ ├── logo.svg │ ├── network.jpg │ └── router.jpeg ├── index.html ├── robots.txt ├── siteicon.svg └── touch-icon.png ├── external ├── CMakeLists.txt └── telemetry.cmake ├── include └── ipfixprobe │ ├── api.hpp │ ├── byte-utils.hpp │ ├── flowifc.hpp │ ├── inputPlugin.hpp │ ├── ipaddr.hpp │ ├── ipfix-basiclist.hpp │ ├── ipfix-elements.hpp │ ├── options.hpp │ ├── outputPlugin.hpp │ ├── packet.hpp │ ├── parser-stats.hpp │ ├── plugin.hpp │ ├── pluginFactory │ ├── pluginFactory.hpp │ ├── pluginGenerator.hpp │ ├── pluginManifest.hpp │ └── pluginRegistrar.hpp │ ├── processPlugin.hpp │ ├── ring.h │ ├── storagePlugin.hpp │ ├── telemetry-utils.hpp │ └── utils.hpp ├── init ├── CMakeLists.txt ├── config2args.py ├── ipfixprobe-monitoring.target ├── ipfixprobe@.service ├── ipfixprobed ├── link0.conf.example └── schema.json ├── pkg ├── CMakeLists.txt ├── rpm │ ├── CMakeLists.txt │ ├── ipfixprobe-msec.spec.in │ ├── ipfixprobe-nemea.spec.in │ └── ipfixprobe.spec.in └── tgz │ └── CMakeLists.txt ├── src ├── CMakeLists.txt ├── buildConfig.hpp.in ├── core │ ├── CMakeLists.txt │ ├── inputPlugin.cpp │ ├── ipfixprobe.cpp │ ├── ipfixprobe.hpp │ ├── ipfixprobe_stats.cpp │ ├── main.cpp │ ├── options.cpp │ ├── pluginManager.cpp │ ├── pluginManager.hpp │ ├── ring.c │ ├── stacktrace.cpp │ ├── stacktrace.hpp │ ├── stats.cpp │ ├── stats.hpp │ ├── utils.cpp │ ├── workers.cpp │ └── workers.hpp └── plugins │ ├── CMakeLists.txt │ ├── input │ ├── CMakeLists.txt │ ├── dpdk │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── dpdk-ring.cpp │ │ │ ├── dpdk-ring.hpp │ │ │ ├── dpdk.cpp │ │ │ ├── dpdk.hpp │ │ │ ├── dpdkCompat.hpp │ │ │ ├── dpdkDevice.cpp │ │ │ ├── dpdkDevice.hpp │ │ │ ├── dpdkMbuf.cpp │ │ │ ├── dpdkMbuf.hpp │ │ │ ├── dpdkPortTelemetry.cpp │ │ │ ├── dpdkPortTelemetry.hpp │ │ │ ├── dpdkTelemetry.cpp │ │ │ └── dpdkTelemetry.hpp │ ├── nfb │ │ ├── CMakeLists.txt │ │ └── src │ │ │ ├── ndp.cpp │ │ │ ├── ndp.hpp │ │ │ ├── ndpHeader.hpp │ │ │ ├── ndpReader.cpp │ │ │ └── ndpReader.hpp │ ├── parser │ │ ├── headers.hpp │ │ ├── parser.cpp │ │ └── parser.hpp │ ├── pcap │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── pcap.cpp │ │ │ └── pcap.hpp │ └── raw │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ ├── raw.cpp │ │ └── raw.hpp │ ├── output │ ├── CMakeLists.txt │ ├── ipfix │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── ipfix-basiclist.cpp │ │ │ ├── ipfix.cpp │ │ │ └── ipfix.hpp │ ├── text │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── text.cpp │ │ │ └── text.hpp │ └── unirec │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ ├── unirec.cpp │ │ └── unirec.hpp │ ├── process │ ├── CMakeLists.txt │ ├── basicplus │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── basicplus.cpp │ │ │ └── basicplus.hpp │ ├── bstats │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── bstats.cpp │ │ │ └── bstats.hpp │ ├── common │ │ ├── CMakeLists.txt │ │ ├── common.hpp │ │ ├── dns-utils.hpp │ │ └── tlsParser │ │ │ ├── tls_parser.cpp │ │ │ └── tls_parser.hpp │ ├── dns │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── dns.cpp │ │ │ └── dns.hpp │ ├── dnssd │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── dnssd.cpp │ │ │ └── dnssd.hpp │ ├── flowHash │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── flow_hash.cpp │ │ │ └── flow_hash.hpp │ ├── http │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── http.cpp │ │ │ └── http.hpp │ ├── icmp │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── icmp.cpp │ │ │ └── icmp.hpp │ ├── idpContent │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── idpcontent.cpp │ │ │ └── idpcontent.hpp │ ├── mpls │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── mpls.cpp │ │ │ └── mpls.hpp │ ├── mqtt │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── mqtt.cpp │ │ │ └── mqtt.hpp │ ├── netbios │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── netbios.cpp │ │ │ └── netbios.hpp │ ├── nettisa │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── nettisa.cpp │ │ │ └── nettisa.hpp │ ├── ntp │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── ntp.cpp │ │ │ └── ntp.hpp │ ├── osquery │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── osquery.cpp │ │ │ └── osquery.hpp │ ├── ovpn │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── ovpn.cpp │ │ │ └── ovpn.hpp │ ├── passiveDns │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── passivedns.cpp │ │ │ └── passivedns.hpp │ ├── phists │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── phists.cpp │ │ │ └── phists.hpp │ ├── pstats │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── pstats.cpp │ │ │ └── pstats.hpp │ ├── quic │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── quic.cpp │ │ │ ├── quic.hpp │ │ │ ├── quic_parser.cpp │ │ │ └── quic_parser.hpp │ ├── rtsp │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── rtsp.cpp │ │ │ └── rtsp.hpp │ ├── sip │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── sip.cpp │ │ │ └── sip.hpp │ ├── smtp │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── smtp.cpp │ │ │ └── smtp.hpp │ ├── ssaDetector │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── ssadetector.cpp │ │ │ └── ssadetector.hpp │ ├── ssdp │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── ssdp.cpp │ │ │ └── ssdp.hpp │ ├── tls │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── md5.cpp │ │ │ ├── md5.hpp │ │ │ ├── sha256.hpp │ │ │ ├── tls.cpp │ │ │ └── tls.hpp │ ├── vlan │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ │ ├── vlan.cpp │ │ │ └── vlan.hpp │ └── wg │ │ ├── CMakeLists.txt │ │ ├── README.md │ │ └── src │ │ ├── wg.cpp │ │ └── wg.hpp │ └── storage │ ├── CMakeLists.txt │ └── cache │ ├── CMakeLists.txt │ ├── README.md │ └── src │ ├── cache.cpp │ ├── cache.hpp │ ├── fragmentationCache │ ├── fragmentationCache.cpp │ ├── fragmentationCache.hpp │ ├── fragmentationKeyData.hpp │ ├── fragmentationTable.cpp │ ├── fragmentationTable.hpp │ ├── ringBuffer.hpp │ └── timevalUtils.hpp │ ├── xxhash.c │ └── xxhash.h └── tests ├── CMakeLists.txt └── functional ├── CMakeLists.txt ├── inputs ├── arp.pcap ├── bstats.pcap ├── dns.pcap ├── dnssd.pcap ├── http.pcap ├── idpcontent.pcap ├── mixed.pcap ├── mqtt.pcap ├── netbios.pcap ├── ntp.pcap ├── ovpn.pcap ├── quic_initial-sample.pcap ├── rtsp.pcap ├── sip.pcap ├── smtp.pcap ├── ssdp.pcap ├── tls.pcap ├── vlan.pcap └── wg.pcap ├── outputs ├── basic ├── basicplus ├── bstats ├── dns ├── dnssd ├── http ├── idpcontent ├── mqtt ├── netbios ├── nettisa ├── ntp ├── ovpn ├── passivedns ├── phists ├── pstats ├── quic ├── rtsp ├── sip ├── smtp ├── ssadetector ├── ssdp ├── tls ├── vlan └── wg └── scripts └── run_test.sh /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | BasedOnStyle: WebKit 4 | 5 | AlwaysBreakBeforeMultilineStrings: true 6 | AlignAfterOpenBracket: AlwaysBreak 7 | AllowAllArgumentsOnNextLine: false 8 | AllowAllParametersOfDeclarationOnNextLine: false 9 | AllowShortIfStatementsOnASingleLine: Never 10 | AllowShortFunctionsOnASingleLine: Inline 11 | AlwaysBreakTemplateDeclarations: Yes 12 | BinPackArguments: false 13 | BinPackParameters: false 14 | BreakInheritanceList: BeforeComma 15 | ColumnLimit: 100 16 | Cpp11BracedListStyle: true 17 | FixNamespaceComments: true 18 | IndentGotoLabels: false 19 | KeepEmptyLinesAtTheStartOfBlocks: false 20 | NamespaceIndentation: None 21 | ShortNamespaceLines: 0 22 | SpaceAfterCStyleCast: true 23 | SpaceAfterTemplateKeyword: false 24 | SpaceInEmptyBlock: false 25 | SpacesInContainerLiterals: false 26 | PointerAlignment: Left 27 | TabWidth: '4' 28 | UseTab: ForContinuationAndIndentation 29 | 30 | SortIncludes: true 31 | IncludeBlocks: Regroup 32 | IncludeCategories: 33 | - Regex: '^"(.*)"$' 34 | Priority: 1 35 | - Regex: '^<[^>]*\.(h|hpp)>$' 36 | Priority: 3 37 | - Regex: '^<.*>$' 38 | Priority: 2 39 | ... 40 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | end_of_line = lf 5 | insert_final_newline = true 6 | trim_trailing_whitespace = true 7 | charset = utf-8 8 | 9 | [Makefile] 10 | indent_style = tab 11 | 12 | [{CMakeLists.txt,*.cmake}] 13 | indent_style = tab 14 | 15 | [*.{yaml,yml}] 16 | indent_style = space 17 | indent_size = 2 18 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: 4 | workflow_call: 5 | inputs: 6 | os: 7 | required: true 8 | type: string 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | container: ${{ inputs.os }} 14 | steps: 15 | - name: Install git 16 | run: dnf install -y git 17 | - name: Check out repository code 18 | uses: actions/checkout@v4 19 | - name: Install dependencies 20 | uses: ./.github/actions/install-dependencies 21 | with: 22 | pcap: true 23 | dpdk: true 24 | nfb: true 25 | - name: Mark github workspace as safe 26 | run: git config --system --add safe.directory $PWD 27 | - name: Create build directory 28 | run: mkdir build 29 | - name: Configure CMake 30 | run: | 31 | cd build 32 | cmake3 .. -DCMAKE_BUILD_TYPE=Debug -DENABLE_INPUT_PCAP=ON -DENABLE_INPUT_DPDK=ON -DENABLE_INPUT_NFB=ON -DENABLE_PROCESS_EXPERIMENTAL=ON 33 | - name: make 34 | run: make -j $(nproc) 35 | -------------------------------------------------------------------------------- /.github/workflows/check.yml: -------------------------------------------------------------------------------- 1 | name: check 2 | 3 | on: [workflow_call] 4 | 5 | jobs: 6 | clang-checks: 7 | runs-on: ubuntu-latest 8 | container: oraclelinux:9 9 | steps: 10 | - name: Check out repository code 11 | uses: actions/checkout@v4 12 | - name: Install dependencies 13 | uses: ./.github/actions/install-dependencies 14 | with: 15 | clang-tools: true 16 | pcap: true 17 | - name: make format-check 18 | run: make format 19 | 20 | editor-config: 21 | runs-on: ubuntu-latest 22 | container: mstruebing/editorconfig-checker 23 | steps: 24 | - name: Check out repository code 25 | uses: actions/checkout@v4 26 | - name: Check editorconfig 27 | run: ec --exclude .git --exclude tests/functional/inputs 28 | -------------------------------------------------------------------------------- /.github/workflows/ciEntryPoint.yml: -------------------------------------------------------------------------------- 1 | name: Continuous Integration pipeline 2 | 3 | on: push 4 | 5 | jobs: 6 | check: 7 | uses: ./.github/workflows/check.yml 8 | build-os-matrix: 9 | needs: check 10 | runs-on: ubuntu-latest 11 | outputs: 12 | os: ${{ steps.os.outputs.os }} 13 | steps: 14 | - name: Build OS Array 15 | id: os 16 | run: | 17 | osArray=() 18 | osArray+=("oraclelinux:9") 19 | osArray=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${osArray[@]}") 20 | echo "Updated os list: $osArray" 21 | echo "os=$osArray" >> $GITHUB_OUTPUT 22 | build: 23 | needs: [build-os-matrix] 24 | strategy: 25 | matrix: 26 | os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} 27 | uses: ./.github/workflows/build.yml 28 | with: 29 | os: ${{ matrix.os }} 30 | 31 | make-tests: 32 | needs: [build-os-matrix] 33 | strategy: 34 | matrix: 35 | os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} 36 | uses: ./.github/workflows/tests.yml 37 | with: 38 | os: ${{ matrix.os }} 39 | 40 | rpm-build: 41 | needs: [build-os-matrix] 42 | strategy: 43 | matrix: 44 | os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} 45 | uses: ./.github/workflows/rpm-build.yml 46 | with: 47 | os: ${{ matrix.os }} 48 | 49 | rpm-install: 50 | needs: [build-os-matrix, rpm-build] 51 | strategy: 52 | matrix: 53 | os: ${{ fromJSON(needs.build-os-matrix.outputs.os) }} 54 | uses: ./.github/workflows/rpm-install.yml 55 | with: 56 | os: ${{ matrix.os }} 57 | -------------------------------------------------------------------------------- /.github/workflows/copr-upload.yml: -------------------------------------------------------------------------------- 1 | name: upload SRPM to copr 2 | 3 | on: 4 | push: 5 | branches: 6 | - release 7 | - stable 8 | 9 | jobs: 10 | upload-srpm-to-copr: 11 | runs-on: ubuntu-latest 12 | container: oraclelinux:9 13 | steps: 14 | - name: Install git 15 | run: dnf install -y git 16 | - name: Check out repository code 17 | uses: actions/checkout@v4 18 | - name: Install dependencies 19 | uses: ./.github/actions/install-dependencies 20 | with: 21 | pcap: true 22 | dpdk: true 23 | nfb: true 24 | nemea: true 25 | - name: Install copr-cli 26 | run: | 27 | dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm 28 | dnf install -y copr-cli 29 | - name: Mark github workspace as safe 30 | run: git config --system --add safe.directory $PWD 31 | - name: make rpm 32 | run: make -j $(nproc) rpm 33 | - name: make rpm-msec 34 | run: make -j $(nproc) rpm-msec 35 | - name: make rpm-nemea 36 | run: make -j $(nproc) rpm-nemea 37 | - name: Create copr config 38 | run: | 39 | mkdir ~/.config 40 | echo "${{ secrets.COPR_CONFIG }}" >> ~/.config/copr 41 | - name: Upload SRPM to copr 42 | run: | 43 | if [ "${{ github.ref }}" == "refs/heads/release" ]; then 44 | copr build @CESNET/ipfixprobe-testing build/pkg/rpm/rpmbuild/SRPMS/* 45 | elif [ "${{ github.ref }}" == "refs/heads/stable" ]; then 46 | copr build @CESNET/ipfixprobe build/pkg/rpm/rpmbuild/SRPMS/* 47 | fi 48 | -------------------------------------------------------------------------------- /.github/workflows/rpm-build.yml: -------------------------------------------------------------------------------- 1 | name: rpm-build 2 | 3 | on: 4 | workflow_call: 5 | inputs: 6 | os: 7 | required: true 8 | type: string 9 | 10 | jobs: 11 | rpm-build: 12 | runs-on: ubuntu-latest 13 | container: ${{ inputs.os }} 14 | steps: 15 | - name: Install git 16 | run: dnf install -y git 17 | - name: Check out repository code 18 | uses: actions/checkout@v4 19 | - name: Install dependencies 20 | uses: ./.github/actions/install-dependencies 21 | with: 22 | pcap: true 23 | dpdk: true 24 | nfb: true 25 | nemea: true 26 | 27 | - name: Mark github workspace as safe 28 | run: git config --system --add safe.directory $PWD 29 | - name: Create build directory 30 | run: mkdir build 31 | - name: Configure CMake to make rpm 32 | run: | 33 | cd build 34 | cmake3 .. -DCMAKE_BUILD_TYPE=Release -DENABLE_INPUT_PCAP=ON -DENABLE_INPUT_DPDK=ON -DENABLE_INPUT_NFB=ON -DENABLE_PROCESS_EXPERIMENTAL=ON 35 | make -j $(nproc) rpm 36 | - name: make rpm-msec 37 | run: make -j $(nproc) rpm-msec 38 | - name: make rpm-nemea 39 | run: | 40 | cd build 41 | cmake3 .. -DCMAKE_BUILD_TYPE=Release -DENABLE_OUTPUT_UNIREC=ON -DENABLE_PROCESS_EXPERIMENTAL=ON 42 | make -j $(nproc) rpm-nemea 43 | - name: extract artifact name 44 | run: | 45 | OS=${{ inputs.os }} 46 | echo "artifactName=$(echo ${OS/:/}-rpm)" >> $GITHUB_ENV 47 | - name: upload RPM artifact 48 | uses: actions/upload-artifact@v4 49 | with: 50 | name: ${{ env.artifactName }} 51 | path: ./build/pkg/rpm/rpmbuild/RPMS/x86_64 52 | retention-days: 1 53 | -------------------------------------------------------------------------------- /.github/workflows/rpm-install.yml: -------------------------------------------------------------------------------- 1 | name: rpm-install 2 | 3 | on: 4 | workflow_call: 5 | inputs: 6 | os: 7 | required: true 8 | type: string 9 | 10 | jobs: 11 | rpm-install: 12 | runs-on: ubuntu-latest 13 | container: ${{ inputs.os }} 14 | steps: 15 | - name: Install dependencies 16 | run: | 17 | dnf config-manager --set-enabled ol9_codeready_builder 18 | dnf install -y dnf-plugins-core epel-release 19 | dnf copr enable @CESNET/nfb-framework 20 | dnf copr enable @CESNET/NEMEA-stable 21 | - name: extract artifact name 22 | run: | 23 | OS=${{ inputs.os }} 24 | echo "artifactName=$(echo ${OS/:/}-rpm)" >> $GITHUB_ENV 25 | - name: download RPM artifact 26 | uses: actions/download-artifact@v4 27 | with: 28 | name: ${{ env.artifactName }} 29 | - name: install RPM artifact 30 | run: | 31 | dnf install -y $(ls *.rpm | grep -Ev 'ipfixprobe-msec|ipfixprobe-nemea|ipfixprobe-output-unirec|debuginfo|debugsource') 32 | dnf install -y $(ls ipfixprobe-msec-*.rpm | grep -Ev 'debuginfo|debugsource') --allowerasing 33 | dnf install -y $(ls ipfixprobe-nemea-*.rpm | grep -Ev 'debuginfo|debugsource') --allowerasing 34 | -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: 4 | workflow_call: 5 | inputs: 6 | os: 7 | required: true 8 | type: string 9 | 10 | jobs: 11 | tests: 12 | runs-on: ubuntu-latest 13 | container: ${{ inputs.os }} 14 | steps: 15 | - name: Install git 16 | run: dnf install -y git 17 | - name: Check out repository code 18 | uses: actions/checkout@v4 19 | - name: Install dependencies 20 | uses: ./.github/actions/install-dependencies 21 | with: 22 | pcap: true 23 | nemea: true 24 | tests: true 25 | - name: Mark github workspace as safe 26 | run: git config --system --add safe.directory $PWD 27 | - name: Create build directory 28 | run: mkdir build 29 | - name: Configure CMake 30 | run: | 31 | cd build 32 | cmake3 .. -DENABLE_NEMEA=ON -DENABLE_INPUT_PCAP=ON -DENABLE_OUTPUT_UNIREC=ON -DENABLE_PROCESS_EXPERIMENTAL=ON -DENABLE_TESTS=ON 33 | - name: make tests 34 | run: | 35 | make -j $(nproc) 36 | make tests 37 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Default build directory 3 | build/ 4 | 5 | # Visual Studio files 6 | .vscode/ 7 | 8 | # Clangd cache files 9 | .clang/ 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2025, CESNET 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ifeq ($(CMAKE),) 2 | CMAKE := cmake 3 | endif 4 | 5 | ifeq ($(CLANG_FORMAT),) 6 | CLANG_FORMAT := clang-format 7 | endif 8 | 9 | ifeq ($(RUN_CLANG_TIDY),) 10 | RUN_CLANG_TIDY := run-clang-tidy 11 | endif 12 | 13 | 14 | SRC_DIR = "$(shell pwd)/src" 15 | INC_DIR = "$(shell pwd)/include" 16 | 17 | SOURCE_DIR = "$(SRC_DIR)" "$(INC_DIR)" 18 | SOURCE_REGEX = '.*\.\(cpp\|hpp\|c\|h\)' 19 | 20 | 21 | .PHONY: all 22 | all: build/Makefile 23 | @$(MAKE) --no-print-directory -C build 24 | 25 | %: build/Makefile 26 | @$(MAKE) --no-print-directory -C build $@ 27 | 28 | build/Makefile: | build 29 | @cd build && $(CMAKE) $(CMAKE_ARGS) .. 30 | 31 | build: 32 | @mkdir -p $@ 33 | 34 | .PHONY: format 35 | format: 36 | @find $(SOURCE_DIR) -type f -regex $(SOURCE_REGEX) -print0 | xargs -0 $(CLANG_FORMAT) --dry-run --Werror 37 | 38 | .PHONY: format-fix 39 | format-fix: 40 | @find $(SOURCE_DIR) -type f -regex $(SOURCE_REGEX) -print0 | xargs -0 $(CLANG_FORMAT) -i 41 | 42 | .PHONY: tidy 43 | tidy: all 44 | $(RUN_CLANG_TIDY) -p build -quiet -j $(shell nproc) -header-filter=$(SOURCE_DIR) $(SOURCE_DIR) 45 | 46 | .PHONY: tidy-fix 47 | tidy-fix: all 48 | $(RUN_CLANG_TIDY) -p build -quiet -fix -j $(shell nproc) -header-filter=$(SOURCE_DIR) $(SOURCE_DIR) 49 | -------------------------------------------------------------------------------- /cmake/build_type.cmake: -------------------------------------------------------------------------------- 1 | # Define default build type and supported options. 2 | set(DEFAULT_BUILD_TYPE "Release") 3 | 4 | if (NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES) 5 | message(STATUS 6 | "Setting build type to '${DEFAULT_BUILD_TYPE}' as none was specified.") 7 | set(CMAKE_BUILD_TYPE ${DEFAULT_BUILD_TYPE} 8 | CACHE STRING "build type" FORCE) 9 | set_property(CACHE CMAKE_BUILD_TYPE 10 | PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo") 11 | endif() 12 | -------------------------------------------------------------------------------- /cmake/dependencies.cmake: -------------------------------------------------------------------------------- 1 | # Project dependencies 2 | find_package(PkgConfig REQUIRED) 3 | 4 | find_package(Threads REQUIRED) 5 | find_package(Atomic REQUIRED) 6 | find_package(Unwind REQUIRED) 7 | find_package(LZ4 REQUIRED) 8 | find_package(OpenSSL REQUIRED) 9 | 10 | if (ENABLE_INPUT_PCAP) 11 | pkg_check_modules(PCAP REQUIRED libpcap) 12 | endif() 13 | 14 | if (ENABLE_INPUT_DPDK) 15 | pkg_check_modules(DPDK REQUIRED libdpdk) 16 | endif() 17 | 18 | if (ENABLE_INPUT_NFB) 19 | find_package(NFB REQUIRED) 20 | find_package(NUMA REQUIRED) 21 | endif() 22 | 23 | if (ENABLE_OUTPUT_UNIREC OR ENABLE_NEMEA) 24 | find_package(LIBTRAP REQUIRED) 25 | find_package(UNIREC REQUIRED) 26 | endif() 27 | 28 | if (ENABLE_TESTS) 29 | execute_process( 30 | COMMAND rpm -q nemea-modules 31 | RESULT_VARIABLE NEMEA_INSTALLED 32 | OUTPUT_QUIET ERROR_QUIET 33 | ) 34 | if (NOT NEMEA_INSTALLED EQUAL 0) 35 | message(FATAL_ERROR "NEMEA modules package is missing! Install it using: dnf install nemea-modules") 36 | endif() 37 | endif() 38 | -------------------------------------------------------------------------------- /cmake/installation.cmake: -------------------------------------------------------------------------------- 1 | # The purpose of this file is to automatically determine install directories. 2 | # 3 | # If no directories are defined, use GNU install directories by default. 4 | # However, in case of RPM build, install directories are typically passed 5 | # to CMake as definitions that overwrites the default paths. 6 | # 7 | 8 | include(GNUInstallDirs) 9 | 10 | set(INSTALL_DIR_BIN ${CMAKE_INSTALL_FULL_BINDIR}) 11 | 12 | if (DEFINED LIB_INSTALL_DIR) 13 | set(INSTALL_DIR_LIB ${LIB_INSTALL_DIR}) 14 | else() 15 | set(INSTALL_DIR_LIB ${CMAKE_INSTALL_FULL_LIBDIR}) 16 | endif() 17 | 18 | if (DEFINED INCLUDE_INSTALL_DIR) 19 | set(INSTALL_DIR_INCLUDE ${INCLUDE_INSTALL_DIR}) 20 | else() 21 | set(INSTALL_DIR_INCLUDE ${CMAKE_INSTALL_FULL_INCLUDEDIR}) 22 | endif() 23 | 24 | if (DEFINED SYSCONF_INSTALL_DIR) 25 | set(INSTALL_DIR_SYSCONF ${SYSCONF_INSTALL_DIR}) 26 | else() 27 | set(INSTALL_DIR_SYSCONF ${CMAKE_INSTALL_FULL_SYSCONFDIR}) 28 | endif() 29 | 30 | if (DEFINED SHARE_INSTALL_PREFIX) 31 | set(INSTALL_DIR_SHARE ${SHARE_INSTALL_PREFIX}) 32 | else() 33 | set(INSTALL_DIR_SHARE ${CMAKE_INSTALL_FULL_DATAROOTDIR}) 34 | endif() 35 | 36 | if(DEFINED SYSTEMD_UNIT_DIR) 37 | set(INSTALL_UNIT_DIR ${SYSTEMD_UNIT_DIR}) 38 | else() 39 | set(INSTALL_UNIT_DIR ${CMAKE_INSTALL_PREFIX}/lib/systemd/system) 40 | endif() 41 | 42 | set(INSTALL_DIR_MAN "${INSTALL_DIR_SHARE}/man/") 43 | set(INSTALL_DIR_DOC "${INSTALL_DIR_SHARE}/doc/${CMAKE_PROJECT_NAME}/") 44 | -------------------------------------------------------------------------------- /cmake/modules/FindAtomic.cmake: -------------------------------------------------------------------------------- 1 | # Try to find libatomic 2 | # Once done, this will define 3 | # 4 | # ATOMIC_FOUND - system has libatomic 5 | # ATOMIC_LIBRARIES - libraries needed to use libatomic 6 | # 7 | 8 | find_library(ATOMIC_LIBRARY 9 | NAMES atomic libatomic.so.1 10 | HINTS ${ATOMIC_ROOT} ${CMAKE_INSTALL_LIBDIR}) 11 | 12 | include(FindPackageHandleStandardArgs) 13 | find_package_handle_standard_args (Atomic 14 | REQUIRED_VARS ATOMIC_LIBRARY 15 | ) 16 | 17 | if (ATOMIC_FOUND AND NOT TARGET atomic::atomic) 18 | add_library(atomic::atomic STATIC IMPORTED) 19 | set_target_properties(atomic::atomic PROPERTIES 20 | IMPORTED_LOCATION "${ATOMIC_LIBRARY}" 21 | INTERFACE_INCLUDE_DIRECTORIES "${ATOMIC_INCLUDE_DIR}") 22 | target_compile_definitions(atomic::atomic INTERFACE UNWIND_FOUND) 23 | else() 24 | message(CRITICAL "Notice: atomic not found") 25 | add_library(atomic::atomic INTERFACE IMPORTED) 26 | endif() 27 | 28 | unset(ATOMIC_LIBRARY) 29 | -------------------------------------------------------------------------------- /cmake/modules/FindLIBTRAP.cmake: -------------------------------------------------------------------------------- 1 | # Find the libtrap includes and library 2 | # 3 | # This module defines the following IMPORTED targets: 4 | # 5 | # trap::trap - The "trap" library, if found. 6 | # 7 | # This module will set the following variables in your project: 8 | # 9 | # LIBTRAP_INCLUDE_DIRS - where to find , etc. 10 | # LIBTRAP_LIBRARIES - List of libraries when using libtrap. 11 | # LIBTRAP_FOUND - True if the libtrap has been found. 12 | 13 | # Use pkg-config (if available) to get the library directories and then use 14 | # these values as hints for find_path() and find_library() functions. 15 | find_package(PkgConfig QUIET) 16 | if (PKG_CONFIG_FOUND) 17 | pkg_check_modules(PC_LIBTRAP QUIET libtrap) 18 | endif() 19 | 20 | find_path( 21 | LIBTRAP_INCLUDE_DIR libtrap/trap.h 22 | HINTS ${PC_LIBTRAP_INCLUDEDIR} ${PC_LIBTRAP_INCLUDE_DIRS} 23 | PATH_SUFFIXES include 24 | ) 25 | 26 | find_library( 27 | LIBTRAP_LIBRARY NAMES trap libtrap 28 | HINTS ${PC_LIBTRAP_LIBDIR} ${PC_LIBTRAP_LIBRARY_DIRS} 29 | PATH_SUFFIXES lib lib64 30 | ) 31 | 32 | if (PC_LIBTRAP_VERSION) 33 | # Version extracted from pkg-config 34 | set(LIBTRAP_VERSION_STRING ${PC_LIBTRAP_VERSION}) 35 | endif() 36 | 37 | # Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set 38 | # LIBTRAP_FOUND to TRUE if all listed variables are filled. 39 | include(FindPackageHandleStandardArgs) 40 | find_package_handle_standard_args( 41 | LIBTRAP 42 | REQUIRED_VARS LIBTRAP_LIBRARY LIBTRAP_INCLUDE_DIR 43 | VERSION_VAR LIBTRAP_VERSION_STRING 44 | ) 45 | 46 | set(LIBTRAP_INCLUDE_DIRS ${LIBTRAP_INCLUDE_DIR}) 47 | set(LIBTRAP_LIBRARIES ${LIBTRAP_LIBRARY}) 48 | mark_as_advanced(LIBTRAP_INCLUDE_DIR LIBTRAP_LIBRARY) 49 | 50 | if (LIBTRAP_FOUND) 51 | # Create imported library with all dependencies 52 | if (NOT TARGET trap::trap AND EXISTS "${LIBTRAP_LIBRARIES}") 53 | add_library(trap::trap UNKNOWN IMPORTED) 54 | set_target_properties(trap::trap PROPERTIES 55 | IMPORTED_LINK_INTERFACE_LANGUAGES "C" 56 | IMPORTED_LOCATION "${LIBTRAP_LIBRARIES}" 57 | INTERFACE_INCLUDE_DIRECTORIES "${LIBTRAP_INCLUDE_DIRS}") 58 | endif() 59 | endif() 60 | -------------------------------------------------------------------------------- /cmake/modules/FindNFB.cmake: -------------------------------------------------------------------------------- 1 | # Find the nfb-framework includes and library 2 | # 3 | # This module defines the following IMPORTED targets: 4 | # 5 | # nfb::nfb - The "nfb" library, if found. 6 | # 7 | # This module will set the following variables in your project: 8 | # 9 | # NFB_INCLUDE_DIRS - where to find , etc. 10 | # NFB_LIBRARIES - List of libraries when using nfb-framework. 11 | # NFB_FOUND - True if the framework has been found. 12 | 13 | # Use pkg-config (if available) to get the library directories and then use 14 | # these values as hints for find_path() and find_library() functions. 15 | find_package(PkgConfig QUIET) 16 | if (PKG_CONFIG_FOUND) 17 | pkg_check_modules(PC_NFB QUIET nfb-framework) 18 | endif() 19 | 20 | find_path( 21 | NFB_INCLUDE_DIR nfb/nfb.h 22 | HINTS ${PC_NFB_INCLUDEDIR} ${PC_NFB_INCLUDE_DIRS} 23 | PATH_SUFFIXES include 24 | ) 25 | 26 | find_library( 27 | NFB_LIBRARY NAMES nfb libnfb 28 | HINTS ${PC_NFB_LIBDIR} ${PC_NFB_LIBRARY_DIRS} 29 | PATH_SUFFIXES lib lib64 30 | ) 31 | 32 | if (PC_NFB_VERSION) 33 | # Version extracted from pkg-config 34 | set(NFB_VERSION_STRING ${PC_NFB_VERSION}) 35 | endif() 36 | 37 | # Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set 38 | # NFB_FOUND to TRUE if all listed variables are filled. 39 | include(FindPackageHandleStandardArgs) 40 | find_package_handle_standard_args( 41 | NFB 42 | REQUIRED_VARS NFB_LIBRARY NFB_INCLUDE_DIR 43 | VERSION_VAR NFB_VERSION_STRING 44 | ) 45 | 46 | set(NFB_INCLUDE_DIRS ${NFB_INCLUDE_DIR}) 47 | set(NFB_LIBRARIES ${NFB_LIBRARY}) 48 | mark_as_advanced(NFB_INCLUDE_DIR NFB_LIBRARY) 49 | 50 | if (NFB_FOUND) 51 | # Create imported library with all dependencies 52 | if (NOT TARGET nfb::nfb AND EXISTS "${NFB_LIBRARIES}") 53 | add_library(nfb::nfb UNKNOWN IMPORTED) 54 | set_target_properties(nfb::nfb PROPERTIES 55 | IMPORTED_LINK_INTERFACE_LANGUAGES "C" 56 | IMPORTED_LOCATION "${NFB_LIBRARIES}" 57 | INTERFACE_INCLUDE_DIRECTORIES "${NFB_INCLUDE_DIRS}") 58 | endif() 59 | endif() 60 | -------------------------------------------------------------------------------- /cmake/modules/FindNUMA.cmake: -------------------------------------------------------------------------------- 1 | # ~~~ 2 | # - Try to find NUMA include dirs and libraries 3 | # 4 | # Usage of this module as follows: 5 | # 6 | # find_package(NUMA) 7 | # 8 | # Variables defined by this module: 9 | # 10 | # NUMA_FOUND System has NUMA include and library dirs found 11 | # NUMA_INCLUDE_DIR The NUMA include directories. 12 | # NUMA_LIBRARY The NUMA library 13 | # ~~~ 14 | 15 | find_library(NUMA_LIBRARY numa) 16 | find_path(NUMA_INCLUDE_DIR numa.h) 17 | 18 | include(FindPackageHandleStandardArgs) 19 | find_package_handle_standard_args( 20 | NUMA 21 | REQUIRED_VARS NUMA_INCLUDE_DIR NUMA_LIBRARY 22 | FAIL_MESSAGE "NUMA not found! Try to install numactl-devel package.") 23 | 24 | if(NUMA_FOUND AND NOT TARGET numa::numa) 25 | add_library(numa::numa INTERFACE IMPORTED) 26 | set_property(TARGET numa::numa PROPERTY INTERFACE_LINK_LIBRARIES "${NUMA_LIBRARY}") 27 | set_property(TARGET numa::numa PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${NUMA_INCLUDE_DIR}") 28 | endif() 29 | -------------------------------------------------------------------------------- /cmake/modules/FindUNIREC.cmake: -------------------------------------------------------------------------------- 1 | # Find the unirec includes and library 2 | # 3 | # This module defines the following IMPORTED targets: 4 | # 5 | # unirec::unirec - The "unirec" library, if found. 6 | # 7 | # This module will set the following variables in your project: 8 | # 9 | # UNIREC_INCLUDE_DIRS - where to find , etc. 10 | # UNIREC_LIBRARIES - List of libraries when using unirec. 11 | # UNIREC_FOUND - True if the unirec has been found. 12 | 13 | # Use pkg-config (if available) to get the library directories and then use 14 | # these values as hints for find_path() and find_library() functions. 15 | find_package(PkgConfig QUIET) 16 | if (PKG_CONFIG_FOUND) 17 | pkg_check_modules(PC_UNIREC QUIET UNIREC) 18 | endif() 19 | 20 | find_path( 21 | UNIREC_INCLUDE_DIR unirec/unirec.h 22 | HINTS ${PC_UNIREC_INCLUDEDIR} ${PC_UNIREC_INCLUDE_DIRS} 23 | PATH_SUFFIXES include 24 | ) 25 | 26 | find_library( 27 | UNIREC_LIBRARY NAMES unirec libunirec 28 | HINTS ${PC_UNIREC_LIBDIR} ${PC_UNIREC_LIBRARY_DIRS} 29 | PATH_SUFFIXES lib lib64 30 | ) 31 | 32 | if (PC_UNIREC_VERSION) 33 | # Version extracted from pkg-config 34 | set(UNIREC_VERSION_STRING ${PC_UNIREC_VERSION}) 35 | endif() 36 | 37 | # Handle find_package() arguments (i.e. QUIETLY and REQUIRED) and set 38 | # UNIREC_FOUND to TRUE if all listed variables are filled. 39 | include(FindPackageHandleStandardArgs) 40 | find_package_handle_standard_args( 41 | UNIREC 42 | REQUIRED_VARS UNIREC_LIBRARY UNIREC_INCLUDE_DIR 43 | VERSION_VAR UNIREC_VERSION_STRING 44 | ) 45 | 46 | set(UNIREC_INCLUDE_DIRS ${UNIREC_INCLUDE_DIR}) 47 | set(UNIREC_LIBRARIES ${UNIREC_LIBRARY}) 48 | mark_as_advanced(UNIREC_INCLUDE_DIR UNIREC_LIBRARY) 49 | 50 | if (UNIREC_FOUND) 51 | # Create imported library with all dependencies 52 | if (NOT TARGET unirec::unirec AND EXISTS "${UNIREC_LIBRARIES}") 53 | add_library(unirec::unirec UNKNOWN IMPORTED) 54 | set_target_properties(unirec::unirec PROPERTIES 55 | IMPORTED_LINK_INTERFACE_LANGUAGES "C" 56 | IMPORTED_LOCATION "${UNIREC_LIBRARIES}" 57 | INTERFACE_INCLUDE_DIRECTORIES "${UNIREC_INCLUDE_DIRS}") 58 | endif() 59 | endif() 60 | -------------------------------------------------------------------------------- /cmake/modules/FindUnwind.cmake: -------------------------------------------------------------------------------- 1 | # Find unwind library 2 | # Once done this will define 3 | # 4 | # UNWIND_FOUND - system has libunwind 5 | # unwind::unwind - cmake target 6 | 7 | find_package(PkgConfig QUIET) 8 | if (PKG_CONFIG_FOUND) 9 | pkg_check_modules(PC_UNWIND QUIET libunwind) 10 | endif() 11 | 12 | find_path (UNWIND_INCLUDE_DIR 13 | NAMES unwind.h libunwind.h 14 | HINTS ${UNWIND_ROOT} ${PC_UNWIND_INCLUDEDIR} ${PC_UNWIND_INCLUDE_DIRS} 15 | PATH_SUFFIXES ${CMAKE_INSTALL_LIBDIR} 16 | ) 17 | 18 | find_library (UNWIND_LIBRARY 19 | NAMES unwind 20 | HINTS ${UNWIND_ROOT} ${PC_UNWIND_LIBDIR} ${PC_UNWIND_LIBRARY_DIRS} 21 | PATH_SUFFIXES ${CMAKE_INSTALL_LIBDIR} 22 | ) 23 | 24 | mark_as_advanced (UNWIND_INCLUDE_DIR UNWIND_LIBRARY) 25 | 26 | include (FindPackageHandleStandardArgs) 27 | # handle the QUIETLY and REQUIRED arguments and set Unwind_FOUND to TRUE 28 | # if all listed variables are TRUE 29 | find_package_handle_standard_args (Unwind 30 | REQUIRED_VARS UNWIND_INCLUDE_DIR UNWIND_LIBRARY 31 | ) 32 | 33 | if (UNWIND_FOUND AND NOT TARGET unwind::unwind) 34 | add_library(unwind::unwind STATIC IMPORTED) 35 | set_target_properties(unwind::unwind PROPERTIES 36 | IMPORTED_LOCATION "${UNWIND_LIBRARY}" 37 | INTERFACE_INCLUDE_DIRECTORIES "${UNWIND_INCLUDE_DIR}") 38 | target_compile_definitions(unwind::unwind INTERFACE UNWIND_FOUND) 39 | else() 40 | message(WARNING "Notice: UNWIND not found, no unwind support") 41 | add_library(unwind::unwind INTERFACE IMPORTED) 42 | endif() 43 | 44 | unset(UNWIND_INCLUDE_DIR) 45 | unset(UNWIND_LIBRARY) 46 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: ipfixprobe 2 | Section: net 3 | Priority: standard 4 | Maintainer: Tomas Cejka 5 | Build-Depends: autoconf (>=2.69), pkg-config, libtool, make (>=4.2.1), debhelper (>=9), 6 | openssl, libpcap-dev, libpcap0.8, libssl-dev, libatomic1, liblz4-dev 7 | Standards-Version: 4.5.0 8 | Homepage: https://github.com/CESNET/ipfixprobe 9 | Vcs-Git: https://github.com/CESNET/ipfixprobe 10 | Vcs-Browser: https://github.com/CESNET/ipfixprobe 11 | 12 | Package: ipfixprobe 13 | Architecture: any 14 | Multi-Arch: same 15 | Pre-Depends: ${misc:Pre-Depends} 16 | Depends: ${misc:Depends} 17 | Description: IPFIX flow exporter is capable of capturing and online processing 18 | network packets to compute an aggregated IP flow record. The exporter contains 19 | several plugins that extend flow records with additional fields and 20 | characteristics. 21 | -------------------------------------------------------------------------------- /debian/patches/series: -------------------------------------------------------------------------------- 1 | # This is manually managed by users with dquilt (quilt(1) wrapper) 2 | # See http://www.debian.org/doc/manuals/maint-guide/modify.en.html#quiltrc 3 | # Also this may be updated by dpkg-source(1) when making a package. 4 | 5 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # See debhelper(7) (uncomment to enable) 3 | # output every command that modifies files on the build system. 4 | DH_VERBOSE = 1 5 | # exclude VCS paths if needed. 6 | #DH_ALWAYS_EXCLUDE=CVS:.svn:.git 7 | 8 | # see FEATURE AREAS in dpkg-buildflags(1)) 9 | #export DEB_BUILD_MAINT_OPTIONS = hardening=+all 10 | # see ENVIRONMENT in dpkg-buildflags(1)) 11 | # package maintainers to append CFLAGS 12 | #export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic 13 | # package maintainers to append LDFLAGS 14 | #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed 15 | 16 | #override_dh_auto_build: 17 | # $(MAKE) doc 18 | 19 | %: 20 | dh $@ 21 | 22 | override_dh_auto_configure: 23 | dh_auto_configure -- --with-pcap --with-quic 24 | 25 | # debmake generated override targets 26 | # For example, set multiarch library install file path. 27 | # See dpkg-architecture(1) 28 | #DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) 29 | #override_dh_auto_configure: 30 | # cmake -DCMAKE_INSTALL_PREFIX=/usr \ 31 | # -DLIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) 32 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | 3 | -------------------------------------------------------------------------------- /debian/source/include-binaries: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/debian/source/include-binaries -------------------------------------------------------------------------------- /debian/source/local-options: -------------------------------------------------------------------------------- 1 | #### Uncomment to active options. See dpkg-source(1) 2 | #unapply-patches 3 | #abort-on-upstream-changes 4 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | # watch control file for uscan 2 | 3 | # See uscan(1) for how to set this file properly 4 | # * uupdate(1) for upgrade a source code package 5 | # * gbp-import-orig(1) with --uscan for upgrade GIT repo 6 | 7 | # Uncomment to activate the configuration. Erase unused portions. 8 | # Line continuations are performed with the tailing \\ 9 | 10 | # Many complications around package and version strings can be worked 11 | # around using the "opts=" prefix. See PER-SITE OPTIONS in uscan(1). 12 | 13 | # Compulsory line, this is a version 3 file 14 | version=3 15 | 16 | https://github.com/CESNET/ipfixprobe/tags .*/v(\d[\d\.]*)\.(?:tar.gz|tar.bz2|tar.xz) 17 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rockylinux:9 2 | 3 | RUN dnf install -y dnf-plugins-core && \ 4 | dnf copr -y enable @CESNET/NEMEA && \ 5 | dnf copr -y enable @CESNET/ipfixprobe && \ 6 | dnf install -y epel-release && \ 7 | dnf install -y ipfixprobe-nemea ipfixprobe-input-pcap ipfixprobe-nemea-process-experimental && \ 8 | dnf install -y ipfixprobe-nemea-output-unirec nemea && \ 9 | dnf clean all 10 | 11 | RUN mkdir -p /output 12 | WORKDIR /output 13 | ENTRYPOINT ["/bin/bash", "-c"] 14 | 15 | VOLUME ["/output"] 16 | -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | # ipfixprobe Docker wrapper 2 | 3 | This repository contains a Docker container that processes network traffic from a pcap file using `ipfixprobe`. It accepts a pcap file and a processing script, runs it inside the container, and outputs the results in CSV format. 4 | 5 | ## Requirements 6 | * Docker or Podman 7 | * bash 8 | * which, mktemp 9 | 10 | ## Usage 11 | This container performs the following tasks: 12 | 1. Copies a pcap file and processing script into the container. 13 | 2. Runs the ipfixprobe tool to export flows. 14 | 3. Logs the results in CSV format. 15 | 16 | ### Build 17 | 18 | The script builds the image automatically, but be sure that Dockerfile is in the same directory. 19 | 20 | To build the manually image, navigate to the directory containing the Dockerfile and run: 21 | 22 | ```bash 23 | docker build -t docker_ipfixprobe . 24 | ``` 25 | 26 | ### Run 27 | To run, use 28 | 29 | ```bash 30 | bash ./ipfixprobe_wrapper.sh 31 | ``` 32 | 33 | To process a file `../pcaps/mixed.pcap` using a processing script `process_script.sh` and output the results to `output.csv`, use the following wrapper script: 34 | 35 | ```bash 36 | bash ./ipfixprobe_wrapper.sh ./process_script.sh ../pcaps/mixed.pcap ./output.csv 37 | ``` 38 | 39 | * `process_script.sh` Script for processing the pcap file inside the container. 40 | * `input_file.pcap` Path to the input pcap file 41 | * `output_file.csv` Path to the output CSV file 42 | 43 | ### Volumes 44 | 45 | The container uses `/output` as a volume to share files between your host system temporary dir (with `mktemp`) and the container. 46 | -------------------------------------------------------------------------------- /docker/ipfixprobe_wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | IMAGE_NAME="docker_ipfixprobe" 3 | 4 | # Run the ipfixprobe on the input pcap file with defined script, and save the output CSV file to the output path. 5 | PROCESS_SCRIPT_PATH=$1 6 | INPUT_FILE_PATH=$2 7 | OUTPUT_CSV_PATH=$3 8 | 9 | if [ -z "$PROCESS_SCRIPT_PATH" ] || [ -z "$INPUT_FILE_PATH" ] || [ -z "$OUTPUT_CSV_PATH" ] ; then 10 | echo "Usage: $0 " 11 | exit 1 12 | fi 13 | 14 | CONT_BIN="$(which podman 2>/dev/null)" 15 | if [ -z "$CONT_BIN" ]; then 16 | CONT_BIN="$(which docker 2>/dev/null)" 17 | fi 18 | if [ -z "$CONT_BIN" ]; then 19 | echo "Missing podman or docker." 20 | exit 2 21 | fi 22 | 23 | # Check if the Docker image exists 24 | if ! $CONT_BIN image inspect "$IMAGE_NAME" >/dev/null 2>&1; then 25 | echo "Docker image '$IMAGE_NAME' not found. Attempting to build it..." 26 | 27 | # Determine the script directory 28 | SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 29 | DOCKERFILE_PATH="$SCRIPT_DIR/Dockerfile" 30 | 31 | if [ ! -f "$DOCKERFILE_PATH" ]; then 32 | echo "Dockerfile not found at $DOCKERFILE_PATH" 33 | exit 3 34 | fi 35 | 36 | # Build the Docker image 37 | echo "Building Docker image '$IMAGE_NAME'..." 38 | $CONT_BIN build -t "$IMAGE_NAME" -f "$DOCKERFILE_PATH" "$SCRIPT_DIR" 39 | 40 | if [ $? -ne 0 ]; then 41 | echo "Failed to build Docker image." 42 | exit 4 43 | fi 44 | fi 45 | 46 | 47 | INPUT_FILE=$(basename "$INPUT_FILE_PATH") 48 | PROCESS_SCRIPT=$(basename "$PROCESS_SCRIPT_PATH") 49 | TMP_FOLDER="$(mktemp -d)" 50 | 51 | cp "$INPUT_FILE_PATH" "$TMP_FOLDER/$INPUT_FILE" 52 | cp "$PROCESS_SCRIPT_PATH" "$TMP_FOLDER/$PROCESS_SCRIPT" 53 | chmod +x "$TMP_FOLDER/$PROCESS_SCRIPT" 54 | 55 | "$CONT_BIN" run --privileged --rm -v $TMP_FOLDER:/output "$IMAGE_NAME" "/output/$PROCESS_SCRIPT \"$INPUT_FILE\"" 56 | [ -f "$TMP_FOLDER/$INPUT_FILE.csv" ] && cp "$TMP_FOLDER/$INPUT_FILE.csv" "$OUTPUT_CSV_PATH" || echo "No output CSV file found." 57 | 58 | # Clean up 59 | rm "$TMP_FOLDER/$INPUT_FILE" 60 | rm "$TMP_FOLDER/$PROCESS_SCRIPT" 61 | [ -f "$TMP_FOLDER/$INPUT_FILE.csv" ] && rm "$TMP_FOLDER/$INPUT_FILE.csv" 62 | rm -rf "$TMP_FOLDER" 63 | -------------------------------------------------------------------------------- /docker/process_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FILE=$1 # input file 4 | cd /output # workdir 5 | 6 | 7 | ipfixprobe -i "pcap;file=$FILE" -p "pstats" -p "nettisa" -o "unirec;i=f:$FILE.trapcap:timeout=WAIT;p=(pstats,nettisa)" 8 | /usr/bin/nemea/logger -t -i "f:$FILE.trapcap" -w "$FILE.csv" 9 | rm $FILE.trapcap 10 | -------------------------------------------------------------------------------- /docs/404.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: Not Found 3 | description: This does not exist 4 | permalink: /404.html 5 | sitemap: false 6 | --- 7 | -------------------------------------------------------------------------------- /docs/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | gem "webrick" 3 | gem 'jekyll', '~> 4.2.0' 4 | 5 | group :jekyll_plugins do 6 | gem 'jekyll-archives', '~> 2.2.1' 7 | gem 'jekyll-feed', '~> 0.15.1' 8 | gem 'jekyll-paginate', '~> 1.1.0' 9 | gem 'jekyll-seo-tag', '~> 2.7.1' 10 | gem 'jekyll-sitemap', '~> 1.4.0' 11 | end 12 | -------------------------------------------------------------------------------- /docs/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | addressable (2.7.0) 5 | public_suffix (>= 2.0.2, < 5.0) 6 | colorator (1.1.0) 7 | concurrent-ruby (1.1.9) 8 | em-websocket (0.5.2) 9 | eventmachine (>= 0.12.9) 10 | http_parser.rb (~> 0.6.0) 11 | eventmachine (1.2.7) 12 | ffi (1.15.1) 13 | forwardable-extended (2.6.0) 14 | http_parser.rb (0.6.0) 15 | i18n (1.8.10) 16 | concurrent-ruby (~> 1.0) 17 | jekyll (4.2.0) 18 | addressable (~> 2.4) 19 | colorator (~> 1.0) 20 | em-websocket (~> 0.5) 21 | i18n (~> 1.0) 22 | jekyll-sass-converter (~> 2.0) 23 | jekyll-watch (~> 2.0) 24 | kramdown (~> 2.3) 25 | kramdown-parser-gfm (~> 1.0) 26 | liquid (~> 4.0) 27 | mercenary (~> 0.4.0) 28 | pathutil (~> 0.9) 29 | rouge (~> 3.0) 30 | safe_yaml (~> 1.0) 31 | terminal-table (~> 2.0) 32 | jekyll-archives (2.2.1) 33 | jekyll (>= 3.6, < 5.0) 34 | jekyll-feed (0.15.1) 35 | jekyll (>= 3.7, < 5.0) 36 | jekyll-paginate (1.1.0) 37 | jekyll-sass-converter (2.1.0) 38 | sassc (> 2.0.1, < 3.0) 39 | jekyll-seo-tag (2.7.1) 40 | jekyll (>= 3.8, < 5.0) 41 | jekyll-sitemap (1.4.0) 42 | jekyll (>= 3.7, < 5.0) 43 | jekyll-watch (2.2.1) 44 | listen (~> 3.0) 45 | kramdown (2.3.1) 46 | rexml 47 | kramdown-parser-gfm (1.1.0) 48 | kramdown (~> 2.0) 49 | liquid (4.0.3) 50 | listen (3.5.1) 51 | rb-fsevent (~> 0.10, >= 0.10.3) 52 | rb-inotify (~> 0.9, >= 0.9.10) 53 | mercenary (0.4.0) 54 | pathutil (0.16.2) 55 | forwardable-extended (~> 2.6) 56 | public_suffix (4.0.6) 57 | rb-fsevent (0.11.0) 58 | rb-inotify (0.10.1) 59 | ffi (~> 1.0) 60 | rexml (3.2.5) 61 | rouge (3.26.0) 62 | safe_yaml (1.0.5) 63 | sassc (2.4.0) 64 | ffi (~> 1.9) 65 | terminal-table (2.0.0) 66 | unicode-display_width (~> 1.1, >= 1.1.1) 67 | unicode-display_width (1.7.0) 68 | webrick (1.8.1) 69 | 70 | PLATFORMS 71 | ruby 72 | 73 | DEPENDENCIES 74 | jekyll (~> 4.2.0) 75 | jekyll-archives (~> 2.2.1) 76 | jekyll-feed (~> 0.15.1) 77 | jekyll-paginate (~> 1.1.0) 78 | jekyll-seo-tag (~> 2.7.1) 79 | jekyll-sitemap (~> 1.4.0) 80 | webrick 81 | 82 | BUNDLED WITH 83 | 1.17.3 84 | -------------------------------------------------------------------------------- /docs/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016-2020 CloudCannon 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /docs/_data/footer.yml: -------------------------------------------------------------------------------- 1 | - links: 2 | - name: GitHub 3 | link: https://github.com/CESNET/ipfixprobe 4 | new_window: true 5 | social_icon: GitHub 6 | -------------------------------------------------------------------------------- /docs/_data/navigation.yml: -------------------------------------------------------------------------------- 1 | - name: "Installation" 2 | link: /get_options/ 3 | new_window: false 4 | highlight: false 5 | - name: "How to use it" 6 | link: /how/ 7 | new_window: false 8 | highlight: false 9 | - name: "Developer" 10 | link: /developer/ 11 | new_window: false 12 | highlight: false 13 | - name: "Export Data" 14 | link: /export/ 15 | new_window: false 16 | highlight: false 17 | -------------------------------------------------------------------------------- /docs/_export/BSTATS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: BSTATS 3 | description: List of fields exported together with basic flow fields on the interface by BSTATS plugin. The plugin is compiled to export the first BSTATS_MAXELENCOUNT (15 by default) burst in each direction. The bursts are computed separately for each direction. Burst is defined by MINIMAL_PACKETS_IN_BURST (3 by default) and by MAXIMAL_INTERPKT_TIME (1000 ms by default) between packets to be included in a burst. When the flow contains less then MINIMAL_PACKETS_IN_BURST packets, the fields are not exported to reduce output bandwidth. 4 | fields: 5 | - 6 | name: "SBI_BRST_PACKETS" 7 | type: "uint32*" 8 | ipfix: "0/291" 9 | value: " SRC->DST: Number of packets transmitted in ith burst" 10 | - 11 | name: "SBI_BRST_BYTES" 12 | type: "uint32*" 13 | ipfix: "0/291" 14 | value: " SRC->DST: Number of bytes transmitted in ith burst" 15 | - 16 | name: "SBI_BRST_TIME_START" 17 | type: "time*" 18 | ipfix: "0/291" 19 | value: " SRC->DST: Start time of the ith burst" 20 | - 21 | name: "SBI_BRST_TIME_STOP" 22 | type: "time*" 23 | ipfix: "0/291" 24 | value: " SRC->DST: End time of the ith burst" 25 | - 26 | name: "DBI_BRST_PACKETS" 27 | type: "uint32*" 28 | ipfix: "0/291" 29 | value: " DST->SRC: Number of packets transmitted in ith burst" 30 | - 31 | name: "DBI_BRST_BYTES" 32 | type: "uint32*" 33 | ipfix: "0/291" 34 | value: " DST->SRC: Number of bytes transmitted in ith burst" 35 | - 36 | name: "DBI_BRST_TIME_START" 37 | type: "time*" 38 | ipfix: "0/291" 39 | value: " DST->SRC: Start time of the ith burst" 40 | - 41 | name: "DBI_BRST_TIME_STOP" 42 | type: "time*" 43 | ipfix: "0/291" 44 | value: " DST->SRC: End time of the ith burst" 45 | --- 46 | -------------------------------------------------------------------------------- /docs/_export/DNS-SD.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: DNS-SD 3 | description: List of unirec fields exported together with basic flow fields on interface by DNS-SD plugin. 4 | fields: 5 | - 6 | name: "DNSSD_QUERIES" 7 | type: "string" 8 | ipfix: "8057/826" 9 | value: " list of queries for services" 10 | - 11 | name: "DNSSD_RESPONSES" 12 | type: "string" 13 | ipfix: "8057/827" 14 | value: " list of advertised services" 15 | --- 16 | -------------------------------------------------------------------------------- /docs/_export/DNS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: DNS 3 | description: List of unirec fields exported together with basic flow fields on interface by DNS plugin. 4 | fields: 5 | - 6 | name: "DNS_ID" 7 | type: "uint16" 8 | ipfix: "8057/10" 9 | value: "transaction ID" 10 | - 11 | name: "DNS_ANSWERS" 12 | type: "uint16" 13 | ipfix: "8057/14" 14 | value: "number of DNS answer records" 15 | - 16 | name: "DNS_RCODE" 17 | type: "uint8" 18 | ipfix: "8057/1" 19 | value: "response code field" 20 | - 21 | name: "DNS_NAME" 22 | type: "string" 23 | ipfix: "8057/2" 24 | value: "question domain name" 25 | - 26 | name: "DNS_QTYPE" 27 | type: "uint16" 28 | ipfix: "8057/3" 29 | value: "question type field" 30 | - 31 | name: "DNS_CLASS" 32 | type: "uint16" 33 | ipfix: "8057/4" 34 | value: "class field of DNS question" 35 | - 36 | name: "DNS_RR_TTL" 37 | type: "uint32" 38 | ipfix: "8057/5" 39 | value: "resource record TTL field" 40 | - 41 | name: "DNS_RLENGTH" 42 | type: "uint16" 43 | ipfix: "8057/6" 44 | value: "length of DNS_RDATA" 45 | - 46 | ipfix: "8057/7" 47 | name: "DNS_RDATA" 48 | type: "bytes" 49 | value: "resource record specific data" 50 | - 51 | name: "DNS_PSIZE" 52 | type: "uint16" 53 | ipfix: "8057/8" 54 | value: "requestor's payload size" 55 | - 56 | name: "DNS_DO" 57 | type: "uint8" 58 | ipfix: "8057/9" 59 | value: "DNSSEC OK bit" 60 | --- 61 | -------------------------------------------------------------------------------- /docs/_export/Flow Hash.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Flow Hash 3 | description: List of fields exported together with basic flow fields on interface by flow_hash plugin. 4 | fields: 5 | - 6 | name: "FLOW_ID" 7 | type: "uint64" 8 | ipfix: "0/148" 9 | value: " Hash of the flow - unique flow id" 10 | --- 11 | -------------------------------------------------------------------------------- /docs/_export/HTTP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: HTTP 3 | description: List of unirec fields exported together with basic flow fields on interface by HTTP plugin. 4 | fields: 5 | - 6 | name: "HTTP_DOMAIN" 7 | type: "string" 8 | ipfix: "39499/1" 9 | value: "HTTP request host" 10 | - 11 | name: "HTTP_URI" 12 | type: "string" 13 | ipfix: "39499/2" 14 | value: "HTTP request url" 15 | - 16 | name: "HTTP_USERAGENT" 17 | type: "string" 18 | ipfix: "39499/20" 19 | value: "HTTP request user agent" 20 | - 21 | name: "HTTP_REFERER" 22 | type: "string" 23 | ipfix: "39499/3" 24 | value: "HTTP request referer" 25 | - 26 | name: "HTTP_STATUS" 27 | type: "uint16" 28 | ipfix: "39499/12" 29 | value: "HTTP response code" 30 | - 31 | name: "HTTP_CONTENT_TYPE" 32 | type: "string" 33 | ipfix: "39499/10" 34 | value: "HTTP response content type" 35 | - 36 | name: "HTTP_METHOD" 37 | type: "string" 38 | ipfix: "39499/200" 39 | value: "HTTP request method" 40 | - 41 | name: "HTTP_SERVER" 42 | type: "string" 43 | ipfix: "39499/201" 44 | value: "HTTP response server" 45 | - 46 | name: "HTTP_SET_COOKIE_NAMES" 47 | type: "string" 48 | ipfix: "39499/202" 49 | value: "HTTP response all set-cookie names separated by a delimiter" 50 | --- 51 | -------------------------------------------------------------------------------- /docs/_export/ICMP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: ICMP 3 | description: List of fields exported together with basic flow fields on interface by icmp plugin. 4 | fields: 5 | - 6 | name: "L4_ICMP_TYPE_CODE" 7 | type: "uint16" 8 | ipfix: "0/32" 9 | value: " ICMP type (MSB) and code (LSB)" 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /docs/_export/IDPContent.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: IDPContent 3 | description: List of fields exported together with basic flow fields on the interface by IDPContent plugin. The plugin is compiled to export IDPCONTENT_SIZE (100 by default) bytes from the first data packet in SRC -> DST direction, and the first data packet in DST -> SRC direction. 4 | fields: 5 | - 6 | name: "IDP_CONTENT" 7 | type: "bytes" 8 | ipfix: "8057/850" 9 | value: " Content of first data packet from SRC -> DST" 10 | - 11 | name: "IDP_CONTENT_REV" 12 | type: "bytes" 13 | ipfix: "8057/851" 14 | value: " Content of first data packet from DST -> SRC" 15 | --- 16 | -------------------------------------------------------------------------------- /docs/_export/MPLS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: MPLS 3 | description: List of fields exported together with basic flow fields on interface by mpls plugin. 4 | fields: 5 | - 6 | name: "MPLS_TOP_LABEL_STACK_SECTION" 7 | type: "bytes" 8 | ipfix: "0/70" 9 | value: " MPLS label section (without TTL), always 3 bytes" 10 | --- 11 | -------------------------------------------------------------------------------- /docs/_export/MQTT.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: MQTT 3 | description: List of unirec fields exported together with basic flow fields on interface by MQTT plugin. 4 | fields: 5 | - 6 | name: "MQTT_TYPE_CUMULATIVE" 7 | type: "uint16" 8 | ipfix: "8057/1033" 9 | value: " types of packets and session present flag cumulative" 10 | - 11 | name: "MQTT_VERSION" 12 | type: "uint8" 13 | ipfix: "8057/1034" 14 | value: " MQTT version" 15 | - 16 | name: "MQTT_CONNECTION_FLAGS" 17 | type: "uint8" 18 | ipfix: "8057/1035" 19 | value: " last CONNECT packet flags" 20 | - 21 | name: "MQTT_KEEP_ALIVE" 22 | type: "uint16" 23 | ipfix: "8057/1036" 24 | value: " last CONNECT keep alive" 25 | - 26 | name: "MQTT_CONNECTION_RETURN_CODE" 27 | type: "uint8" 28 | ipfix: "8057/1037" 29 | value: " last CONNECT return code" 30 | - 31 | name: "MQTT_PUBLISH_FLAGS" 32 | type: "uint8" 33 | ipfix: "8057/1038" 34 | value: " cumulative of PUBLISH packet flags" 35 | - 36 | name: "MQTT_TOPICS" 37 | type: "string" 38 | ipfix: "8057/1039" 39 | value: " topics from PUBLISH packets headers" 40 | --- 41 | -------------------------------------------------------------------------------- /docs/_export/NTP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: NTP 3 | description: List of unirec fields exported together with basic flow fields on interface by NTP plugin. 4 | fields: 5 | - 6 | name: "NTP_LEAP" 7 | type: "uint8" 8 | ipfix: "8057/18" 9 | value: " NTP leap field" 10 | - 11 | name: "NTP_VERSION" 12 | type: "uint8" 13 | ipfix: "8057/19" 14 | value: " NTP message version" 15 | - 16 | name: "NTP_MODE" 17 | type: "uint8" 18 | ipfix: "8057/20" 19 | value: " NTP mode field" 20 | - 21 | name: "NTP_STRATUM" 22 | type: "uint8" 23 | ipfix: "8057/21" 24 | value: " NTP stratum field" 25 | - 26 | name: "NTP_POLL" 27 | type: "uint8" 28 | ipfix: "8057/22" 29 | value: " NTP poll interval" 30 | - 31 | name: "NTP_PRECISION" 32 | type: "uint8" 33 | ipfix: "8057/23" 34 | value: " NTP precision field" 35 | - 36 | name: "NTP_DELAY" 37 | type: "uint32" 38 | ipfix: "8057/24" 39 | value: " NTP root delay" 40 | - 41 | name: "NTP_DISPERSION" 42 | type: "uint32" 43 | ipfix: "8057/25" 44 | value: " NTP root dispersion" 45 | - 46 | name: "NTP_REF_ID" 47 | type: "string" 48 | ipfix: "8057/26" 49 | value: " NTP reference ID" 50 | - 51 | name: "NTP_REF" 52 | type: "string" 53 | ipfix: "8057/27" 54 | value: " NTP reference timestamp" 55 | - 56 | name: "NTP_ORIG" 57 | type: "string" 58 | ipfix: "8057/28" 59 | value: " NTP origin timestamp" 60 | - 61 | name: "NTP_RECV" 62 | type: "string" 63 | ipfix: "8057/29" 64 | value: " NTP receive timestamp" 65 | - 66 | name: "NTP_SENT" 67 | type: "string" 68 | ipfix: "8057/30" 69 | value: " NTP transmit timestamp" 70 | --- 71 | -------------------------------------------------------------------------------- /docs/_export/NetBIOS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: NetBIOS 3 | description: List of fields exported together with basic flow fields on interface by NetBIOS plugin. 4 | fields: 5 | - 6 | name: "NB_NAME" 7 | type: "string" 8 | ipfix: "8057/831" 9 | value: " NetBIOS Name Service name" 10 | - 11 | name: "NB_SUFFIX" 12 | type: "uint8" 13 | ipfix: "8057/832" 14 | value: " NetBIOS Name Service suffix" 15 | --- 16 | -------------------------------------------------------------------------------- /docs/_export/OSQUERY.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: OSQUERY 3 | description: List of unirec fields exported together with basic flow fields on interface by OSQUERY plugin. 4 | fields: 5 | - 6 | name: "PROGRAM_NAME" 7 | type: "string" 8 | ipfix: "8057/852" 9 | value: " The name of the program that handles the connection" 10 | - 11 | name: "USERNAME" 12 | type: "string" 13 | ipfix: "8057/853" 14 | value: " The name of the user who starts the process" 15 | - 16 | name: "OS_NAME" 17 | type: "string" 18 | ipfix: "8057/854" 19 | value: " Distribution or product name" 20 | - 21 | name: "OS_MAJOR" 22 | type: "uint16" 23 | ipfix: "8057/855" 24 | value: " Major release version" 25 | - 26 | name: "OS_MINOR" 27 | type: "uint16" 28 | ipfix: "8057/856" 29 | value: " Minor release version" 30 | - 31 | name: "OS_BUILD" 32 | type: "string" 33 | ipfix: "8057/857" 34 | value: " Optional build-specific or variant string" 35 | - 36 | name: "OS_PLATFORM" 37 | type: "string" 38 | ipfix: "8057/858" 39 | value: " OS Platform or ID" 40 | - 41 | name: "OS_PLATFORM_LIKE" 42 | type: "string" 43 | ipfix: "8057/859" 44 | value: " Closely related platforms" 45 | - 46 | name: "OS_ARCH" 47 | type: "string" 48 | ipfix: "8057/860" 49 | value: " OS Architecture" 50 | - 51 | name: "KERNEL_VERSION" 52 | type: "string" 53 | ipfix: "8057/861" 54 | value: " Kernel version" 55 | - 56 | name: "SYSTEM_HOSTNAME" 57 | type: "string" 58 | ipfix: "8057/862" 59 | value: " Network hostname including domain" 60 | --- 61 | -------------------------------------------------------------------------------- /docs/_export/OVPN.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: OVPN 3 | description: List of fields exported together with basic flow fields on interface by OVPN plugin. 4 | fields: 5 | - 6 | name: "OVPN_CONF_LEVEL" 7 | type: "uint8" 8 | ipfix: "8057/828" 9 | value: " level of confidence that the flow record is an OpenVPN tunnel" 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /docs/_export/PHISTS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: PHISTS 3 | description: List of fields exported together with basic flow fields on the interface by PHISTS plugin. The plugin exports the histograms of Payload sizes and Inter-Packet-Times for each direction. The histograms bins are scaled logarithmicaly and are shown in following table. 4 | fields: 5 | - 6 | name: "D_PHISTS_IPT" 7 | type: "uint32*" 8 | ipfix: "0/291" 9 | value: " DST->SRC: Histogram of interpacket times" 10 | - 11 | name: "D_PHISTS_SIZES" 12 | type: "uint32*" 13 | ipfix: "0/291" 14 | value: " DST->SRC: Histogram of packet sizes" 15 | - 16 | name: "S_PHISTS_IPT" 17 | type: "uint32*" 18 | ipfix: "0/291" 19 | value: " SRC->DST: Histogram of interpacket times" 20 | - 21 | name: "S_PHISTS_SIZES" 22 | type: "uint32*" 23 | ipfix: "0/291" 24 | value: " SRC->DST: Histogram of packet sizes" 25 | 26 | --- 27 | -------------------------------------------------------------------------------- /docs/_export/PSTATS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: PSTATS 3 | description: "List of unirec fields exported on interface by PSTATS plugin. The plugin is compiled to gather statistics for the first PSTATS_MAXELEMCOUNT (30 by default) packets in the biflow record. Note: the following fields are UniRec arrays (or basicList in IPFIX)." 4 | fields: 5 | - 6 | name: "PPI_PKT_LENGTHS" 7 | type: "uint16*" 8 | ipfix: "0/291" 9 | value: " sizes of the first packets" 10 | - 11 | name: "PPI_PKT_TIMES" 12 | type: "time*" 13 | ipfix: "0/291" 14 | value: " timestamps of the first packets" 15 | - 16 | name: "PPI_PKT_DIRECTIONS" 17 | type: "int8*" 18 | ipfix: "0/291" 19 | value: " directions of the first packets" 20 | - 21 | name: "PPI_PKT_FLAGS" 22 | type: "uint8*" 23 | ipfix: "0/291" 24 | value: " TCP flags for each packet" 25 | --- 26 | -------------------------------------------------------------------------------- /docs/_export/PassiveDNS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: PassiveDNS 3 | description: List of unirec fields exported together with basic flow fields on interface by PassiveDNS plugin. 4 | fields: 5 | - 6 | name: "DNS_ID" 7 | type: "uint16" 8 | ipfix: "8057/10" 9 | value: " transaction ID" 10 | - 11 | name: "DNS_ATYPE" 12 | type: "uint8" 13 | ipfix: "8057/11" 14 | value: " response record type" 15 | - 16 | name: "DNS_NAME" 17 | type: "string" 18 | ipfix: "8057/2" 19 | value: " question domain name" 20 | - 21 | name: "DNS_RR_TTL" 22 | type: "uint32" 23 | ipfix: "8057/5" 24 | value: " resource record TTL field" 25 | 26 | --- 27 | -------------------------------------------------------------------------------- /docs/_export/RTSP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: RTSP 3 | description: List of unirec fields exported together with basic flow fields on interface by RTSP plugin. 4 | fields: 5 | - 6 | name: "RTSP_REQUEST_METHOD" 7 | type: "string" 8 | ipfix: "16982/600" 9 | value: "RTSP request method name" 10 | - 11 | name: "RTSP_REQUEST_AGENT" 12 | type: "string" 13 | ipfix: "16982/601" 14 | value: "RTSP request user agent" 15 | - 16 | name: "RTSP_REQUEST_URI" 17 | type: "string" 18 | ipfix: "16982/602" 19 | value: "RTSP request URI" 20 | - 21 | name: "RTSP_RESPONSE_STATUS_CODE" 22 | type: "uint16" 23 | ipfix: "16982/603" 24 | value: "RTSP response status code" 25 | - 26 | name: "RTSP_RESPONSE_SERVER" 27 | type: "string" 28 | ipfix: "16982/605" 29 | value: "RTSP response server field" 30 | - 31 | name: "RTSP_RESPONSE_CONTENT_TYPE" 32 | type: "string" 33 | ipfix: "16982/604" 34 | value: "RTSP response content type" 35 | --- 36 | -------------------------------------------------------------------------------- /docs/_export/SIP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SIP 3 | description: List of unirec fields exported together with basic flow fields on interface by SIP plugin. 4 | fields: 5 | - 6 | name: "SIP_MSG_TYPE" 7 | type: "uint16" 8 | ipfix: "8057/100" 9 | value: " SIP message code" 10 | - 11 | name: "SIP_STATUS_CODE" 12 | type: "uint16" 13 | ipfix: "8057/101" 14 | value: " status of the SIP request" 15 | - 16 | name: "SIP_CSEQ" 17 | type: "string" 18 | ipfix: "8057/108" 19 | value: " CSeq field of SIP packet" 20 | - 21 | name: "SIP_CALLING_PARTY" 22 | type: "string" 23 | ipfix: "8057/103" 24 | value: " calling party (from) URI" 25 | - 26 | name: "SIP_CALLED_PARTY" 27 | type: "string" 28 | ipfix: "8057/104" 29 | value: " called party (to) URI" 30 | - 31 | name: "SIP_CALL_ID" 32 | type: "string" 33 | ipfix: "8057/102" 34 | value: " call ID" 35 | - 36 | name: "SIP_USER_AGENT" 37 | type: "string" 38 | ipfix: "8057/106" 39 | value: " user agent field of SIP packet" 40 | - 41 | name: "SIP_REQUEST_URI" 42 | type: "string" 43 | ipfix: "8057/107" 44 | value: " SIP request URI" 45 | - 46 | name: "SIP_VIA" 47 | type: "string" 48 | ipfix: "8057/105" 49 | value: " via field of SIP packet" 50 | --- 51 | -------------------------------------------------------------------------------- /docs/_export/SMTP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SMTP 3 | description: List of unirec fields exported on interface by SMTP plugin. 4 | fields: 5 | - 6 | name: "SMTP_2XX_STAT_CODE_COUNT" 7 | type: "uint32" 8 | ipfix: "8057/816" 9 | value: " number of 2XX status codes" 10 | - 11 | name: "SMTP_3XX_STAT_CODE_COUNT" 12 | type: "uint32" 13 | ipfix: "8057/817" 14 | value: " number of 3XX status codes" 15 | - 16 | name: "SMTP_4XX_STAT_CODE_COUNT" 17 | type: "uint32" 18 | ipfix: "8057/818" 19 | value: " number of 4XX status codes" 20 | - 21 | name: "SMTP_5XX_STAT_CODE_COUNT" 22 | type: "uint32" 23 | ipfix: "8057/819" 24 | value: " number of 5XX status codes" 25 | - 26 | name: "SMTP_COMMAND_FLAGS" 27 | type: "uint32" 28 | ipfix: "8057/810" 29 | value: " bit array of commands present" 30 | - 31 | name: "SMTP_MAIL_CMD_COUNT" 32 | type: "uint32" 33 | ipfix: "8057/811" 34 | value: " number of MAIL commands" 35 | - 36 | name: "SMTP_RCPT_CMD_COUNT" 37 | type: "uint32" 38 | ipfix: "8057/812" 39 | value: " number of RCPT commands" 40 | - 41 | name: "SMTP_STAT_CODE_FLAGS" 42 | type: "uint32" 43 | ipfix: "8057/815" 44 | value: " bit array of status codes present" 45 | - 46 | name: "SMTP_DOMAIN" 47 | type: "string" 48 | ipfix: "8057/820" 49 | value: " domain name of the SMTP client" 50 | - 51 | name: "SMTP_FIRST_SENDER" 52 | type: "string" 53 | ipfix: "8057/813" 54 | value: " first sender in MAIL command" 55 | - 56 | name: "SMTP_FIRST_RECIPIENT" 57 | type: "string" 58 | ipfix: "8057/814" 59 | value: " first recipient in RCPT command" 60 | --- 61 | -------------------------------------------------------------------------------- /docs/_export/SSADetector.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SSADetector 3 | description: List of fields exported together with basic flow fields on interface by ssadetector plugin. The detector search for the SYN SYN-ACK ACK pattern in packet lengths. Multiple occurrences of this pattern suggest a tunneled connection. 4 | fields: 5 | - 6 | name: "SSA_CONF_LEVEL" 7 | type: "uint8" 8 | ipfix: "8057/903" 9 | value: " 1 if SSA sequence detected, 0 otherwise" 10 | --- 11 | -------------------------------------------------------------------------------- /docs/_export/SSDP.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: SSDP 3 | description: List of unirec fields exported together with basic flow fields on interface by SSDP plugin. 4 | fields: 5 | - 6 | name: "SSDP_LOCATION_PORT" 7 | type: "uint16" 8 | ipfix: "8057/821" 9 | value: " service port" 10 | - 11 | name: "SSDP_NT" 12 | type: "string" 13 | ipfix: "8057/824" 14 | value: " list of advertised service urns" 15 | - 16 | name: "SSDP_SERVER" 17 | type: "string" 18 | ipfix: "8057/822" 19 | value: " server info" 20 | - 21 | name: "SSDP_ST" 22 | type: "string" 23 | ipfix: "8057/825" 24 | value: " list of queried service urns" 25 | - 26 | name: "SSDP_USER_AGENT" 27 | type: "string" 28 | ipfix: "8057/823" 29 | value: " list of user agents" 30 | --- 31 | -------------------------------------------------------------------------------- /docs/_export/TLS.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: TLS 3 | description: List of unirec fields exported together with basic flow fields on interface by TLS plugin. 4 | fields: 5 | - 6 | name: "TLS_SNI" 7 | type: "string" 8 | ipfix: "8057/808" 9 | value: "TLS server name indication field from client" 10 | - 11 | name: "TLS_ALPN" 12 | type: "string" 13 | ipfix: "39499/337" 14 | value: "TLS application protocol layer negotiation field from server" 15 | - 16 | name: "TLS_VERSION" 17 | type: "uint16" 18 | ipfix: "39499/333" 19 | value: "TLS client protocol version" 20 | - 21 | name: "TLS_JA3" 22 | type: "string" 23 | ipfix: "39499/357" 24 | value: "TLS client JA3 fingerprint" 25 | - 26 | name: "TLS_EXT_TYPE" 27 | type: "uint16" 28 | ipfix: "0/291" 29 | value: "TLS extensions in the TLS Client Hello" 30 | - 31 | name: "TLS_EXT_LEN" 32 | type: "uint16" 33 | ipfix: "0/291" 34 | value: "Length of each TLS extension" 35 | --- 36 | -------------------------------------------------------------------------------- /docs/_export/VLAN.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: VLAN 3 | description: List of fields exported together with basic flow fields on the interface by VLAN plugin. 4 | fields: 5 | - 6 | name: "VLAN_ID" 7 | type: "uint16" 8 | ipfix: "0/58" 9 | value: " Vlan ID (used in flow key)" 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /docs/_export/WG.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: WG 3 | description: List of fields exported together with basic flow fields on interface by WG plugin. 4 | fields: 5 | - 6 | name: "WG_CONF_LEVEL" 7 | type: "uint8" 8 | ipfix: "8057/1100" 9 | value: " level of confidence that the flow record is a WireGuard tunnel" 10 | - 11 | name: "WG_SRC_PEER" 12 | type: "uint32" 13 | ipfix: "8057/1101" 14 | value: " ephemeral SRC peer identifier" 15 | - 16 | name: "WG_DST_PEER" 17 | type: "uint32" 18 | ipfix: "8057/1102" 19 | value: " ephemeral DST peer identifier" 20 | 21 | --- 22 | -------------------------------------------------------------------------------- /docs/_export/basic_plus.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Basic plus 3 | description: List of unirec fields exported together with basic flow fields on interface by basicplus plugin. Fields without _REV suffix are fields from source flow. Fields with _REV are from the opposite direction. 4 | fields: 5 | - 6 | name: "IP_TTL" 7 | type: "uint8" 8 | ipfix: "0/192" 9 | value: "IP TTL field" 10 | - 11 | name: "IP_TTL_REV" 12 | type: "uint8" 13 | ipfix: "29305/192" 14 | value: "IP TTL field" 15 | - 16 | name: "IP_FLG" 17 | type: "uint8" 18 | ipfix: "0/197" 19 | value: "IP FLAGS" 20 | - 21 | name: "IP_FLG_REV" 22 | type: "uint8" 23 | ipfix: "29305/197" 24 | value: "IP FLAGS" 25 | - 26 | name: "TCP_WIN" 27 | type: "uint16" 28 | ipfix: "0/186" 29 | value: "TCP window size" 30 | - 31 | name: "TCP_WIN_REV" 32 | type: "uint16" 33 | ipfix: "29305/186" 34 | value: "TCP window size" 35 | - 36 | name: "TCP_OPT" 37 | type: "uint64" 38 | ipfix: "0/209" 39 | value: "TCP options bitfield" 40 | - 41 | name: "TCP_OPT_REV" 42 | type: "uint64" 43 | ipfix: "29305/209" 44 | value: "TCP options bitfield" 45 | - 46 | name: "TCP_MSS" 47 | type: "uint32" 48 | ipfix: "8057/900" 49 | value: "TCP maximum segment size" 50 | - 51 | name: "TCP_MSS_REV" 52 | type: "uint32" 53 | ipfix: "8057/901" 54 | value: "TCP maximum segment size" 55 | - 56 | name: "TCP_SYN_SIZE" 57 | type: "uint16" 58 | ipfix: "8057/902" 59 | value: "TCP SYN packet size" 60 | --- 61 | -------------------------------------------------------------------------------- /docs/_get_options/_defaults.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: 3 | description: 4 | code: 5 | --- 6 | -------------------------------------------------------------------------------- /docs/_get_options/a_rhel_packages.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installation from binary packages (RPM) (recommended) 3 | description: We use COPR infrastructure to build and serve ipfixprobe packages. Currently, we support packages for RPM-based distributions, such as OracleLinux, RockyLinux, ... EPEL version 8 or 9. 4 | 5 | instructions: 6 | - 7 | description: "Install copr repository." 8 | code: 9 | - "dnf install -y dnf-plugins-core && dnf copr -y enable @CESNET/NEMEA-stable" 10 | 11 | - 12 | description: "After succesfull instalation of COPR, you can install the ipfixprobe via yum or dnf." 13 | code: 14 | - "dnf install ipfixprobe" 15 | 16 | --- 17 | -------------------------------------------------------------------------------- /docs/_get_options/build_from_source.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Build from source codes 3 | description: You can build ipfixprobe from source codes available at github. 4 | 5 | instructions: 6 | - 7 | description: "Install requirements" 8 | code: 9 | - "dnf -y install wget curl net-tools gcc gcc-c++ git libtool libpcap-devel libunwind libssl-devel libpcap-devel" 10 | - 11 | description: "Now get the ipfixprobe source codes" 12 | code: 13 | - "git clone https://github.com/CESNET/ipfixprobe.git" 14 | - cd ipfixprobe 15 | - autoreconf -i 16 | - 17 | description: "Ipfixprobe uses autotools to setup the build process. We encourage you to explore ./configure.sh -h to see all the available options. Nevertheless, for standard (max 1Gbps) network monitoroing without any specialized tools, you should use following configuration." 18 | code: 19 | - "./configure.sh --with-pcap --with-quic --with-unwind" 20 | - 21 | description: "Then just make the ipfixprobe and install it. You might need root privileges for installation." 22 | code: 23 | - "make -j 2" 24 | - "sudo make install" 25 | 26 | - 27 | description: "Optional NEMEA plugin. Ipfixprobe can export data directly to NEMEA framework. If you want to use this feature, you need to install NEMEA dependencies and enable this feature in autotools script." 28 | code: 29 | - "dnf install libtrap-devel unirec-devel" 30 | - "./configure.sh --with-pcap --with-quic --with-unwind --with-nemea" 31 | - "make -j 2" 32 | - sudo make install 33 | --- 34 | -------------------------------------------------------------------------------- /docs/_get_options/openwrt.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installation on Turris (OpenWrt routers) 3 | description: CESNET feed is officially supported by CZ.NIC, so installation on Turris devices is easy! Contrary for other OpenWrt devices, it is most likely necessary to compile a package; see our NEMEA-OpenWrt feed for more details or contact us. Installation on Turris can be done via SSH, which is described bellow, or using LUCI intuitive interface. 4 | 5 | instructions: 6 | - 7 | description: "Update repository metadata" 8 | code: 9 | - opkg update 10 | 11 | - 12 | description: "Install ipfixprobe" 13 | code: 14 | - opkg install ipfixprobe 15 | 16 | - 17 | description: "Optionally for LUCI configuration page, install luci-app-ipfixprobe" 18 | code: 19 | - opkg install luci-app-ipfixprobe 20 | 21 | --- 22 | -------------------------------------------------------------------------------- /docs/_how/storage plugin.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Storage plugin 3 | description: Storage plugin defines how flows are internally stored. Use -s to specify storage plugin. 4 | 5 | options: 6 | - 7 | title: "Cache" 8 | description: "Currently only available plugin. Hash table is used to keep flows. Hash table is divided into rows. Each row is managed as LRU. " 9 | parameters: 10 | - 11 | name: "s or size" 12 | description: "Defines count of flows that are kept in the cache at once. Cache size is 2s." 13 | - 14 | name: "l or line" 15 | description: "Defines length of the cache line. Line length is 2l." 16 | - 17 | name: "a or active" 18 | description: "Defines active timeout. When there is a flow, that is active for more than -a seconds, its exported." 19 | - 20 | name: "i or inactive" 21 | description: "Defines inactive timeout. When there is a flow, that is inactive for more than -i seconds, its exported." 22 | - 23 | name: "S or split " 24 | description: "Boolean flag. Defines if the bidirectional flow between two nodes is splitted into 2 separate unidirectional flows." 25 | - 26 | name: "fe/frag-enable, fs/frag-size, ft/frag-timeout" 27 | description: "Used to enable completing fragmented packets into one packet. Framentation cache size is fs and timeout to consider fragments belong to same packet is ft." 28 | runs: 29 | - 30 | explanation: "Store flows using 'cache' " 31 | code: "./ipfixprobe -s 'cache' -i 'pcap;file=PATH;'" 32 | --- 33 | -------------------------------------------------------------------------------- /docs/_includes/list-posts.html: -------------------------------------------------------------------------------- 1 | {% for post in include.posts %} 2 |
  • 3 |

    {{ post.title }}

    4 | {% include post-title.html post=post %} 5 |
    6 | {{ post.excerpt }} 7 |
    Read More
    8 |
    9 |
    • 10 | {% endfor %} 11 | -------------------------------------------------------------------------------- /docs/_includes/navigation.html: -------------------------------------------------------------------------------- 1 | 16 | -------------------------------------------------------------------------------- /docs/_includes/post-title.html: -------------------------------------------------------------------------------- 1 |

    2 | {% for category in include.post.categories %} 3 | 4 | {{ category | capitalize }} 5 | 6 | {% endfor %} 7 | {% if include.post.date %} 8 | {{ include.post.date | date: "%B %d, %Y" }} 9 | {% endif %} 10 |

    11 | -------------------------------------------------------------------------------- /docs/_includes/relative-src.html: -------------------------------------------------------------------------------- 1 | {% assign prefix = include.src | slice: 0, 2 %}{% assign protocol = include.src | slice: 0, 4 %}{% unless protocol == 'http' or prefix == "//" %}{{ site.baseurl }}{% endunless %}{{ include.src }} 2 | -------------------------------------------------------------------------------- /docs/_layouts/archive.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: page 3 | --- 4 | 5 |
    6 | {% assign blog = site.pages | where: "path", "blog/index.html" | first %} 7 | 8 | {% if blog.title %} 9 |

    {{ blog.title }}

    10 | {% endif %} 11 | 12 | {% if blog.description %} 13 |

    {{ blog.description }}

    14 | {% endif %} 15 | 16 |
    17 | {{ page.title | capitalize }} 18 |
    19 | 20 |
      21 | {% include list-posts.html posts=page.posts %} 22 |
    23 |
    24 | -------------------------------------------------------------------------------- /docs/_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | {% seo %} 9 | {% feed_meta %} 10 | 11 | 12 | 13 | 14 | {% if jekyll.environment == 'production' and site.google_analytics_key != '' %} 15 | 20 | 21 | {% endif %} 22 | 23 | 24 |
    25 |
    26 |
    Hydra Logo
    27 | {% include navigation.html %} 28 |
    29 |
    30 | {{ content }} 31 | 51 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /docs/_layouts/page.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: default 3 | --- 4 |
    5 |
    6 |
    7 | {% if page.heading %} 8 |

    {{ page.heading }}

    9 | {% elsif page.title and page.layout != 'archive' %} 10 |

    {{ page.title }}

    11 | {% endif %} 12 | {% if page.description %} 13 |

    {{ page.description }}

    14 | {% endif %} 15 | {{ content }} 16 |
    17 |
    18 |
    19 | -------------------------------------------------------------------------------- /docs/_layouts/post.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: page 3 | --- 4 |
    5 | {% include post-title.html post=page %} 6 |
    7 | {{ content }} 8 | 9 |
    10 | {% if page.previous.url %} 11 | 12 | {% endif %} 13 | {% if page.next.url %} 14 | 15 | {% endif %} 16 |
    17 | 18 | {% if site.disqus_shortname and page.comments %} 19 |
    20 | 34 | 35 | {% endif %} 36 |
    37 |
    38 | -------------------------------------------------------------------------------- /docs/_sass/blog.scss: -------------------------------------------------------------------------------- 1 | .blog-posts { 2 | list-style: none; 3 | padding: 0; 4 | 5 | li { 6 | margin: 100px 0; 7 | } 8 | } 9 | 10 | .blog-post { 11 | .author { 12 | padding: 30px 0 0 0; 13 | border: 1px solid #eee; 14 | margin: 30px 0; 15 | font-size: .8em; 16 | 17 | .square-image { 18 | width: 125px; 19 | height: 125px; 20 | margin-top: 0; 21 | } 22 | .blurb { 23 | text-align: center; 24 | } 25 | } 26 | 27 | h3 { 28 | margin: 0; 29 | a { 30 | color: #000; 31 | text-decoration: none; 32 | font-weight: normal; 33 | font-size: 1.3em; 34 | } 35 | } 36 | 37 | h2 { 38 | text-align: left; 39 | } 40 | 41 | .blog-navigation { 42 | font-size: 14px; 43 | display: block; 44 | width: auto; 45 | overflow: hidden; 46 | a { 47 | display: block; 48 | width: 50%; 49 | float: left; 50 | margin: 1em 0; 51 | } 52 | 53 | .next { 54 | text-align: right; 55 | } 56 | } 57 | 58 | .post-details { 59 | border-bottom: 1px solid #eee; 60 | font-size: .9em; 61 | 62 | .blog-filter { 63 | display: inline-block; 64 | text-align: left; 65 | 66 | a { 67 | position: relative; 68 | top: -5px; 69 | } 70 | } 71 | 72 | a { 73 | text-decoration: none; 74 | } 75 | 76 | .post-date { 77 | float: right; 78 | } 79 | 80 | &:after { 81 | content: ""; 82 | display: table; 83 | clear: both; 84 | } 85 | } 86 | 87 | .post-content { 88 | .button { 89 | margin: 30px 0 0 0; 90 | } 91 | } 92 | } 93 | 94 | .pagination { 95 | text-align: center; 96 | } 97 | 98 | .blog-filter { 99 | text-align: center; 100 | a { 101 | background: #eee; 102 | padding: 3px 5px; 103 | font-size: .8em; 104 | border-radius: 5px; 105 | color: #888; 106 | transition: .2s ease-in-out; 107 | 108 | &:hover { 109 | color: #555; 110 | text-decoration: none; 111 | } 112 | } 113 | } 114 | 115 | .blog-filter.cross a { 116 | padding-right: 8px; 117 | 118 | &:after { 119 | content: "x"; 120 | font-size: .5em; 121 | position: relative; 122 | bottom: 4px; 123 | right: -3px; 124 | } 125 | } 126 | -------------------------------------------------------------------------------- /docs/_sass/cloudcannon.scss: -------------------------------------------------------------------------------- 1 | .editor-link, .nav-open nav .editor-link { 2 | display: none; 3 | margin-top: 0; 4 | 5 | .btn { 6 | border: 0; 7 | border-radius: 2px; 8 | width: 100%; 9 | max-width: 500px; 10 | box-sizing: border-box; 11 | font-size: 2rem; 12 | text-decoration: none; 13 | padding: 10px 15px; 14 | margin: 0; 15 | font-size: 18px; 16 | } 17 | 18 | nav &, .btn { 19 | cursor: pointer; 20 | background-color: #f7e064; 21 | color: #333; 22 | box-shadow: 1px 1px 5px 0 rgba(0, 0, 0, 0.2); 23 | 24 | &:hover { 25 | background-color: #f4d525; 26 | color: #333; 27 | } 28 | } 29 | } 30 | 31 | .cms-editor-active .editor-link { 32 | display: block; 33 | } 34 | 35 | .cms-editor-active nav .editor-link { 36 | display: inline; 37 | } 38 | -------------------------------------------------------------------------------- /docs/_sass/contact.scss: -------------------------------------------------------------------------------- 1 | .map { 2 | width: 100%; 3 | margin: 100px 0; 4 | height: 400px; 5 | } 6 | 7 | .contact-box { 8 | max-width: 750px; 9 | margin: 0 auto; 10 | text-align: center; 11 | 12 | form { 13 | width: 100% 14 | } 15 | 16 | p { 17 | margin: 0; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /docs/_sass/developer.scss: -------------------------------------------------------------------------------- 1 | 2 | 3 | hr { 4 | margin-top: 10px; 5 | width: 100%; 6 | } 7 | table { 8 | border-collapse: collapse; 9 | width: 100%; 10 | } 11 | th, td { 12 | border: 1px solid black; 13 | padding: 8px; 14 | text-align: left; 15 | } 16 | .hidden { 17 | display: none; 18 | } 19 | .clickable { 20 | cursor: pointer; 21 | padding: 0.2em; 22 | } 23 | .clickable:hover { 24 | color: #D3163C; 25 | background-color: #CCCCCC; 26 | padding: 0.2em; 27 | } 28 | -------------------------------------------------------------------------------- /docs/_sass/elements.scss: -------------------------------------------------------------------------------- 1 | html { 2 | background: #2b2b40; 3 | } 4 | 5 | html, body { 6 | margin: 0; 7 | padding: 0; 8 | } 9 | 10 | body { 11 | font-family: "San Francisco", "Helvetica Neue", "Helvetica", "Arial"; 12 | word-wrap:break-word; 13 | } 14 | 15 | table { 16 | overflow-x: scroll; 17 | display:block; 18 | } 19 | 20 | a { 21 | color: #00a4ca; 22 | text-decoration: none; 23 | } 24 | 25 | a:hover { 26 | text-decoration: underline; 27 | } 28 | 29 | h1 strong, h2 strong { 30 | font-weight: 700; 31 | } 32 | 33 | h1 { 34 | font-weight: 300; 35 | font-size: 2.3em; 36 | margin: 0; 37 | } 38 | 39 | h2 { 40 | font-weight: 300; 41 | font-size: 2.2em; 42 | margin: 0 0 13px 0; 43 | } 44 | 45 | h3 { 46 | margin: 20px 0 10px 0; 47 | } 48 | 49 | 50 | p, address { 51 | font-size: 1.1em; 52 | color: #666; 53 | margin-bottom: 20px; 54 | font-weight: 300; 55 | line-height: 1.4em; 56 | } 57 | -------------------------------------------------------------------------------- /docs/_sass/footer.scss: -------------------------------------------------------------------------------- 1 | .footer-links { 2 | width: 100%; 3 | margin: 10px; 4 | padding: 0; 5 | 6 | @media #{$tablet} { 7 | -webkit-flex: 1 0 180px; 8 | flex: 1 0 180px; 9 | } 10 | 11 | li { 12 | list-style: none; 13 | margin: 15px auto; 14 | 15 | @media #{$tablet} { 16 | max-width: 150px; 17 | } 18 | a { 19 | 20 | &:hover { 21 | text-decoration: none; 22 | } 23 | svg { 24 | fill: #999; 25 | margin-right: 10px; 26 | transition: fill 0.2s ease; 27 | vertical-align: middle; 28 | position: relative; 29 | top: -2px; 30 | width: 22px; 31 | height: 22px; 32 | } 33 | 34 | &:hover svg { 35 | fill: #fff; 36 | } 37 | 38 | &.twitter-icon:hover svg { 39 | fill: #55acee; 40 | } 41 | 42 | &.google-plus-icon:hover svg { 43 | fill: #db4437; 44 | } 45 | 46 | &.youtube-icon:hover svg { 47 | fill: #cd201f; 48 | } 49 | 50 | &.instagram-icon:hover svg { 51 | fill: #f167f5; 52 | } 53 | 54 | &.linkedin-icon:hover svg { 55 | fill: #0077b5; 56 | } 57 | 58 | &.pinterest-icon:hover svg { 59 | fill: #bd081c; 60 | } 61 | 62 | &.rss-icon:hover svg { 63 | fill: #f26522; 64 | } 65 | } 66 | } 67 | } 68 | 69 | footer { 70 | text-align: center; 71 | padding: 50px 0 50px 0; 72 | font-size: 1.1em; 73 | position: relative; 74 | background: $footer-color; 75 | color: #fff; 76 | 77 | .copyright { 78 | font-size: .8em; 79 | margin: 0 auto; 80 | 81 | @media #{$tablet} { 82 | text-align: center; 83 | } 84 | 85 | } 86 | 87 | &, 88 | a { 89 | color: #999; 90 | } 91 | 92 | h2 { 93 | font-size: 1.4em; 94 | margin: 30px 0; 95 | color: #ccc; 96 | } 97 | 98 | .footer-columns { 99 | @extend %flexbox; 100 | @include flex-flow(wrap); 101 | margin: -10px -10px 10px -10px; 102 | } 103 | 104 | a { 105 | text-decoration: none; 106 | 107 | &:hover { 108 | color: #fff; 109 | } 110 | } 111 | 112 | .legal-line { 113 | width: 100%; 114 | padding: 30px 0; 115 | margin: 0; 116 | background-color: #222527; 117 | 118 | a { 119 | font-weight: 600; 120 | } 121 | } 122 | } 123 | -------------------------------------------------------------------------------- /docs/_sass/forms.scss: -------------------------------------------------------------------------------- 1 | .button a, input[type=submit] { 2 | color: #fff; 3 | text-decoration: none; 4 | padding: 10px 30px; 5 | background: $brand-color; 6 | border-radius: 3px; 7 | border: 1px solid rgba(255,255,255,.5); 8 | transition: .2s ease-in-out; 9 | } 10 | 11 | .button a:hover, input[type=submit]:hover { 12 | border: 1px solid #fff; 13 | background: $secondary-brand-color; 14 | cursor: pointer; 15 | } 16 | 17 | .button.alt a { 18 | background: rgba(255,255,255,0.15); 19 | border-radius: 3px; 20 | border: 1px solid rgba(255, 255, 255, 0.3); 21 | padding: 16px 50px; 22 | } 23 | 24 | .button.alt a:hover { 25 | background: #fff; 26 | color: $brand-color; 27 | } 28 | 29 | textarea, input, button, select { font-family: inherit; font-size: inherit; } 30 | 31 | input[type=submit] { 32 | margin: 20px 0 0 0; 33 | } 34 | 35 | label, input, textarea { 36 | display: block; 37 | width: 100%; 38 | box-sizing: border-box; 39 | } 40 | 41 | textarea { 42 | resize: vertical; 43 | height: 150px; 44 | } 45 | 46 | label { 47 | margin: 20px 0 5px 0; 48 | } 49 | 50 | input, textarea { 51 | padding: 10px; 52 | font-size: 1em; 53 | } 54 | 55 | input, textarea { 56 | -webkit-transition: all 0.30s ease-in-out; 57 | -moz-transition: all 0.30s ease-in-out; 58 | -ms-transition: all 0.30s ease-in-out; 59 | -o-transition: all 0.30s ease-in-out; 60 | outline: none; 61 | border: 1px solid #DDDDDD; 62 | } 63 | 64 | input[type=text]:focus, input[type=email]:focus, input[type=password]:focus, textarea:focus { 65 | box-shadow: 0 0 5px rgba(81, 203, 238, 1); 66 | border: 1px solid rgba(81, 203, 238, 1); 67 | } 68 | -------------------------------------------------------------------------------- /docs/_sass/get_options.scss: -------------------------------------------------------------------------------- 1 | 2 | 3 | section span { 4 | background-color: #eee; 5 | border: 1px solid #999; 6 | display: block; 7 | padding: 20px; 8 | } 9 | -------------------------------------------------------------------------------- /docs/_sass/how.scss: -------------------------------------------------------------------------------- 1 | 2 | 3 | section span { 4 | background-color: #eee; 5 | border: 1px solid #999; 6 | display: block; 7 | padding: 20px; 8 | margin-bottom: 10px; 9 | } 10 | 11 | p { 12 | font-weight: normal; 13 | margin: 0px; 14 | } 15 | 16 | hr { 17 | margin-top: 10px; 18 | width: 100%; 19 | } 20 | ul, ol { 21 | margin: 0.25em 0 0 0; 22 | 23 | } 24 | 25 | h2 { 26 | font-size: 1.5em; 27 | margin: 0.5em 0 0.5em 0; 28 | } 29 | -------------------------------------------------------------------------------- /docs/_sass/landing-page.scss: -------------------------------------------------------------------------------- 1 | .bottom-cta { 2 | background: linear-gradient(to bottom, $brand-color 0%, $middle-gradient-color 100%); 3 | color: #fff; 4 | text-align: center; 5 | margin: 0; 6 | padding: 100px 0; 7 | 8 | h2 { 9 | margin-bottom: 50px; 10 | } 11 | } 12 | 13 | .testimonial { 14 | background: #f5f5f5; 15 | margin: 0; 16 | padding: 100px 0; 17 | 18 | .testimonial-block { 19 | max-width: 750px; 20 | width: 98%; 21 | margin: 0 auto; 22 | 23 | @media #{$tablet} { 24 | @include flexbox; 25 | 26 | blockquote { 27 | -webkit-flex: 1; 28 | flex: 1; 29 | } 30 | } 31 | } 32 | } 33 | 34 | .hero { 35 | color: #ffffff; 36 | text-align: center; 37 | background: linear-gradient(to bottom, $middle-gradient-color 0%, $secondary-brand-color 100%) no-repeat #a05fb7; 38 | padding-top: 50px; 39 | 40 | p { 41 | color: #fff; 42 | } 43 | } 44 | 45 | 46 | 47 | @media #{$desktop} { 48 | .flex { 49 | @include flexbox; 50 | align-items: center; 51 | flex-direction: row; 52 | 53 | .text, .image { 54 | -webkit-flex: 1; 55 | flex: 1; 56 | padding: 0 20px; 57 | } 58 | } 59 | 60 | .content section:nth-child(even) .flex { 61 | flex-direction: row-reverse; 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /docs/_sass/mixins/columns.scss: -------------------------------------------------------------------------------- 1 | @mixin columns($value) { 2 | columns: $value; 3 | -webkit-columns: $value; 4 | -moz-columns: $value; 5 | } 6 | -------------------------------------------------------------------------------- /docs/_sass/navigation.scss: -------------------------------------------------------------------------------- 1 | .nav-open nav { 2 | border-bottom: 1px dotted rgba(255, 255, 255, .2); 3 | padding: 10px 0; 4 | a { 5 | display: block; 6 | } 7 | 8 | @media #{$mid-point} { 9 | border: 0; 10 | padding: 0 20px; 11 | 12 | a { 13 | display: inline; 14 | } 15 | } 16 | } 17 | 18 | nav { 19 | text-transform: uppercase; 20 | font-size: .8em; 21 | width: 100%; 22 | 23 | @media #{$mid-point} { 24 | text-align: right; 25 | position: absolute; 26 | top: 13px; 27 | right: 0; 28 | padding: 0 20px; 29 | } 30 | 31 | 32 | a { 33 | margin: 0 3px; 34 | padding: 20px 10px; 35 | border-bottom: 1px solid rgba(255,255,255,0); 36 | color: rgba(255,255,255,.8); 37 | transition: .2s ease-in-out; 38 | display: none; 39 | 40 | @media #{$mid-point} { 41 | display: inline; 42 | padding: 10px; 43 | } 44 | 45 | 46 | &.nav-toggle { 47 | display: inline; 48 | position: absolute; 49 | right: 10px; 50 | top: -22px; 51 | font-size: 1.9em; 52 | border: 0; 53 | 54 | @media #{$mid-point} { 55 | display: none; 56 | } 57 | 58 | &:hover { 59 | border: 0; 60 | } 61 | } 62 | } 63 | 64 | a:hover { 65 | 66 | border-bottom: 1px solid rgba(255,255,255,.3); 67 | color: #fff; 68 | } 69 | 70 | @media #{$mid-point} { 71 | a.highlight { 72 | border: 1px #ccc solid; 73 | border-radius: 5px; 74 | 75 | &:hover { 76 | background: #fff; 77 | color: $brand-color; 78 | } 79 | } 80 | } 81 | 82 | a.active { 83 | color: #fff; 84 | } 85 | 86 | } 87 | -------------------------------------------------------------------------------- /docs/_sass/pricing.scss: -------------------------------------------------------------------------------- 1 | .plans { 2 | @extend %flexbox; 3 | @include flex-flow(wrap); 4 | padding: 50px 0 30px 0; 5 | 6 | .plan { 7 | list-style: none; 8 | padding: 0; 9 | margin: 0 10px 50px 10px; 10 | text-align: center; 11 | border: 1px solid #eee; 12 | border-radius: 5px; 13 | box-shadow: 0px 0px 10px #eee; 14 | width: 100%; 15 | 16 | .highlighted { 17 | font-size: 1.2em 18 | } 19 | 20 | .pricing-cta { 21 | padding: 0; 22 | 23 | a { 24 | display: block; 25 | box-sizing: border-box; 26 | padding: 20px 0; 27 | border-radius: 0 0 2px 2px; 28 | border: 0; 29 | } 30 | } 31 | 32 | @media #{$desktop} { 33 | -webkit-flex: 1; 34 | flex: 1; 35 | } 36 | 37 | li { 38 | border-top-right-radius: 5px; 39 | border-top-left-radius: 5px; 40 | padding: 20px 0; 41 | h3 { 42 | padding: 0; 43 | margin: 0; 44 | color: #fff; 45 | font-weight: normal; 46 | } 47 | } 48 | } 49 | } 50 | 51 | .faq { 52 | @media #{$desktop} { 53 | @include columns(2); 54 | } 55 | color: #666; 56 | div { 57 | break-inside: avoid; 58 | padding: 25px 0; 59 | } 60 | 61 | dt { 62 | font-weight: bold; 63 | margin: 0 0 5px 0; 64 | } 65 | 66 | dd { 67 | padding: 0; 68 | margin: 0; 69 | 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /docs/_sass/staff.scss: -------------------------------------------------------------------------------- 1 | .staff { 2 | padding: 0; 3 | list-style: none; 4 | @extend %flexbox; 5 | @include flex-flow(wrap); 6 | text-align: center; 7 | li { 8 | padding: 30px 20px; 9 | box-sizing: border-box; 10 | width: 100%; 11 | 12 | @media #{$tablet} { 13 | @include flex(1, 1, 45%); 14 | } 15 | 16 | @media #{$desktop} { 17 | @include flex(1, 1, 29%); 18 | } 19 | 20 | } 21 | 22 | .square-image { 23 | width: 200px; 24 | height: 200px; 25 | img { 26 | border-radius: 200px; 27 | } 28 | } 29 | 30 | .name { 31 | font-size: 1.3em; 32 | margin-top: 20px; 33 | } 34 | 35 | .position { 36 | color: #666; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /docs/_sass/variables.scss: -------------------------------------------------------------------------------- 1 | $brand-color: #333333; 2 | $secondary-brand-color: #333333; 3 | $footer-color: #000000; 4 | $middle-gradient-color: mix($brand-color, $secondary-brand-color, 95%); 5 | 6 | // Breakpoints 7 | $tablet: "(min-width: 450px)"; 8 | $mid-point: "(min-width: 620px)"; 9 | $desktop: "(min-width: 768px)"; 10 | -------------------------------------------------------------------------------- /docs/apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/apple-touch-icon.png -------------------------------------------------------------------------------- /docs/blog/index.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: Blog 3 | description: Keep up with the latest news. 4 | --- 5 | 6 |
    7 |

    Add Post

    8 |
      9 | {% include list-posts.html posts=paginator.posts %} 10 |
    11 | 12 | {% if paginator.total_pages > 1 %} 13 | 14 | 25 | {% endif %} 26 |
    27 | -------------------------------------------------------------------------------- /docs/css/screen.scss: -------------------------------------------------------------------------------- 1 | --- 2 | --- 3 | @import "mixins/flexbox"; 4 | @import "mixins/columns"; 5 | @import "variables"; 6 | @import "elements"; 7 | @import "landing-page"; 8 | @import "layout"; 9 | @import "pricing"; 10 | @import "staff"; 11 | @import "contact"; 12 | @import "blog"; 13 | @import "forms"; 14 | @import "navigation"; 15 | @import "footer"; 16 | @import "cloudcannon"; 17 | @import "get_options"; 18 | @import "developer"; 19 | @import "how"; 20 | -------------------------------------------------------------------------------- /docs/export.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: Export data 3 | heading: Export data 4 | --- 5 | 6 | 7 | {% assign sorted_export = site.export | sort: 'title' %} 8 |
    9 |
    10 |
    11 |

    Process plugins can export data. Export format of each plugin is described in this section

    12 |
    13 | {% for export_table in sorted_export %} 14 |
    15 |

    {{export_table.title}}

    16 | {% assign textId = export_table.title | append: "_text" %} 17 | 18 | {% assign tableId = export_table.title | append: "_table" %} 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | {% for row in export_table.fields %} 30 | 31 | 32 | 33 | 34 | 35 | 36 | {% endfor %} 37 | 38 | 39 | {% endfor %} 40 |
    41 |
    42 |
    43 |
    44 | 45 | 58 | -------------------------------------------------------------------------------- /docs/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/favicon.png -------------------------------------------------------------------------------- /docs/get_options.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installation of ipfixprobe 3 | heading: How to install ipfixprobe? 4 | --- 5 | 6 | {% for option in site.get_options %} 7 |
    8 |
    9 |
    10 |

    {{ option.title }}

    11 |

    {{ option.description }}

    12 |
    13 |
    14 | {%if option.instructions %} 15 | {% for instruction in option.instructions %} 16 |

    {{ instruction.description }}

    17 | 18 | {% for line in instruction.code %} 19 | {{line}}
    20 | {% endfor %} 21 |     22 | {% endfor %} 23 | {% endif %} 24 |
    25 |
    26 |
    27 | {% endfor %} 28 |
    29 | Continue reading with "How to use it"... 30 |
    31 | -------------------------------------------------------------------------------- /docs/images/_screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/_screenshot.png -------------------------------------------------------------------------------- /docs/images/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/dashboard.png -------------------------------------------------------------------------------- /docs/images/datacenter.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/datacenter.jpeg -------------------------------------------------------------------------------- /docs/images/github.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/github.png -------------------------------------------------------------------------------- /docs/images/ipfixprobe_architecture.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/ipfixprobe_architecture.jpg -------------------------------------------------------------------------------- /docs/images/network.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/network.jpg -------------------------------------------------------------------------------- /docs/images/router.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/images/router.jpeg -------------------------------------------------------------------------------- /docs/index.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: ipfixprobe 3 | description: free and high-performance flow monitoring probe! 4 | --- 5 |
    6 |
    7 |

    High-performance flow monitoring probe.

    8 |

    Monitor and analyze your network traffic for free!

    9 |
    Get Started
    10 |
    11 |
    12 | 13 |
    14 |
    15 |
    16 |
    17 |

    Does ipfixprobe support small routers?

    18 |

    The ipfixprobe exporter can be deployed to small SOHO routers with OpenWRT operating systems. In case of Turris routers, ipfixprobe is available in its standard repositories.

    19 |
    20 | 21 |
    22 |
    23 | 24 |
    25 |
    26 |
    27 |

    How shall I deploy ipfixprobe on my network?

    28 |

    The ipfixprobe supports multiple inputs. From the high-speed DPDK or NDP inputs produced by specialized 100 Gbps network monitoring cards, 29 | to slower interfaces such as libpcap that is supported in any operating system.

    30 |
    31 | 32 |
    33 |
    34 | 35 |
    36 |
    37 |
    38 |

    How can I get the data?

    39 |

    The ipfixprobe support multiple output plugins. From the basic ones, where flow data are dumped to standard output in form of text to the standard IPFIX format, that can be used together with IPFIX collectors such as ipfixcol2, which enables multiple additional format outputs. Just check out the documentation to learn how to use ipfixprobe and ipfixcol2 together with systems like Apache Kafka or ELK.

    40 |
    41 | 42 |
    43 |
    44 | 45 | 46 | 47 |
    48 |

    Let's monitor your network now!

    49 |
    Get Started
    50 |
    51 |
    52 | -------------------------------------------------------------------------------- /docs/robots.txt: -------------------------------------------------------------------------------- 1 | --- 2 | layout: null 3 | sitemap: false 4 | --- 5 | User-agent: * 6 | Sitemap: {{ site.url }}/sitemap.xml 7 | -------------------------------------------------------------------------------- /docs/touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/docs/touch-icon.png -------------------------------------------------------------------------------- /external/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include(FetchContent) 2 | include(ExternalProject) 3 | 4 | set(FETCHCONTENT_QUIET OFF) 5 | 6 | include(telemetry.cmake) 7 | -------------------------------------------------------------------------------- /external/telemetry.cmake: -------------------------------------------------------------------------------- 1 | # Telemetry library (C++ library for telemetry data collection with Fuse integration) 2 | # 3 | # The Telemetry library consists of two libraries that can be added as dependency: 4 | # 5 | # - telemetry::telemetry (C++ library for telemetry data collection) 6 | # - telemetry::appFs (C++ library that expose telemetry data as a Fuse filesystem) 7 | 8 | set(TELEMETRY_BUILD_SHARED OFF) 9 | set(TELEMETRY_INSTALL_TARGETS OFF) 10 | set(TELEMETRY_PACKAGE_BUILDER OFF) 11 | set(TELEMETRY_ENABLE_TESTS OFF) 12 | 13 | set(CMAKE_POSITION_INDEPENDENT_CODE ON) 14 | 15 | set(GIT_REPO https://github.com/CESNET/telemetry.git) 16 | 17 | FetchContent_Declare( 18 | telemetry 19 | GIT_REPOSITORY ${GIT_REPO} 20 | GIT_TAG v1.1.0 21 | ) 22 | 23 | # Make sure that subproject accepts predefined build options without warnings. 24 | set(CMAKE_POLICY_DEFAULT_CMP0077 NEW) 25 | 26 | FetchContent_MakeAvailable(telemetry) 27 | -------------------------------------------------------------------------------- /include/ipfixprobe/api.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Definitions for API functions 4 | * @author Pavel Siska 5 | * @date 2025 6 | * 7 | * Copyright (c) 2025 CESNET 8 | * 9 | * SPDX-License-Identifier: BSD-3-Clause 10 | */ 11 | 12 | #pragma once 13 | 14 | /** 15 | * \def IPXP_API 16 | * \brief Macro for exporting public API symbols 17 | * 18 | * This macro is used to explicitly mark symbols that are part of the public API. 19 | * If the compiler supports visibility attributes, it ensures that only symbols 20 | * marked with this macro are exported, while others remain hidden. 21 | * 22 | * Using this macro helps reduce the symbol table size, improves load time, 23 | * and minimizes symbol conflicts by keeping internal symbols hidden. 24 | * 25 | * Example usage: 26 | * \code 27 | * class IPXP_API MyClass { 28 | * public: 29 | * void doSomething(); 30 | * }; 31 | * \endcode 32 | */ 33 | #define IPXP_API [[gnu::visibility("default")]] 34 | -------------------------------------------------------------------------------- /include/ipfixprobe/byte-utils.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file byte-utils.hpp 3 | * \brief Byte manipulation utilities 4 | * \author Jiri Havranek 5 | * \author Tomas Cejka 6 | * \author Karel Hynek 7 | * \date 2020 8 | */ 9 | /* 10 | * Copyright (C) 2020 CESNET 11 | * 12 | * LICENSE TERMS 13 | * 14 | * Redistribution and use in source and binary forms, with or without 15 | * modification, are permitted provided that the following conditions 16 | * are met: 17 | * 1. Redistributions of source code must retain the above copyright 18 | * notice, this list of conditions and the following disclaimer. 19 | * 2. Redistributions in binary form must reproduce the above copyright 20 | * notice, this list of conditions and the following disclaimer in 21 | * the documentation and/or other materials provided with the 22 | * distribution. 23 | * 3. Neither the name of the Company nor the names of its contributors 24 | * may be used to endorse or promote products derived from this 25 | * software without specific prior written permission. 26 | * 27 | * 28 | * 29 | */ 30 | 31 | #ifndef IPXP_BYTE_UTILS_HPP 32 | #define IPXP_BYTE_UTILS_HPP 33 | 34 | #include 35 | #include 36 | #include 37 | 38 | namespace ipxp { 39 | 40 | /** 41 | * \brief Swaps byte order of 8 B value. 42 | * @param value Value to swap 43 | * @return Swapped value 44 | */ 45 | #if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN 46 | static inline uint64_t swap_uint64(uint64_t value) 47 | { 48 | return value; 49 | } 50 | #elif defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN 51 | static inline uint64_t swap_uint64(uint64_t value) 52 | { 53 | value = ((value << 8) & 0xFF00FF00FF00FF00ULL) | ((value >> 8) & 0x00FF00FF00FF00FFULL); 54 | value = ((value << 16) & 0xFFFF0000FFFF0000ULL) | ((value >> 16) & 0x0000FFFF0000FFFFULL); 55 | return (value << 32) | (value >> 32); 56 | } 57 | #else 58 | #error "Please fix " 59 | #endif 60 | 61 | void phton64(uint8_t* p, uint64_t v); 62 | uint64_t pntoh64(const void* p); 63 | 64 | /** 65 | * \brief Swaps byte order of float value. 66 | * @param value Value to swap 67 | * @return Swapped value 68 | */ 69 | uint32_t htonf(float value); 70 | 71 | } // namespace ipxp 72 | 73 | #endif /* IPXP_BYTE_UTILS_HPP */ 74 | -------------------------------------------------------------------------------- /include/ipfixprobe/ipaddr.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file ipaddr.hpp 3 | * \brief Structure for storage of IPv4 or IPv6 address. 4 | * \author Jiri Havranek 5 | * \date 2016 6 | */ 7 | /* 8 | * Copyright (C) 2016 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | * 25 | * 26 | * 27 | */ 28 | 29 | #ifndef IPXP_IPADDR_HPP 30 | #define IPXP_IPADDR_HPP 31 | 32 | namespace ipxp { 33 | 34 | enum IP : uint8_t { v4 = 4, v6 = 6 }; 35 | 36 | /** 37 | * \brief Store IPv4 or IPv6 address. 38 | */ 39 | typedef union ipaddr_u { 40 | uint8_t v6[16]; /**< IPv6 address. */ 41 | uint32_t v4; /**< IPv4 address */ 42 | } ipaddr_t; 43 | 44 | } // namespace ipxp 45 | #endif /* IPXP_IPADDR_HPP */ 46 | -------------------------------------------------------------------------------- /include/ipfixprobe/outputPlugin.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Generic interface of output plugin 4 | * @author Pavel Siska 5 | * @author Vaclav Bartos 6 | * @author Jiri Havranek 7 | * @date 2025 8 | * 9 | * Copyright (c) 2025 CESNET 10 | * 11 | * SPDX-License-Identifier: BSD-3-Clause 12 | */ 13 | 14 | #pragma once 15 | 16 | #include "api.hpp" 17 | #include "flowifc.hpp" 18 | #include "plugin.hpp" 19 | #include "processPlugin.hpp" 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | namespace ipxp { 27 | 28 | #define DEFAULT_EXPORTER_ID 1 29 | 30 | /** 31 | * \brief Base class for flow exporters. 32 | */ 33 | class IPXP_API OutputPlugin : public Plugin { 34 | public: 35 | using ProcessPlugins = std::vector>>; 36 | uint64_t m_flows_seen; /**< Number of flows received to export. */ 37 | uint64_t m_flows_dropped; /**< Number of flows that could not be exported. */ 38 | 39 | OutputPlugin() 40 | : m_flows_seen(0) 41 | , m_flows_dropped(0) 42 | { 43 | } 44 | virtual ~OutputPlugin() {} 45 | 46 | virtual void init(const char* params, ProcessPlugins& plugins) = 0; 47 | 48 | enum class Result { EXPORTED = 0, DROPPED }; 49 | /** 50 | * \brief Send flow record to output interface. 51 | * \param [in] flow Flow to send. 52 | * \return 0 on success 53 | */ 54 | virtual int export_flow(const Flow& flow) = 0; 55 | 56 | /** 57 | * \brief Force exporter to flush flows to collector. 58 | */ 59 | virtual void flush() {} 60 | }; 61 | 62 | /** 63 | * @brief Factory template for creating plugins. 64 | * 65 | * This template allows dynamic creation of plugin instances based on the specified 66 | * base class and constructor argument types. 67 | * 68 | * @tparam Base The base class for the plugin. 69 | * @tparam Args The argument types required for the plugin constructor. 70 | */ 71 | template 72 | class IPXP_API PluginFactory; 73 | 74 | /** 75 | * @brief Type alias for the OutputPlugin factory. 76 | * 77 | * Provides a factory for creating OutputPlugin instances using a string-based constructor. 78 | */ 79 | using OutputPluginFactory 80 | = PluginFactory; 81 | 82 | } // namespace ipxp 83 | -------------------------------------------------------------------------------- /include/ipfixprobe/parser-stats.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \brief Definition of the ParserStats structure for storing parser statistics 4 | * \author Pavel Siska 5 | * \date 2024 6 | */ 7 | /* 8 | * Copyright (C) 2024 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #pragma once 27 | 28 | #include 29 | 30 | namespace ipxp { 31 | 32 | /** 33 | * \brief Structure for storing parser statistics. 34 | */ 35 | struct ParserStats { 36 | uint64_t mpls_packets; 37 | uint64_t vlan_packets; 38 | uint64_t pppoe_packets; 39 | uint64_t trill_packets; 40 | 41 | uint64_t ipv4_packets; 42 | uint64_t ipv6_packets; 43 | 44 | uint64_t tcp_packets; 45 | uint64_t udp_packets; 46 | 47 | uint64_t seen_packets; 48 | uint64_t unknown_packets; 49 | }; 50 | 51 | } // namespace ipxp 52 | -------------------------------------------------------------------------------- /include/ipfixprobe/telemetry-utils.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \brief Contains the TelemetryUtils class for managing telemetry data. 4 | * \author Pavel Siska 5 | * \date 2024 6 | */ 7 | /* 8 | * Copyright (C) 2024 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #pragma once 27 | 28 | #include 29 | #include 30 | 31 | #include 32 | 33 | namespace ipxp { 34 | 35 | class TelemetryUtils { 36 | public: 37 | /** 38 | * @brief Register a File in the telemetry holder 39 | * 40 | * If the file is already registered, it will not be registered again. 41 | * 42 | * @param directory Directory to register the file in 43 | * @param filename Name of the file 44 | * @param ops File operations 45 | */ 46 | void register_file( 47 | std::shared_ptr directory, 48 | const std::string_view& filename, 49 | telemetry::FileOps ops) 50 | { 51 | if (directory->getEntry(filename)) { 52 | return; 53 | } 54 | 55 | auto file = directory->addFile(filename, ops); 56 | m_holder.add(file); 57 | } 58 | 59 | protected: 60 | telemetry::Holder m_holder; 61 | }; 62 | 63 | } // namespace ipxp 64 | -------------------------------------------------------------------------------- /init/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | install(FILES 2 | link0.conf.example 3 | DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/ipfixprobe 4 | ) 5 | 6 | install(FILES 7 | ipfixprobe-monitoring.target 8 | ipfixprobe@.service 9 | DESTINATION ${INSTALL_UNIT_DIR} 10 | ) 11 | 12 | install(PROGRAMS ipfixprobed DESTINATION ${CMAKE_INSTALL_BINDIR}) 13 | install(FILES schema.json DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/") 14 | install(PROGRAMS config2args.py DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/") 15 | -------------------------------------------------------------------------------- /init/ipfixprobe-monitoring.target: -------------------------------------------------------------------------------- 1 | # This target makes sure that all enabled exporters are started, stopped, or 2 | # restarted at the same time when "ipfixprobe-monitoring.target" is, 3 | # respectively, started, stopped, or restarted. 4 | 5 | [Unit] 6 | Description=ipfixprobe monitoring target 7 | -------------------------------------------------------------------------------- /init/ipfixprobe@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Start ipfixprobe IP Flow exporter as a service 3 | 4 | # Ensure that hanic service is loaded: 5 | After=network-online.target 6 | PartOf=ipfixprobe-monitoring.target 7 | 8 | [Service] 9 | Type=simple 10 | Restart=on-failure 11 | 12 | # 13 | # The name of configuration file is specified in %I. It has to be escaped with systemd-escape! 14 | # Note: See man systemd-escape(1), "-p" 15 | # The configuration file must be stored in /etc/ipfixprobe 16 | 17 | ExecStart=/usr/bin/ipfixprobed "%I" 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | WantedBy=ipfixprobe-monitoring.target 22 | -------------------------------------------------------------------------------- /pkg/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | if (NOT RELEASE) 2 | string(TIMESTAMP RELEASE "%Y%m%d%H%M%S") 3 | endif() 4 | 5 | set(TGZ_FILE "${CMAKE_CURRENT_BINARY_DIR}/ipfixprobe-${VERSION}-${RELEASE}.tar.gz") 6 | set(TGZ_FILE_MSEC "${CMAKE_CURRENT_BINARY_DIR}/ipfixprobe-msec-${VERSION}-${RELEASE}.tar.gz") 7 | set(TGZ_FILE_NEMEA "${CMAKE_CURRENT_BINARY_DIR}/ipfixprobe-nemea-${VERSION}-${RELEASE}.tar.gz") 8 | 9 | add_subdirectory(tgz) 10 | 11 | if (ENABLE_RPMBUILD) 12 | add_subdirectory(rpm) 13 | endif() 14 | -------------------------------------------------------------------------------- /pkg/tgz/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | find_package(Git REQUIRED) 2 | 3 | add_custom_target(tgz 4 | COMMENT "Generating tar.gz package..." 5 | WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" 6 | COMMAND 7 | "${GIT_EXECUTABLE}" "archive" 8 | "--prefix=ipfixprobe-${VERSION}/" 9 | "--output=${TGZ_FILE}" 10 | "HEAD" 11 | ) 12 | 13 | add_custom_target(tgz-msec 14 | COMMENT "Generating tar.gz package..." 15 | WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" 16 | COMMAND 17 | "${GIT_EXECUTABLE}" "archive" 18 | "--prefix=ipfixprobe-msec-${VERSION}/" 19 | "--output=${TGZ_FILE_MSEC}" 20 | "HEAD" 21 | ) 22 | 23 | add_custom_target(tgz-nemea 24 | COMMENT "Generating tar.gz package..." 25 | WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}" 26 | COMMAND 27 | "${GIT_EXECUTABLE}" "archive" 28 | "--prefix=ipfixprobe-nemea-${VERSION}/" 29 | "--output=${TGZ_FILE_NEMEA}" 30 | "HEAD" 31 | ) 32 | -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(core) 2 | add_subdirectory(plugins) 3 | 4 | configure_file( 5 | ${CMAKE_SOURCE_DIR}/src/buildConfig.hpp.in 6 | ${CMAKE_BINARY_DIR}/src/buildConfig.hpp 7 | ) 8 | -------------------------------------------------------------------------------- /src/buildConfig.hpp.in: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Build configuration 4 | * @author Pavel Siska 5 | * @date 2025 6 | * 7 | * Copyright (c) 2025 CESNET 8 | * 9 | * SPDX-License-Identifier: BSD-3-Clause 10 | */ 11 | 12 | #pragma once 13 | 14 | #define IPXP_APP_NAME "ipfixprobe" 15 | #define IPXP_APP_VERSION "@VERSION@" 16 | 17 | #define IPXP_DEFAULT_PLUGINS_DIR "@INSTALL_DIR_LIB@/ipfixprobe/" 18 | -------------------------------------------------------------------------------- /src/core/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_library(ipfixprobe-core STATIC 2 | ipfixprobe.cpp 3 | ipfixprobe.hpp 4 | options.cpp 5 | ring.c 6 | stacktrace.cpp 7 | stacktrace.hpp 8 | stats.cpp 9 | stats.hpp 10 | utils.cpp 11 | workers.cpp 12 | workers.hpp 13 | inputPlugin.cpp 14 | pluginManager.cpp 15 | pluginManager.hpp 16 | ) 17 | 18 | 19 | target_include_directories(ipfixprobe-core PUBLIC 20 | ${CMAKE_SOURCE_DIR}/include 21 | ${CMAKE_BINARY_DIR}/src 22 | ) 23 | 24 | target_compile_options(ipfixprobe-core PRIVATE -fPIC) 25 | 26 | set(CORE_LIB -Wl,--whole-archive ipfixprobe-core -Wl,--no-whole-archive) 27 | 28 | target_link_libraries(ipfixprobe-core 29 | pthread 30 | telemetry::telemetry 31 | telemetry::appFs 32 | atomic::atomic 33 | unwind::unwind 34 | ${CMAKE_DL_LIBS} 35 | ) 36 | 37 | add_executable(ipfixprobe main.cpp) 38 | target_link_libraries(ipfixprobe ${CORE_LIB}) 39 | target_link_options(ipfixprobe PRIVATE -Wl,--export-dynamic) 40 | 41 | set_target_properties( 42 | ipfixprobe PROPERTIES 43 | CXX_VISIBILITY_PRESET hidden 44 | VISIBILITY_INLINES_HIDDEN YES 45 | ) 46 | 47 | install(TARGETS ipfixprobe DESTINATION "${INSTALL_DIR_BIN}") 48 | -------------------------------------------------------------------------------- /src/core/inputPlugin.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Implementation of InputPlugin telemetry integration 4 | * @author Pavel Siska 5 | * @date 2025 6 | * 7 | * This file contains the implementation of telemetry-related functions for 8 | * the InputPlugin class. It provides functionality to register parser statistics 9 | * in the telemetry system and manage telemetry directories. 10 | * 11 | * Copyright (c) 2025 CESNET 12 | * 13 | * SPDX-License-Identifier: BSD-3-Clause 14 | */ 15 | 16 | #include 17 | 18 | namespace ipxp { 19 | 20 | static telemetry::Content get_parser_stats_content(const ParserStats& parserStats) 21 | { 22 | telemetry::Dict dict; 23 | dict["mpls_packets"] = parserStats.mpls_packets; 24 | dict["vlan_packets"] = parserStats.vlan_packets; 25 | dict["pppoe_packets"] = parserStats.pppoe_packets; 26 | dict["trill_packets"] = parserStats.trill_packets; 27 | 28 | dict["ipv4_packets"] = parserStats.ipv4_packets; 29 | dict["ipv6_packets"] = parserStats.ipv6_packets; 30 | 31 | dict["tcp_packets"] = parserStats.tcp_packets; 32 | dict["udp_packets"] = parserStats.udp_packets; 33 | 34 | dict["seen_packets"] = parserStats.seen_packets; 35 | dict["unknown_packets"] = parserStats.unknown_packets; 36 | 37 | return dict; 38 | } 39 | 40 | void InputPlugin::create_parser_stats_telemetry( 41 | std::shared_ptr queueDirectory) 42 | { 43 | telemetry::FileOps statsOps 44 | = {[this]() { return get_parser_stats_content(m_parser_stats); }, nullptr}; 45 | register_file(queueDirectory, "parser-stats", statsOps); 46 | } 47 | 48 | void InputPlugin::set_telemetry_dirs( 49 | std::shared_ptr plugin_dir, 50 | std::shared_ptr queues_dir) 51 | { 52 | create_parser_stats_telemetry(queues_dir); 53 | configure_telemetry_dirs(plugin_dir, queues_dir); 54 | } 55 | 56 | } // namespace ipxp 57 | -------------------------------------------------------------------------------- /src/core/main.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file main.cpp 3 | * \brief Main file of the ipfixprobe exporter 4 | * \author Jiri Havranek 5 | * \date 2021 6 | */ 7 | /* 8 | * Copyright (C) 2021 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | * 25 | * 26 | * 27 | */ 28 | 29 | #include "ipfixprobe.hpp" 30 | 31 | int main(int argc, char* argv[]) 32 | { 33 | try { 34 | return ipxp::run(argc, argv); 35 | } catch (std::runtime_error& e) { 36 | std::cerr << "Error: " << e.what() << std::endl; 37 | } 38 | return EXIT_FAILURE; 39 | } 40 | -------------------------------------------------------------------------------- /src/core/stacktrace.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file stacktrace.h 3 | * \brief Stack trace functions header file 4 | * \author Jiri Havranek 5 | * \date 2021 6 | */ 7 | /* 8 | * Copyright (C) 2021 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | * 25 | * 26 | * 27 | */ 28 | 29 | #ifndef IPXP_STACKTRACE_HPP 30 | #define IPXP_STACKTRACE_HPP 31 | 32 | namespace ipxp { 33 | 34 | void st_dump(int fd, int sig); 35 | 36 | } // namespace ipxp 37 | #endif /* IPXP_STACKTRACE_HPP */ 38 | -------------------------------------------------------------------------------- /src/plugins/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(input) 2 | add_subdirectory(output) 3 | add_subdirectory(process) 4 | add_subdirectory(storage) 5 | 6 | 7 | if(ENABLE_NEMEA OR ENABLE_OUTPUT_UNIREC) 8 | message(STATUS "Running ur_processor script for process plugins") 9 | 10 | set(OUTPUT_DIR ${CMAKE_BINARY_DIR}/src/plugins/nemea-fields/) 11 | file(MAKE_DIRECTORY ${OUTPUT_DIR}) 12 | 13 | set(GENERATED_SOURCES 14 | ${OUTPUT_DIR}/fields.c 15 | ${OUTPUT_DIR}/fields.h 16 | ) 17 | 18 | execute_process( 19 | COMMAND /usr/bin/nemea/ur_processor.sh -i ${CMAKE_CURRENT_SOURCE_DIR} -o ${OUTPUT_DIR} 20 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 21 | RESULT_VARIABLE SCRIPT_RESULT 22 | ) 23 | 24 | if(NOT SCRIPT_RESULT EQUAL 0) 25 | message(FATAL_ERROR "Script ur_processor failed") 26 | endif() 27 | 28 | add_custom_target(generate_nemea_files DEPENDS ${GENERATED_SOURCES}) 29 | 30 | add_library(ipfixprobe-nemea-fields STATIC 31 | ${GENERATED_SOURCES} 32 | ) 33 | 34 | add_dependencies(ipfixprobe-nemea-fields generate_nemea_files) 35 | target_include_directories(ipfixprobe-nemea-fields PUBLIC ${OUTPUT_DIR}) 36 | 37 | endif() 38 | -------------------------------------------------------------------------------- /src/plugins/input/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(raw) 2 | 3 | if (ENABLE_INPUT_PCAP) 4 | add_subdirectory(pcap) 5 | endif() 6 | 7 | if (ENABLE_INPUT_DPDK) 8 | add_subdirectory(dpdk) 9 | endif() 10 | 11 | if (ENABLE_INPUT_NFB) 12 | add_subdirectory(nfb) 13 | endif() 14 | -------------------------------------------------------------------------------- /src/plugins/input/dpdk/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-input-dpdk VERSION 1.0.0 DESCRIPTION "ipfixprobe-input-dpdk plugin") 2 | 3 | add_library(ipfixprobe-input-dpdk MODULE 4 | src/dpdk.cpp 5 | src/dpdkDevice.cpp 6 | src/dpdkDevice.hpp 7 | src/dpdk.hpp 8 | src/dpdkMbuf.cpp 9 | src/dpdkMbuf.hpp 10 | src/dpdkPortTelemetry.cpp 11 | src/dpdkPortTelemetry.hpp 12 | src/dpdkTelemetry.cpp 13 | src/dpdkTelemetry.hpp 14 | src/dpdk-ring.cpp 15 | src/dpdk-ring.hpp 16 | ../parser/parser.cpp 17 | ../parser/parser.hpp 18 | ) 19 | 20 | set_target_properties(ipfixprobe-input-dpdk PROPERTIES 21 | CXX_VISIBILITY_PRESET hidden 22 | VISIBILITY_INLINES_HIDDEN YES 23 | ) 24 | 25 | target_include_directories(ipfixprobe-input-dpdk PRIVATE 26 | ${DPDK_INCLUDE_DIRS} 27 | ${CMAKE_SOURCE_DIR}/include/ 28 | ${CMAKE_SOURCE_DIR}/src/plugins/input/parser 29 | ) 30 | 31 | target_compile_options(ipfixprobe-input-dpdk PRIVATE ${DPDK_CFLAGS_OTHER}) 32 | target_compile_options(ipfixprobe-input-dpdk PRIVATE -Wno-volatile -Wno-pedantic) 33 | 34 | target_link_libraries(ipfixprobe-input-dpdk PRIVATE 35 | telemetry::telemetry 36 | ${DPDK_LIBRARIES} 37 | ) 38 | 39 | install(TARGETS ipfixprobe-input-dpdk 40 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/input/" 41 | ) 42 | -------------------------------------------------------------------------------- /src/plugins/input/dpdk/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/input/dpdk/README.md -------------------------------------------------------------------------------- /src/plugins/input/dpdk/src/dpdkMbuf.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \brief Implementation of the DpdkMbuf class. 4 | * \author Pavel Siska 5 | * \date 2023 6 | */ 7 | /* 8 | * Copyright (C) 2023 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #include "dpdkMbuf.hpp" 27 | 28 | namespace ipxp { 29 | 30 | DpdkMbuf::DpdkMbuf(size_t mBufsCount) 31 | : m_mBufsCount(mBufsCount) 32 | , m_mBufsInUse(0) 33 | { 34 | m_mBufs.resize(mBufsCount); 35 | } 36 | 37 | void DpdkMbuf::resize(size_t mBufsCount) 38 | { 39 | releaseMbufs(); 40 | m_mBufs.resize(mBufsCount); 41 | m_mBufsCount = mBufsCount; 42 | } 43 | 44 | void DpdkMbuf::setMbufsInUse(size_t mBufsInUse) noexcept 45 | { 46 | m_mBufsInUse = mBufsInUse; 47 | } 48 | 49 | DpdkMbuf::~DpdkMbuf() 50 | { 51 | releaseMbufs(); 52 | } 53 | 54 | uint16_t DpdkMbuf::maxSize() const noexcept 55 | { 56 | return m_mBufsCount; 57 | } 58 | 59 | uint16_t DpdkMbuf::size() const noexcept 60 | { 61 | return m_mBufsInUse; 62 | } 63 | 64 | rte_mbuf** DpdkMbuf::data() 65 | { 66 | return m_mBufs.data(); 67 | } 68 | 69 | void DpdkMbuf::releaseMbufs() 70 | { 71 | for (auto mBufID = 0; mBufID < m_mBufsInUse; mBufID++) { 72 | rte_pktmbuf_free(m_mBufs[mBufID]); 73 | } 74 | m_mBufsInUse = 0; 75 | } 76 | 77 | } // namespace ipxp 78 | -------------------------------------------------------------------------------- /src/plugins/input/dpdk/src/dpdkPortTelemetry.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \brief Class for managing port telemetry. 4 | * \author Pavel Siska 5 | * \date 2024 6 | */ 7 | /* 8 | * Copyright (C) 2024 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #pragma once 27 | 28 | #include 29 | #include 30 | 31 | #include 32 | 33 | namespace ipxp { 34 | 35 | /** 36 | * @brief Class for managing DPDK port telemetry 37 | * 38 | * This class integrates and monitors telemetry information for a specific DPDK port. 39 | */ 40 | class DpdkPortTelemetry { 41 | public: 42 | /** 43 | * @brief Constructor for DpdkPortTelemetry 44 | * 45 | * Creates an instance of the class for a specific DPDK port and adds telemetry files to the 46 | * directory. 47 | * 48 | * @param portId ID of the DPDK port 49 | * @param dir Directory for telemetry files 50 | */ 51 | DpdkPortTelemetry(uint16_t portId, const std::shared_ptr& dir); 52 | 53 | private: 54 | const uint16_t M_PORT_ID; 55 | telemetry::Holder m_holder; 56 | }; 57 | 58 | } // namespace ipxp 59 | -------------------------------------------------------------------------------- /src/plugins/input/dpdk/src/dpdkTelemetry.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \brief Class for managing DPDK telemetry 4 | * \author Pavel Siska 5 | * \date 2024 6 | */ 7 | /* 8 | * Copyright (C) 2024 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #pragma once 27 | 28 | #include 29 | 30 | #include 31 | 32 | namespace ipxp { 33 | 34 | /** 35 | * @brief Class for managing DPDK telemetry 36 | * 37 | * This class handles the integration of DPDK telemetry data (rings, mempools) into the telemetry 38 | * directory. 39 | */ 40 | class DpdkTelemetry { 41 | public: 42 | /** 43 | * @brief Constructor for DpdkTelemetry 44 | * 45 | * Initializes the DPDK telemetry manager and adds files representing DPDK rings and mempools to 46 | * the provided telemetry directory. 47 | * 48 | * @param dpdkDir Pointer to the telemetry directory where files will be added. 49 | */ 50 | DpdkTelemetry(const std::shared_ptr& dpdkDir); 51 | 52 | private: 53 | telemetry::Holder m_holder; 54 | }; 55 | 56 | } // namespace ipxp 57 | -------------------------------------------------------------------------------- /src/plugins/input/nfb/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-input-nfb VERSION 1.0.0 DESCRIPTION "ipfixprobe-input-nfb plugin") 2 | 3 | add_library(ipfixprobe-input-nfb MODULE 4 | src/ndp.hpp 5 | src/ndp.cpp 6 | src/ndpHeader.hpp 7 | src/ndpReader.cpp 8 | src/ndpReader.hpp 9 | ../parser/parser.cpp 10 | ../parser/parser.hpp 11 | ) 12 | 13 | set_target_properties(ipfixprobe-input-nfb PROPERTIES 14 | CXX_VISIBILITY_PRESET hidden 15 | VISIBILITY_INLINES_HIDDEN YES 16 | ) 17 | 18 | target_include_directories(ipfixprobe-input-nfb PRIVATE 19 | ${CMAKE_SOURCE_DIR}/include/ 20 | ${CMAKE_SOURCE_DIR}/src/plugins/input/parser 21 | ) 22 | 23 | target_link_libraries(ipfixprobe-input-nfb PRIVATE 24 | nfb::nfb 25 | numa::numa 26 | telemetry::telemetry 27 | ) 28 | 29 | install(TARGETS ipfixprobe-input-nfb 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/input/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/input/nfb/src/ndp.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Packet reader using NDP library for high speed capture. 4 | * @author Jiri Havranek 5 | * @author Tomas Benes 6 | * @author Pavel Siska 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #pragma once 14 | 15 | #include "ndpReader.hpp" 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | namespace ipxp { 23 | 24 | class NdpOptParser : public OptionsParser { 25 | public: 26 | std::string m_dev; 27 | uint64_t m_id; 28 | 29 | NdpOptParser() 30 | : OptionsParser("ndp", "Input plugin for reading packets from a ndp device") 31 | , m_dev("") 32 | , m_id(0) 33 | { 34 | register_option( 35 | "d", 36 | "dev", 37 | "PATH", 38 | "Path to a device file", 39 | [this](const char* arg) { 40 | m_dev = arg; 41 | return true; 42 | }, 43 | OptionFlags::RequiredArgument); 44 | register_option( 45 | "I", 46 | "id", 47 | "NUM", 48 | "Link identifier number", 49 | [this](const char* arg) { 50 | try { 51 | m_id = str2num(arg); 52 | } catch (std::invalid_argument& e) { 53 | return false; 54 | } 55 | return true; 56 | }, 57 | OptionFlags::RequiredArgument); 58 | } 59 | }; 60 | 61 | class NdpPacketReader : public InputPlugin { 62 | public: 63 | NdpPacketReader(const std::string& params); 64 | ~NdpPacketReader(); 65 | 66 | void init(const char* params); 67 | void close(); 68 | OptionsParser* get_parser() const { return new NdpOptParser(); } 69 | std::string get_name() const { return "ndp"; } 70 | InputPlugin::Result get(PacketBlock& packets); 71 | 72 | void configure_telemetry_dirs( 73 | std::shared_ptr plugin_dir, 74 | std::shared_ptr queues_dir) override; 75 | 76 | private: 77 | struct RxStats { 78 | uint64_t receivedPackets; 79 | uint64_t receivedBytes; 80 | }; 81 | 82 | telemetry::Content get_queue_telemetry(); 83 | 84 | NdpReader ndpReader; 85 | RxStats m_stats = {}; 86 | 87 | void init_ifc(const std::string& dev); 88 | }; 89 | 90 | } // namespace ipxp 91 | -------------------------------------------------------------------------------- /src/plugins/input/nfb/src/ndpHeader.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Definition of NDP header format. 4 | * @author Pavel Siska 5 | * 6 | * Copyright (c) 2025 CESNET 7 | * 8 | * SPDX-License-Identifier: BSD-3-Clause 9 | */ 10 | 11 | #pragma once 12 | 13 | #include 14 | 15 | namespace ipxp { 16 | 17 | /** 18 | * @brief NDP header format. 19 | */ 20 | struct [[gnu::packed]] NdpHeader { 21 | uint8_t interface : 4; //!< Interface number on which the data was captured. 22 | uint8_t dma_channel : 4; //!< DMA channel. 23 | uint8_t crc_hash : 4; //!< Precomputed CRC hash (4 bits). 24 | uint8_t data_type : 4; //!< Format of data that follow this header. 25 | uint16_t frame_size; //!< Size of captured frame. 26 | uint64_t timestamp; //!< Timestamp of capture. 27 | }; 28 | 29 | } // namespace ipxp 30 | -------------------------------------------------------------------------------- /src/plugins/input/nfb/src/ndpReader.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ndpHeader.hpp" 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | extern "C" { 14 | #include 15 | #include 16 | } 17 | 18 | namespace ipxp { 19 | 20 | struct NdpReaderContext { 21 | void* reader; 22 | }; 23 | 24 | extern void ndp_reader_init(struct NdpReaderContext* context); 25 | extern void ndp_reader_free(struct NdpReaderContext* context); 26 | extern const char* ndp_reader_error_msg(struct NdpReaderContext* context); 27 | extern int ndp_reader_init_interface(struct NdpReaderContext* context, const char* interface); 28 | extern void ndp_reader_print_stats(struct NdpReaderContext* context); 29 | extern void ndp_reader_close(struct NdpReaderContext* context); 30 | extern int ndp_reader_get_pkt( 31 | struct NdpReaderContext* context, 32 | struct ndp_packet** ndp_packet, 33 | struct ndp_header** ndp_header); 34 | 35 | enum class NdpFwType { 36 | NDP_FW_HANIC, 37 | NDP_FW_NDK, 38 | NDP_FW_UNKNOWN, 39 | }; 40 | 41 | class NdpReader { 42 | public: 43 | NdpReader(uint16_t packet_bufferSize = 50, uint64_t timeout = 300); 44 | ~NdpReader(); 45 | 46 | int init_interface(const std::string& interface); 47 | void print_stats(); 48 | void close(); 49 | int get_pkt(struct ndp_packet** ndp_packet, struct timeval* timestamp); 50 | std::string error_msg; 51 | 52 | private: 53 | void set_booted_fw(); 54 | void convert_fw_ts_to_timeval(const uint64_t* fw_ts, struct timeval* tv); 55 | void set_sw_timestamp(struct timeval* tv); 56 | bool retrieve_ndp_packets(); 57 | struct nfb_device* dev_handle; // NFB device 58 | struct ndp_queue* rx_handle; // data receiving NDP queue 59 | uint64_t processed_packets; 60 | uint16_t packet_bufferSize; 61 | uint64_t timeout; 62 | 63 | NdpFwType fw_type; 64 | std::vector ndk_timestamp_offsets; 65 | 66 | uint16_t ndp_packet_buffer_processed; 67 | uint16_t ndp_packet_buffer_packets; 68 | struct ndp_packet* ndp_packet_buffer; 69 | bool ndp_packet_buffer_valid; 70 | }; 71 | 72 | } // namespace ipxp 73 | -------------------------------------------------------------------------------- /src/plugins/input/pcap/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-input-pcap VERSION 1.0.0 DESCRIPTION "ipfixprobe-input-pcap plugin") 2 | 3 | add_library(ipfixprobe-input-pcap MODULE 4 | src/pcap.cpp 5 | src/pcap.hpp 6 | ../parser/parser.cpp 7 | ../parser/parser.hpp 8 | ) 9 | 10 | set_target_properties(ipfixprobe-input-pcap PROPERTIES 11 | CXX_VISIBILITY_PRESET hidden 12 | VISIBILITY_INLINES_HIDDEN YES 13 | ) 14 | target_include_directories(ipfixprobe-input-pcap PRIVATE 15 | ${PCAP_INCLUDE_DIRS} 16 | ${CMAKE_SOURCE_DIR}/include/ 17 | ${CMAKE_SOURCE_DIR}/src/plugins/input/parser 18 | ) 19 | 20 | target_compile_definitions(ipfixprobe-input-pcap PRIVATE 21 | WITH_PCAP 22 | ) 23 | 24 | target_link_libraries(ipfixprobe-input-pcap PRIVATE 25 | ${PCAP_LIBRARIES} 26 | telemetry::telemetry 27 | ) 28 | 29 | install(TARGETS ipfixprobe-input-pcap 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/input/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/input/pcap/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/input/pcap/README.md -------------------------------------------------------------------------------- /src/plugins/input/raw/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-input-raw VERSION 1.0.0 DESCRIPTION "ipfixprobe-input-raw plugin") 2 | 3 | add_library(ipfixprobe-input-raw MODULE 4 | src/raw.cpp 5 | src/raw.hpp 6 | ../parser/parser.cpp 7 | ../parser/parser.hpp 8 | ) 9 | 10 | set_target_properties(ipfixprobe-input-raw PROPERTIES 11 | CXX_VISIBILITY_PRESET hidden 12 | VISIBILITY_INLINES_HIDDEN YES 13 | ) 14 | 15 | target_include_directories(ipfixprobe-input-raw PRIVATE 16 | ${CMAKE_SOURCE_DIR}/include/ 17 | ${CMAKE_SOURCE_DIR}/src/plugins/input/parser 18 | ) 19 | 20 | target_link_libraries(ipfixprobe-input-raw PRIVATE 21 | telemetry::telemetry 22 | ) 23 | 24 | install(TARGETS ipfixprobe-input-raw 25 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/input/" 26 | ) 27 | -------------------------------------------------------------------------------- /src/plugins/input/raw/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/input/raw/README.md -------------------------------------------------------------------------------- /src/plugins/output/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(text) 2 | add_subdirectory(ipfix) 3 | 4 | if (ENABLE_OUTPUT_UNIREC) 5 | add_subdirectory(unirec) 6 | endif() 7 | -------------------------------------------------------------------------------- /src/plugins/output/ipfix/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-output-ipfix VERSION 1.0.0 DESCRIPTION "ipfixprobe-output-ipfix plugin") 2 | 3 | add_library(ipfixprobe-output-ipfix SHARED 4 | src/ipfix.hpp 5 | src/ipfix.cpp 6 | src/ipfix-basiclist.cpp 7 | ) 8 | 9 | set_target_properties(ipfixprobe-output-ipfix PROPERTIES 10 | CXX_VISIBILITY_PRESET hidden 11 | VISIBILITY_INLINES_HIDDEN YES 12 | ) 13 | 14 | target_include_directories(ipfixprobe-output-ipfix PRIVATE 15 | ${CMAKE_SOURCE_DIR}/include/ 16 | ) 17 | 18 | target_link_libraries(ipfixprobe-output-ipfix PRIVATE 19 | lz4::lz4 20 | ) 21 | 22 | install( 23 | TARGETS ipfixprobe-output-ipfix 24 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/output/" 25 | ) 26 | -------------------------------------------------------------------------------- /src/plugins/output/ipfix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/output/ipfix/README.md -------------------------------------------------------------------------------- /src/plugins/output/text/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-output-text VERSION 1.0.0 DESCRIPTION "ipfixprobe-output-text plugin") 2 | 3 | add_library(ipfixprobe-output-text MODULE 4 | src/text.hpp 5 | src/text.cpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-output-text PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-output-text PRIVATE ${CMAKE_SOURCE_DIR}/include/) 14 | 15 | install( 16 | TARGETS ipfixprobe-output-text 17 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/output/" 18 | ) 19 | -------------------------------------------------------------------------------- /src/plugins/output/text/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/output/text/README.md -------------------------------------------------------------------------------- /src/plugins/output/text/src/text.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Prints exported fields 4 | * @author Jiri Havranek 5 | * @author Pavel Siska 6 | * @date 2025 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #pragma once 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | namespace ipxp { 24 | 25 | class TextOptParser : public OptionsParser { 26 | public: 27 | std::string m_file; 28 | bool m_to_file; 29 | bool m_hide_mac; 30 | 31 | TextOptParser() 32 | : OptionsParser("text", "Output plugin for text export") 33 | , m_file("") 34 | , m_to_file(false) 35 | , m_hide_mac(false) 36 | { 37 | register_option( 38 | "f", 39 | "file", 40 | "PATH", 41 | "Print output to file", 42 | [this](const char* arg) { 43 | m_file = arg; 44 | m_to_file = true; 45 | return true; 46 | }, 47 | OptionFlags::RequiredArgument); 48 | register_option( 49 | "m", 50 | "mac", 51 | "", 52 | "Hide mac addresses", 53 | [this](const char* arg) { 54 | (void) arg; 55 | m_hide_mac = true; 56 | return true; 57 | }, 58 | OptionFlags::NoArgument); 59 | } 60 | }; 61 | 62 | class TextExporter : public OutputPlugin { 63 | public: 64 | TextExporter(const std::string& params, ProcessPlugins& plugins); 65 | ~TextExporter(); 66 | void init(const char* params); 67 | void init(const char* params, ProcessPlugins& plugins); 68 | void close(); 69 | OptionsParser* get_parser() const { return new TextOptParser(); } 70 | std::string get_name() const { return "text"; } 71 | int export_flow(const Flow& flow); 72 | 73 | private: 74 | std::ostream* m_out; 75 | bool m_hide_mac; 76 | 77 | void print_basic_flow(const Flow& flow); 78 | }; 79 | 80 | } // namespace ipxp 81 | -------------------------------------------------------------------------------- /src/plugins/output/unirec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-output-unirec VERSION 1.0.0 DESCRIPTION "ipfixprobe-output-unirec plugin") 2 | 3 | add_library(ipfixprobe-output-unirec MODULE 4 | src/unirec.cpp 5 | src/unirec.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-output-unirec PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-output-unirec PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | target_link_libraries(ipfixprobe-output-unirec PRIVATE 18 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 19 | unirec::unirec 20 | trap::trap 21 | ) 22 | 23 | install( 24 | TARGETS ipfixprobe-output-unirec 25 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/output/" 26 | ) 27 | -------------------------------------------------------------------------------- /src/plugins/output/unirec/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/output/unirec/README.md -------------------------------------------------------------------------------- /src/plugins/process/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(common) 2 | add_subdirectory(basicplus) 3 | add_subdirectory(bstats) 4 | add_subdirectory(icmp) 5 | add_subdirectory(vlan) 6 | add_subdirectory(flowHash) 7 | add_subdirectory(osquery) 8 | add_subdirectory(idpContent) 9 | add_subdirectory(phists) 10 | add_subdirectory(pstats) 11 | add_subdirectory(ovpn) 12 | add_subdirectory(wg) 13 | add_subdirectory(ssdp) 14 | add_subdirectory(ssaDetector) 15 | add_subdirectory(mqtt) 16 | add_subdirectory(dns) 17 | add_subdirectory(dnssd) 18 | add_subdirectory(netbios) 19 | add_subdirectory(passiveDns) 20 | add_subdirectory(smtp) 21 | add_subdirectory(quic) 22 | add_subdirectory(tls) 23 | add_subdirectory(http) 24 | 25 | if (ENABLE_PROCESS_EXPERIMENTAL) 26 | add_subdirectory(sip) 27 | add_subdirectory(rtsp) 28 | add_subdirectory(mpls) 29 | add_subdirectory(ntp) 30 | add_subdirectory(nettisa) 31 | endif() 32 | -------------------------------------------------------------------------------- /src/plugins/process/basicplus/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-basicplus VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-basicplus plugin") 2 | 3 | add_library(ipfixprobe-process-basicplus MODULE 4 | src/basicplus.cpp 5 | src/basicplus.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-basicplus PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_link_libraries(ipfixprobe-process-basicplus PRIVATE 14 | ipfixprobe-output-ipfix 15 | ) 16 | 17 | target_include_directories(ipfixprobe-process-basicplus PRIVATE 18 | ${CMAKE_SOURCE_DIR}/include/ 19 | ) 20 | 21 | if(ENABLE_NEMEA) 22 | target_link_libraries(ipfixprobe-process-basicplus PRIVATE 23 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 24 | unirec::unirec 25 | trap::trap 26 | ) 27 | endif() 28 | 29 | install(TARGETS ipfixprobe-process-basicplus 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/process/basicplus/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/basicplus/README.md -------------------------------------------------------------------------------- /src/plugins/process/bstats/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-bstats VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-bstats plugin") 2 | 3 | add_library(ipfixprobe-process-bstats MODULE 4 | src/bstats.cpp 5 | src/bstats.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-bstats PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-bstats PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | target_link_libraries(ipfixprobe-process-bstats PRIVATE 18 | ipfixprobe-output-ipfix 19 | ) 20 | 21 | if(ENABLE_NEMEA) 22 | target_link_libraries(ipfixprobe-process-bstats PRIVATE 23 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 24 | unirec::unirec 25 | trap::trap 26 | ) 27 | endif() 28 | 29 | install(TARGETS ipfixprobe-process-bstats 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/process/bstats/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/bstats/README.md -------------------------------------------------------------------------------- /src/plugins/process/common/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_library(ipfixprobe-process-tls-parser STATIC 2 | tlsParser/tls_parser.hpp 3 | tlsParser/tls_parser.cpp 4 | ) 5 | 6 | target_include_directories(ipfixprobe-process-tls-parser PUBLIC 7 | ${CMAKE_SOURCE_DIR}/include 8 | ) 9 | 10 | set_property(TARGET ipfixprobe-process-tls-parser 11 | PROPERTY POSITION_INDEPENDENT_CODE ON 12 | ) 13 | -------------------------------------------------------------------------------- /src/plugins/process/dns/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-dns VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-dns plugin") 2 | 3 | add_library(ipfixprobe-process-dns MODULE 4 | src/dns.cpp 5 | src/dns.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-dns PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-dns PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-dns PRIVATE 20 | -Wl,--whole-archive -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-dns 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/dns/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/dns/README.md -------------------------------------------------------------------------------- /src/plugins/process/dnssd/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-dnssd VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-dnssd plugin") 2 | 3 | add_library(ipfixprobe-process-dnssd MODULE 4 | src/dnssd.cpp 5 | src/dnssd.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-dnssd PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-dnssd PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-dnssd PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-dnssd 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/dnssd/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/dnssd/README.md -------------------------------------------------------------------------------- /src/plugins/process/flowHash/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-flowhash VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-flowhash plugin") 2 | 3 | add_library(ipfixprobe-process-flowhash MODULE 4 | src/flow_hash.cpp 5 | src/flow_hash.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-flowhash PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-flowhash PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-flowhash PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-flowhash 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/flowHash/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/flowHash/README.md -------------------------------------------------------------------------------- /src/plugins/process/flowHash/src/flow_hash.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Plugin for processing flow_hash value. 4 | * @author Jakub Antonín Štigler xstigl00@stud.fit.vut.cz 5 | * @author Pavel Siska 6 | * @date 2025 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #include "flow_hash.hpp" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | namespace ipxp { 21 | 22 | static const PluginManifest flowhashPluginManifest = { 23 | .name = "flowhash", 24 | .description = "flowhash process plugin for parsing flowhash value.", 25 | .pluginVersion = "1.0.0", 26 | .apiVersion = "1.0.0", 27 | .usage = 28 | []() { 29 | OptionsParser parser("flowhash", "Export flow hash as flow id"); 30 | parser.usage(std::cout); 31 | }, 32 | }; 33 | 34 | FLOW_HASHPlugin::FLOW_HASHPlugin(const std::string& params, int pluginID) 35 | : ProcessPlugin(pluginID) 36 | { 37 | init(params.c_str()); 38 | } 39 | 40 | FLOW_HASHPlugin::~FLOW_HASHPlugin() {} 41 | 42 | void FLOW_HASHPlugin::init(const char* params) 43 | { 44 | (void) params; 45 | } 46 | 47 | void FLOW_HASHPlugin::close() {} 48 | 49 | ProcessPlugin* FLOW_HASHPlugin::copy() 50 | { 51 | return new FLOW_HASHPlugin(*this); 52 | } 53 | 54 | int FLOW_HASHPlugin::post_create(Flow& rec, const Packet& pkt) 55 | { 56 | (void) pkt; 57 | auto ext = new RecordExtFLOW_HASH(m_pluginID); 58 | 59 | ext->flow_hash = rec.flow_hash; 60 | 61 | rec.add_extension(ext); 62 | 63 | return 0; 64 | } 65 | 66 | static const PluginRegistrar 67 | flowhashRegistrar(flowhashPluginManifest); 68 | 69 | } // namespace ipxp 70 | -------------------------------------------------------------------------------- /src/plugins/process/http/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-http VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-http plugin") 2 | 3 | add_library(ipfixprobe-process-http MODULE 4 | src/http.cpp 5 | src/http.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-http PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-http PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-http PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-http 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/http/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/http/README.md -------------------------------------------------------------------------------- /src/plugins/process/icmp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-icmp VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-icmp plugin") 2 | 3 | add_library(ipfixprobe-process-icmp MODULE 4 | src/icmp.cpp 5 | src/icmp.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-icmp PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-icmp PRIVATE ${CMAKE_SOURCE_DIR}/include/) 14 | 15 | if(ENABLE_NEMEA) 16 | target_link_libraries(ipfixprobe-process-icmp PRIVATE 17 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 18 | unirec::unirec 19 | trap::trap 20 | ) 21 | endif() 22 | 23 | install(TARGETS ipfixprobe-process-icmp 24 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 25 | ) 26 | -------------------------------------------------------------------------------- /src/plugins/process/icmp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/icmp/README.md -------------------------------------------------------------------------------- /src/plugins/process/icmp/src/icmp.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Plugin for parsing basicplus traffic. 4 | * @author Jiri Havranek 5 | * @author Pavel Siska 6 | * @date 2025 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #include "icmp.hpp" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | namespace ipxp { 21 | 22 | static const PluginManifest icmpPluginManifest = { 23 | .name = "icmp", 24 | .description = "ICMP process plugin for parsing icmp traffic.", 25 | .pluginVersion = "1.0.0", 26 | .apiVersion = "1.0.0", 27 | .usage = 28 | []() { 29 | OptionsParser parser("icmp", "Parse ICMP traffic"); 30 | parser.usage(std::cout); 31 | }, 32 | }; 33 | 34 | ICMPPlugin::ICMPPlugin(const std::string& params, int pluginID) 35 | : ProcessPlugin(pluginID) 36 | { 37 | init(params.c_str()); 38 | } 39 | 40 | ProcessPlugin* ICMPPlugin::copy() 41 | { 42 | return new ICMPPlugin(*this); 43 | } 44 | 45 | int ICMPPlugin::post_create(Flow& rec, const Packet& pkt) 46 | { 47 | if (pkt.ip_proto == IPPROTO_ICMP || pkt.ip_proto == IPPROTO_ICMPV6) { 48 | if (pkt.payload_len < sizeof(RecordExtICMP::type_code)) 49 | return 0; 50 | 51 | auto ext = new RecordExtICMP(m_pluginID); 52 | 53 | // the type and code are the first two bytes, type on MSB and code on LSB 54 | // in the network byte order 55 | ext->type_code = *reinterpret_cast(pkt.payload); 56 | 57 | rec.add_extension(ext); 58 | } 59 | return 0; 60 | } 61 | 62 | static const PluginRegistrar icmpRegistrar(icmpPluginManifest); 63 | 64 | } // namespace ipxp 65 | -------------------------------------------------------------------------------- /src/plugins/process/idpContent/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-idpcontent VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-idpcontent plugin") 2 | 3 | add_library(ipfixprobe-process-idpcontent MODULE 4 | src/idpcontent.cpp 5 | src/idpcontent.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-idpcontent PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-idpcontent PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-idpcontent PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-idpcontent 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/idpContent/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/idpContent/README.md -------------------------------------------------------------------------------- /src/plugins/process/mpls/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-mpls VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-mpls plugin") 2 | 3 | add_library(ipfixprobe-process-mpls MODULE 4 | src/mpls.cpp 5 | src/mpls.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-mpls PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-mpls PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-mpls PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-mpls 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/mpls/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/mpls/README.md -------------------------------------------------------------------------------- /src/plugins/process/mpls/src/mpls.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Plugin for parsing mpls traffic. 4 | * @author Jakub Antonín Štigler xstigl00@stud.fit.vut.cz 5 | * @author Pavel Siska 6 | * @date 2025 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #include "mpls.hpp" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | namespace ipxp { 21 | 22 | static const PluginManifest mplsPluginManifest = { 23 | .name = "mpls", 24 | .description = "Mpls process plugin for parsing mpls traffic.", 25 | .pluginVersion = "1.0.0", 26 | .apiVersion = "1.0.0", 27 | .usage = 28 | []() { 29 | OptionsParser parser("mpls", "Parse MPLS traffic"); 30 | parser.usage(std::cout); 31 | }, 32 | }; 33 | 34 | MPLSPlugin::MPLSPlugin(const std::string& params, int pluginID) 35 | : ProcessPlugin(pluginID) 36 | { 37 | init(params.c_str()); 38 | } 39 | 40 | ProcessPlugin* MPLSPlugin::copy() 41 | { 42 | return new MPLSPlugin(*this); 43 | } 44 | 45 | int MPLSPlugin::post_create(Flow& rec, const Packet& pkt) 46 | { 47 | if (pkt.mplsTop == 0) { 48 | return 0; 49 | } 50 | 51 | auto ext = new RecordExtMPLS(m_pluginID); 52 | ext->mpls = pkt.mplsTop; 53 | 54 | rec.add_extension(ext); 55 | return 0; 56 | } 57 | 58 | static const PluginRegistrar mplsRegistrar(mplsPluginManifest); 59 | 60 | } // namespace ipxp 61 | -------------------------------------------------------------------------------- /src/plugins/process/mqtt/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-mqtt VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-mqtt plugin") 2 | 3 | add_library(ipfixprobe-process-mqtt MODULE 4 | src/mqtt.cpp 5 | src/mqtt.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-mqtt PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-mqtt PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-mqtt PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-mqtt 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/mqtt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/mqtt/README.md -------------------------------------------------------------------------------- /src/plugins/process/netbios/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-netbios VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-netbios plugin") 2 | 3 | add_library(ipfixprobe-process-netbios MODULE 4 | src/netbios.cpp 5 | src/netbios.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-netbios PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-netbios PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-netbios PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-netbios 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/netbios/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/netbios/README.md -------------------------------------------------------------------------------- /src/plugins/process/nettisa/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-nettisa VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-nettisa plugin") 2 | 3 | add_library(ipfixprobe-process-nettisa MODULE 4 | src/nettisa.cpp 5 | src/nettisa.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-nettisa PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-nettisa PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | target_link_libraries(ipfixprobe-process-nettisa PRIVATE 18 | ipfixprobe-core 19 | ) 20 | 21 | if(ENABLE_NEMEA) 22 | target_link_libraries(ipfixprobe-process-nettisa PRIVATE 23 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 24 | unirec::unirec 25 | trap::trap 26 | ) 27 | endif() 28 | 29 | install(TARGETS ipfixprobe-process-nettisa 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/process/nettisa/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/nettisa/README.md -------------------------------------------------------------------------------- /src/plugins/process/ntp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-ntp VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-ntp plugin") 2 | 3 | add_library(ipfixprobe-process-ntp MODULE 4 | src/ntp.cpp 5 | src/ntp.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-ntp PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-ntp PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-ntp PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-ntp 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/ntp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/ntp/README.md -------------------------------------------------------------------------------- /src/plugins/process/osquery/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-osquery VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-osquery plugin") 2 | 3 | add_library(ipfixprobe-process-osquery MODULE 4 | src/osquery.cpp 5 | src/osquery.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-osquery PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-osquery PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-osquery PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-osquery 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/osquery/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/osquery/README.md -------------------------------------------------------------------------------- /src/plugins/process/ovpn/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-ovpn VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-ovpn plugin") 2 | 3 | add_library(ipfixprobe-process-ovpn MODULE 4 | src/ovpn.cpp 5 | src/ovpn.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-ovpn PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-ovpn PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-ovpn PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-ovpn 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/ovpn/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/ovpn/README.md -------------------------------------------------------------------------------- /src/plugins/process/passiveDns/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-passivedns VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-passivedns plugin") 2 | 3 | add_library(ipfixprobe-process-passivedns MODULE 4 | src/passivedns.cpp 5 | src/passivedns.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-passivedns PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-passivedns PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-passivedns PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-passivedns 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/passiveDns/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/passiveDns/README.md -------------------------------------------------------------------------------- /src/plugins/process/phists/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-phists VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-phists plugin") 2 | 3 | add_library(ipfixprobe-process-phists MODULE 4 | src/phists.cpp 5 | src/phists.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-phists PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-phists PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | target_link_libraries(ipfixprobe-process-phists PRIVATE 18 | ipfixprobe-output-ipfix 19 | ) 20 | 21 | if(ENABLE_NEMEA) 22 | target_link_libraries(ipfixprobe-process-phists PRIVATE 23 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 24 | unirec::unirec 25 | trap::trap 26 | ) 27 | endif() 28 | 29 | install(TARGETS ipfixprobe-process-phists 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/process/phists/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/phists/README.md -------------------------------------------------------------------------------- /src/plugins/process/pstats/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-pstats VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-pstats plugin") 2 | 3 | add_library(ipfixprobe-process-pstats MODULE 4 | src/pstats.cpp 5 | src/pstats.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-pstats PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-pstats PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | target_link_libraries(ipfixprobe-process-pstats PRIVATE 18 | ipfixprobe-output-ipfix 19 | ) 20 | 21 | if(ENABLE_NEMEA) 22 | target_link_libraries(ipfixprobe-process-pstats PRIVATE 23 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 24 | unirec::unirec 25 | trap::trap 26 | ) 27 | endif() 28 | 29 | install(TARGETS ipfixprobe-process-pstats 30 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 31 | ) 32 | -------------------------------------------------------------------------------- /src/plugins/process/pstats/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/pstats/README.md -------------------------------------------------------------------------------- /src/plugins/process/quic/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-quic VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-quic plugin") 2 | 3 | add_library(ipfixprobe-process-quic MODULE 4 | src/quic.cpp 5 | src/quic.hpp 6 | src/quic_parser.cpp 7 | src/quic_parser.hpp 8 | ) 9 | 10 | set_target_properties(ipfixprobe-process-quic PROPERTIES 11 | CXX_VISIBILITY_PRESET hidden 12 | VISIBILITY_INLINES_HIDDEN YES 13 | ) 14 | 15 | target_include_directories(ipfixprobe-process-quic PRIVATE 16 | ${CMAKE_SOURCE_DIR}/include/ 17 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 18 | ) 19 | 20 | target_link_libraries(ipfixprobe-process-quic PRIVATE 21 | OpenSSL::Crypto 22 | ipfixprobe-process-tls-parser 23 | ipfixprobe-output-ipfix 24 | ) 25 | 26 | if(ENABLE_NEMEA) 27 | target_link_libraries(ipfixprobe-process-quic PRIVATE 28 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 29 | unirec::unirec 30 | trap::trap 31 | ) 32 | endif() 33 | 34 | install( 35 | TARGETS ipfixprobe-process-quic 36 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 37 | ) 38 | -------------------------------------------------------------------------------- /src/plugins/process/quic/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/quic/README.md -------------------------------------------------------------------------------- /src/plugins/process/rtsp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-rtsp VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-rtsp plugin") 2 | 3 | add_library(ipfixprobe-process-rtsp MODULE 4 | src/rtsp.cpp 5 | src/rtsp.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-rtsp PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-rtsp PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-rtsp PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-rtsp 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/rtsp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/rtsp/README.md -------------------------------------------------------------------------------- /src/plugins/process/sip/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-sip VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-sip plugin") 2 | 3 | add_library(ipfixprobe-process-sip MODULE 4 | src/sip.cpp 5 | src/sip.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-sip PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-sip PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-sip PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-sip 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/sip/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/sip/README.md -------------------------------------------------------------------------------- /src/plugins/process/smtp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-smtp VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-smtp plugin") 2 | 3 | add_library(ipfixprobe-process-smtp MODULE 4 | src/smtp.cpp 5 | src/smtp.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-smtp PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-smtp PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 16 | ) 17 | 18 | if(ENABLE_NEMEA) 19 | target_link_libraries(ipfixprobe-process-smtp PRIVATE 20 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 21 | unirec::unirec 22 | trap::trap 23 | ) 24 | endif() 25 | 26 | install(TARGETS ipfixprobe-process-smtp 27 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 28 | ) 29 | -------------------------------------------------------------------------------- /src/plugins/process/smtp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/smtp/README.md -------------------------------------------------------------------------------- /src/plugins/process/ssaDetector/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-ssadetector VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-ssadetector plugin") 2 | 3 | add_library(ipfixprobe-process-ssadetector MODULE 4 | src/ssadetector.cpp 5 | src/ssadetector.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-ssadetector PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-ssadetector PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-ssadetector PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-ssadetector 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/ssaDetector/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/ssaDetector/README.md -------------------------------------------------------------------------------- /src/plugins/process/ssdp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-ssdp VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-ssdp plugin") 2 | 3 | add_library(ipfixprobe-process-ssdp MODULE 4 | src/ssdp.cpp 5 | src/ssdp.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-ssdp PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-ssdp PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-ssdp PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-ssdp 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/ssdp/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/ssdp/README.md -------------------------------------------------------------------------------- /src/plugins/process/tls/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-tls VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-tls plugin") 2 | 3 | add_library(ipfixprobe-process-tls MODULE 4 | src/tls.cpp 5 | src/tls.hpp 6 | src/md5.cpp 7 | src/md5.hpp 8 | src/sha256.hpp 9 | ) 10 | 11 | set_target_properties(ipfixprobe-process-tls PROPERTIES 12 | CXX_VISIBILITY_PRESET hidden 13 | VISIBILITY_INLINES_HIDDEN YES 14 | ) 15 | 16 | target_include_directories(ipfixprobe-process-tls PRIVATE 17 | ${CMAKE_SOURCE_DIR}/include/ 18 | ${CMAKE_SOURCE_DIR}/src/plugins/process/common 19 | ) 20 | 21 | target_link_libraries(ipfixprobe-process-tls PRIVATE 22 | ipfixprobe-process-tls-parser 23 | ipfixprobe-output-ipfix 24 | ) 25 | 26 | if(ENABLE_NEMEA) 27 | target_link_libraries(ipfixprobe-process-tls PRIVATE 28 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 29 | unirec::unirec 30 | trap::trap 31 | ) 32 | endif() 33 | 34 | install(TARGETS ipfixprobe-process-tls 35 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 36 | ) 37 | -------------------------------------------------------------------------------- /src/plugins/process/tls/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/tls/README.md -------------------------------------------------------------------------------- /src/plugins/process/vlan/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-vlan VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-vlan plugin") 2 | 3 | add_library(ipfixprobe-process-vlan MODULE 4 | src/vlan.cpp 5 | src/vlan.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-vlan PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-vlan PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-vlan PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-vlan 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/vlan/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/vlan/README.md -------------------------------------------------------------------------------- /src/plugins/process/vlan/src/vlan.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * @brief Plugin for parsing basicplus traffic. 4 | * @author Jakub Antonín Štigler xstigl00@xstigl00@stud.fit.vut.cz 5 | * @author Pavel Siska 6 | * @date 2025 7 | * 8 | * Copyright (c) 2025 CESNET 9 | * 10 | * SPDX-License-Identifier: BSD-3-Clause 11 | */ 12 | 13 | #include "vlan.hpp" 14 | 15 | #include 16 | 17 | #include 18 | #include 19 | 20 | namespace ipxp { 21 | 22 | static const PluginManifest vlanPluginManifest = { 23 | .name = "vlan", 24 | .description = "Vlan process plugin for parsing vlan traffic.", 25 | .pluginVersion = "1.0.0", 26 | .apiVersion = "1.0.0", 27 | .usage = 28 | []() { 29 | OptionsParser parser("vlan", "Parse VLAN traffic"); 30 | parser.usage(std::cout); 31 | }, 32 | }; 33 | 34 | VLANPlugin::VLANPlugin(const std::string& params, int pluginID) 35 | : ProcessPlugin(pluginID) 36 | { 37 | init(params.c_str()); 38 | } 39 | 40 | ProcessPlugin* VLANPlugin::copy() 41 | { 42 | return new VLANPlugin(*this); 43 | } 44 | 45 | int VLANPlugin::post_create(Flow& rec, const Packet& pkt) 46 | { 47 | auto ext = new RecordExtVLAN(m_pluginID); 48 | ext->vlan_id = pkt.vlan_id; 49 | rec.add_extension(ext); 50 | return 0; 51 | } 52 | 53 | static const PluginRegistrar vlanRegistrar(vlanPluginManifest); 54 | 55 | } // namespace ipxp 56 | -------------------------------------------------------------------------------- /src/plugins/process/wg/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-process-wg VERSION 1.0.0 DESCRIPTION "ipfixprobe-process-wg plugin") 2 | 3 | add_library(ipfixprobe-process-wg MODULE 4 | src/wg.cpp 5 | src/wg.hpp 6 | ) 7 | 8 | set_target_properties(ipfixprobe-process-wg PROPERTIES 9 | CXX_VISIBILITY_PRESET hidden 10 | VISIBILITY_INLINES_HIDDEN YES 11 | ) 12 | 13 | target_include_directories(ipfixprobe-process-wg PRIVATE 14 | ${CMAKE_SOURCE_DIR}/include/ 15 | ) 16 | 17 | if(ENABLE_NEMEA) 18 | target_link_libraries(ipfixprobe-process-wg PRIVATE 19 | -Wl,--whole-archive ipfixprobe-nemea-fields -Wl,--no-whole-archive 20 | unirec::unirec 21 | trap::trap 22 | ) 23 | endif() 24 | 25 | install(TARGETS ipfixprobe-process-wg 26 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/process/" 27 | ) 28 | -------------------------------------------------------------------------------- /src/plugins/process/wg/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/process/wg/README.md -------------------------------------------------------------------------------- /src/plugins/storage/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(cache) 2 | -------------------------------------------------------------------------------- /src/plugins/storage/cache/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(ipfixprobe-storage-cache VERSION 1.0.0 DESCRIPTION "ipfixprobe-storage-cache plugin") 2 | 3 | set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake/) 4 | 5 | add_library(ipfixprobe-storage-cache MODULE 6 | src/cache.hpp 7 | src/cache.cpp 8 | src/fragmentationCache/fragmentationCache.cpp 9 | src/fragmentationCache/fragmentationCache.hpp 10 | src/fragmentationCache/fragmentationKeyData.hpp 11 | src/fragmentationCache/fragmentationTable.cpp 12 | src/fragmentationCache/fragmentationTable.hpp 13 | src/fragmentationCache/ringBuffer.hpp 14 | src/fragmentationCache/timevalUtils.hpp 15 | src/xxhash.c 16 | src/xxhash.h 17 | ) 18 | 19 | set_target_properties(ipfixprobe-storage-cache PROPERTIES 20 | CXX_VISIBILITY_PRESET hidden 21 | VISIBILITY_INLINES_HIDDEN YES 22 | ) 23 | 24 | target_include_directories(ipfixprobe-storage-cache PRIVATE 25 | ${CMAKE_SOURCE_DIR}/include/ 26 | ) 27 | 28 | target_link_libraries(ipfixprobe-storage-cache PRIVATE 29 | telemetry::telemetry 30 | ) 31 | 32 | install(TARGETS ipfixprobe-storage-cache 33 | LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixprobe/storage/" 34 | ) 35 | -------------------------------------------------------------------------------- /src/plugins/storage/cache/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/src/plugins/storage/cache/README.md -------------------------------------------------------------------------------- /src/plugins/storage/cache/src/fragmentationCache/fragmentationTable.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \author Pavel Siska 4 | * \brief Defines the FragmentationTable class for managing packet 5 | * fragmentation data using ring buffers. 6 | */ 7 | /* 8 | * Copyright (C) 2023 CESNET 9 | * 10 | * LICENSE TERMS 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in 19 | * the documentation and/or other materials provided with the 20 | * distribution. 21 | * 3. Neither the name of the Company nor the names of its contributors 22 | * may be used to endorse or promote products derived from this 23 | * software without specific prior written permission. 24 | */ 25 | 26 | #include "fragmentationTable.hpp" 27 | 28 | #include 29 | 30 | namespace ipxp { 31 | 32 | FragmentationTable::FragmentationTable(std::size_t table_size) 33 | : m_table(table_size) 34 | { 35 | } 36 | 37 | void FragmentationTable::insert(const Packet& packet) 38 | { 39 | FragmentationKey key(packet); 40 | FragmentationData data(packet); 41 | auto& ring = m_table[get_table_index(key)]; 42 | ring.push_back({key, data}); 43 | } 44 | 45 | FragmentationData* FragmentationTable::find(const Packet& packet) noexcept 46 | { 47 | FragmentationKey key(packet); 48 | auto& ring = m_table[get_table_index(key)]; 49 | auto it = std::find_if(ring.rbegin(), ring.rend(), [&](const FragmentationKeyData& entry) { 50 | return entry.key == key; 51 | }); 52 | if (it != ring.rend()) { 53 | return &(it->data); 54 | } 55 | return nullptr; 56 | } 57 | 58 | std::size_t FragmentationTable::get_table_index(const FragmentationKey& key) const noexcept 59 | { 60 | return std::hash {}(key) % m_table.size(); 61 | } 62 | 63 | } // namespace ipxp 64 | -------------------------------------------------------------------------------- /src/plugins/storage/cache/src/fragmentationCache/timevalUtils.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * \file 3 | * \author Pavel Siska 4 | * \brief Utils for timeval struct 5 | */ 6 | /* 7 | * Copyright (C) 2023 CESNET 8 | * 9 | * LICENSE TERMS 10 | * 11 | * Redistribution and use in source and binary forms, with or without 12 | * modification, are permitted provided that the following conditions 13 | * are met: 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 3. Neither the name of the Company nor the names of its contributors 21 | * may be used to endorse or promote products derived from this 22 | * software without specific prior written permission. 23 | */ 24 | 25 | #include 26 | 27 | #pragma once 28 | 29 | namespace ipxp { 30 | 31 | struct timeval operator+(const struct timeval& a, const struct timeval& b) noexcept 32 | { 33 | constexpr time_t USEC_IN_SEC = 1000000; 34 | 35 | struct timeval result; 36 | result.tv_sec = a.tv_sec + b.tv_sec; 37 | result.tv_usec = a.tv_usec + b.tv_usec; 38 | if (result.tv_usec >= USEC_IN_SEC) { 39 | result.tv_sec++; 40 | result.tv_usec -= USEC_IN_SEC; 41 | } 42 | return result; 43 | } 44 | 45 | bool operator>(const struct timeval& a, const struct timeval& b) noexcept 46 | { 47 | if (a.tv_sec == b.tv_sec) 48 | return a.tv_usec > b.tv_usec; 49 | return a.tv_sec > b.tv_sec; 50 | } 51 | 52 | } // namespace ipxp 53 | -------------------------------------------------------------------------------- /src/plugins/storage/cache/src/xxhash.c: -------------------------------------------------------------------------------- 1 | /* 2 | * xxHash - Extremely Fast Hash algorithm 3 | * Copyright (C) 2012-2021 Yann Collet 4 | * 5 | * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php) 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions are 9 | * met: 10 | * 11 | * * Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * * Redistributions in binary form must reproduce the above 14 | * copyright notice, this list of conditions and the following disclaimer 15 | * in the documentation and/or other materials provided with the 16 | * distribution. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | * You can contact the author at: 31 | * - xxHash homepage: https://www.xxhash.com 32 | * - xxHash source repository: https://github.com/Cyan4973/xxHash 33 | */ 34 | 35 | /* 36 | * xxhash.c instantiates functions defined in xxhash.h 37 | */ 38 | 39 | #define XXH_STATIC_LINKING_ONLY /* access advanced declarations */ 40 | #define XXH_IMPLEMENTATION /* access definitions */ 41 | 42 | #include "xxhash.h" 43 | -------------------------------------------------------------------------------- /tests/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(functional) 2 | -------------------------------------------------------------------------------- /tests/functional/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/tests/functional/results) 2 | 3 | macro(add_process_plugin_test test_name plugin_name pcap_file) 4 | add_test( 5 | NAME ${test_name} 6 | COMMAND bash ${CMAKE_CURRENT_SOURCE_DIR}/scripts/run_test.sh ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${plugin_name} ${pcap_file} 7 | ) 8 | endmacro() 9 | 10 | add_process_plugin_test(BasicProcessPlugin basic mixed.pcap) 11 | add_process_plugin_test(BasicPlusProcessPlugin basicplus http.pcap) 12 | add_process_plugin_test(BstatsProcessPlugin bstats bstats.pcap) 13 | add_process_plugin_test(DnsProcessPlugin dns dns.pcap) 14 | add_process_plugin_test(DnssdProcessPlugin dnssd dnssd.pcap) 15 | add_process_plugin_test(HttpProcessPlugin http http.pcap) 16 | add_process_plugin_test(IdpcontentProcessPlugin idpcontent idpcontent.pcap) 17 | add_process_plugin_test(MqttProcessPlugin mqtt mqtt.pcap) 18 | add_process_plugin_test(NetbiosProcessPlugin netbios netbios.pcap) 19 | add_process_plugin_test(OvpnProcessPlugin ovpn ovpn.pcap) 20 | add_process_plugin_test(PassivednsProcessPlugin passivedns dns.pcap) 21 | add_process_plugin_test(PhistsProcessPlugin phists mixed.pcap) 22 | add_process_plugin_test(PstatsProcessPlugin pstats mixed.pcap) 23 | add_process_plugin_test(QuicProcessPlugin quic quic_initial-sample.pcap) 24 | add_process_plugin_test(SmtpProcessPlugin smtp smtp.pcap) 25 | add_process_plugin_test(SsadetectorProcessPlugin ssadetector ovpn.pcap) 26 | add_process_plugin_test(SsdpProcessPlugin ssdp ssdp.pcap) 27 | add_process_plugin_test(TlsProcessPlugin tls tls.pcap) 28 | add_process_plugin_test(VlanProcessPlugin vlan vlan.pcap) 29 | add_process_plugin_test(WgProcessPlugin wg wg.pcap) 30 | 31 | if (ENABLE_PROCESS_EXPERIMENTAL) 32 | add_process_plugin_test(SipProcessPlugin sip sip.pcap) 33 | add_process_plugin_test(RtspProcessPlugin rtsp rtsp.pcap) 34 | add_process_plugin_test(NtpProcessPlugin ntp ntp.pcap) 35 | add_process_plugin_test(NettisaProcessPlugin nettisa mixed.pcap) 36 | endif() 37 | 38 | add_custom_target(tests 39 | COMMAND ${CMAKE_CTEST_COMMAND} 40 | WORKING_DIRECTORY ${CMAKE_BINARY_DIR} 41 | ) 42 | -------------------------------------------------------------------------------- /tests/functional/inputs/arp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/arp.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/bstats.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/bstats.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/dns.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/dns.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/dnssd.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/dnssd.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/http.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/http.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/idpcontent.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/idpcontent.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/mixed.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/mixed.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/mqtt.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/mqtt.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/netbios.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/netbios.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/ntp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/ntp.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/ovpn.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/ovpn.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/quic_initial-sample.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/quic_initial-sample.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/rtsp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/rtsp.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/sip.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/sip.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/smtp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/smtp.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/ssdp.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/ssdp.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/tls.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/tls.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/vlan.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/vlan.pcap -------------------------------------------------------------------------------- /tests/functional/inputs/wg.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CESNET/ipfixprobe/0798224a3ca875402b7600f19e7610b9737aaf51/tests/functional/inputs/wg.pcap -------------------------------------------------------------------------------- /tests/functional/outputs/basicplus: -------------------------------------------------------------------------------- 1 | 54.175.219.8,192.168.0.30,131,4074,0,32832,32832,2016-04-07T18:23:33.012019,2016-04-07T18:23:33.158195,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,2,0,0,80,44338,0,229,280,0,2,2,64,41,6,24,24 2 | 54.175.219.8,192.168.0.30,137,305,0,32832,32832,2016-04-07T18:23:31.194983,2016-04-07T18:23:31.405022,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44328,0,229,279,0,2,2,64,41,6,24,24 3 | 54.175.219.8,192.168.0.30,190,12692,0,32832,32832,2016-04-07T18:23:31.967204,2016-04-07T18:23:32.139824,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,6,0,0,80,44332,0,229,279,0,2,2,64,41,6,24,24 4 | 54.175.219.8,192.168.0.30,194,477,0,32832,32832,2016-04-07T18:23:32.672966,2016-04-07T18:23:32.841347,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44336,0,229,279,0,2,2,64,41,6,24,24 5 | 54.175.219.8,192.168.0.30,195,595,0,32832,32832,2016-04-07T18:23:33.331016,2016-04-07T18:23:33.554300,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44340,0,229,279,0,2,2,64,41,6,24,24 6 | 54.175.219.8,192.168.0.30,199,8564,0,32832,32832,2016-04-07T18:23:34.353031,2016-04-07T18:23:34.496023,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,5,0,0,80,44344,0,229,279,0,2,2,64,41,6,24,24 7 | 54.175.222.246,192.168.0.30,130,459,0,32832,32832,2016-04-07T18:23:32.300116,2016-04-07T18:23:32.535279,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44586,0,229,280,0,2,2,64,41,6,24,24 8 | 54.175.222.246,192.168.0.30,138,0,0,32832,0,2016-04-07T18:23:31.598243,2016-04-07T18:23:31.598243,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,0,0,0,80,44582,0,229,0,0,2,0,64,0,6,24,0 9 | 54.175.222.246,192.168.0.30,200,36844,0,32832,32832,2016-04-07T18:23:33.713573,2016-04-07T18:23:34.034665,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,20,0,0,80,44594,0,229,279,0,2,2,64,41,6,24,24 10 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,uint64 TCP_OPT,uint64 TCP_OPT_REV,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint32 TCP_MSS,uint32 TCP_MSS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint16 TCP_SYN_SIZE,uint16 TCP_WIN,uint16 TCP_WIN_REV,uint8 DIR_BIT_FIELD,uint8 IP_FLG,uint8 IP_FLG_REV,uint8 IP_TTL,uint8 IP_TTL_REV,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV 11 | -------------------------------------------------------------------------------- /tests/functional/outputs/idpcontent: -------------------------------------------------------------------------------- 1 | 80.211.210.189,192.168.1.244,463,707,0,2020-10-08T12:36:41.285324,2020-10-08T12:36:41.327493,24:d3:f2:9c:eb:59,08:f8:bc:64:5e:6a,6,4,80,55172,0,6,27,27,474554202f20485454502f312e310d0a557365722d4167656e743a20576765742f312e32302e33202864617277696e31392e302e30290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a206964656e746974790d0a486f7374,485454502f312e312034303320466f7262696464656e0d0a446174653a205468752c203038204f637420323032302031323a33363a343120474d540d0a5365727665723a204170616368652f322e342e323920285562756e7475290d0a436f6e74656e74 2 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,bytes IDP_CONTENT,bytes IDP_CONTENT_REV 3 | -------------------------------------------------------------------------------- /tests/functional/outputs/mqtt: -------------------------------------------------------------------------------- 1 | 91.121.93.94,172.28.8.57,205,56,0,2024-07-03T15:15:02.107896,2024-07-03T15:15:02.209210,00:00:00:00:00:00,00:15:5d:a0:07:5d,3,1,1883,60,16398,45601,0,2,0,0,4,6,25,24,"" 2 | 91.121.93.94,172.28.8.57,216,56,0,2024-07-03T15:15:02.230420,2024-07-03T15:15:02.331357,00:00:00:00:00:00,00:15:5d:a0:07:5d,3,1,1883,666,16399,57281,0,0,0,0,4,6,25,24,"" 3 | 91.121.93.94,172.28.8.57,263,168,0,2024-07-03T15:15:02.352824,2024-07-03T15:15:02.754817,00:00:00:00:00:00,00:15:5d:a0:07:5d,4,3,1883,60,16622,50195,0,2,0,5,4,6,24,24,"" 4 | 91.121.93.94,172.28.8.57,274,196,0,2024-07-03T15:15:02.776140,2024-07-03T15:15:03.177116,00:00:00:00:00:00,00:15:5d:a0:07:5d,4,3,1883,60,17166,36367,0,2,0,1,4,6,24,24,"" 5 | 91.121.93.94,172.28.8.57,82,56,0,2024-07-03T15:15:03.198739,2024-07-03T15:15:03.218922,00:00:00:00:00:00,00:15:5d:a0:07:5d,1,1,1883,60,6,38687,0,194,5,0,4,6,24,24,"" 6 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 MQTT_KEEP_ALIVE,uint16 MQTT_TYPE_CUMULATIVE,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 MQTT_CONNECTION_FLAGS,uint8 MQTT_CONNECTION_RETURN_CODE,uint8 MQTT_PUBLISH_FLAGS,uint8 MQTT_VERSION,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,string MQTT_TOPICS 7 | -------------------------------------------------------------------------------- /tests/functional/outputs/ovpn: -------------------------------------------------------------------------------- 1 | 192.168.43.91,90.178.247.107,1380,0,0,2019-10-05T15:25:12.103104,2019-10-05T15:25:54.374882,3c:6a:a7:fc:00:67,20:39:56:43:58:45,6,0,60753,10102,0,0,17,0,0 2 | 90.178.247.107,192.168.43.91,49004,64203,0,2019-10-05T15:25:16.735147,2019-10-05T15:25:54.118079,20:39:56:43:58:45,3c:6a:a7:fc:00:67,164,166,10103,54113,0,100,6,30,26 3 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 OVPN_CONF_LEVEL,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV 4 | -------------------------------------------------------------------------------- /tests/functional/outputs/passivedns: -------------------------------------------------------------------------------- 1 | 149.20.4.69,8.8.4.4,192.168.0.30,67,115,0,2016-04-07T17:11:32.478747,2016-04-07T17:11:32.512576,78:44:76:36:98:19,dc:53:60:2b:6a:4c,360,1,1,1,18755,53,45418,0,17,0,0,"kernel.org" 2 | 195.113.144.230,8.8.4.4,192.168.0.30,85,112,0,2016-04-07T17:11:32.530605,2016-04-07T17:11:32.580277,78:44:76:36:98:19,dc:53:60:2b:6a:4c,21599,1,1,12,5765,53,32925,0,17,0,0,"www.cesnet.cz" 3 | 198.145.20.140,8.8.4.4,192.168.0.30,67,115,0,2016-04-07T17:11:32.478747,2016-04-07T17:11:32.512576,78:44:76:36:98:19,dc:53:60:2b:6a:4c,360,1,1,1,18755,53,45418,0,17,0,0,"kernel.org" 4 | 199.204.44.194,8.8.4.4,192.168.0.30,67,115,0,2016-04-07T17:11:32.478747,2016-04-07T17:11:32.512576,78:44:76:36:98:19,dc:53:60:2b:6a:4c,360,1,1,1,18755,53,45418,0,17,0,0,"kernel.org" 5 | 2a00:1450:400d:806::200e,8.8.8.8,192.168.0.30,67,95,0,2016-04-07T17:11:32.613977,2016-04-07T17:11:32.645250,78:44:76:36:98:19,dc:53:60:2b:6a:4c,32,1,1,28,65025,53,55843,0,17,0,0,"google.com" 6 | 8.8.4.4,8.8.8.8,192.168.0.30,77,121,0,2016-04-07T17:11:32.839971,2016-04-07T17:11:32.878007,78:44:76:36:98:19,dc:53:60:2b:6a:4c,21599,1,1,12,56347,53,44570,0,17,0,0,"google-public-dns-b.google.com" 7 | ipaddr DNS_IP,ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 DNS_RR_TTL,uint32 PACKETS,uint32 PACKETS_REV,uint16 DNS_ATYPE,uint16 DNS_ID,uint16 DST_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,string DNS_NAME 8 | -------------------------------------------------------------------------------- /tests/functional/outputs/quic: -------------------------------------------------------------------------------- 1 | 2a00:1450:4014:800::2004,2001:718:2:62::2,1378,0,0,55,2021-08-01T13:25:53.513510,2021-08-01T13:25:53.513510,c4:b2:39:14:28:3f,a8:5e:45:b5:9c:d6,1,0,4278190109,4278190109,443,443,58181,0,17,1,0,0,0,0,,d3e8e06049a4f6b2,[129],,,"www.google.com",00060568332d3239010480007530030245c0040480f000000504806000000604806000000704806000000802406409024067200480010000712702646a0f007129304368726f6d652f39322e302e343531352e3130372057696e646f7773204e542031302e303b2057696e36343b207836348000475204ff00001de6116524f56220fb079a3feec6b3af6c,"Chrome/92.0.4515.107 Windows NT 10.0; Win64; x64",[19|8|8|20|38|2|0|3|131|3|8|316],[0|10|16|13|51|45|42|43|65445|27|17513|41] 2 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,uint64 QUIC_TOKEN_LENGTH,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint32 QUIC_CLIENT_VERSION,uint32 QUIC_VERSION,uint16 DST_PORT,uint16 QUIC_SERVER_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 QUIC_CH_PARSED,uint8 QUIC_MULTIPLEXED,uint8 QUIC_ZERO_RTT,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,bytes QUIC_OCCID,bytes QUIC_OSCID,uint8* QUIC_PACKETS,bytes QUIC_RETRY_SCID,bytes QUIC_SCID,string QUIC_SNI,bytes QUIC_TLS_EXT,string QUIC_USER_AGENT,uint16* QUIC_TLS_EXT_LEN,uint16* QUIC_TLS_EXT_TYPE 3 | -------------------------------------------------------------------------------- /tests/functional/outputs/rtsp: -------------------------------------------------------------------------------- 1 | 82.211.92.253,81.131.231.67,558,423,0,2005-07-03T09:52:38.693000,2005-07-03T09:52:45.019000,bc:df:20:00:02:00,00:00:02:00:00:00,3,4,554,500,3925,0,6,25,25,"WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7","DESCRIBE","rtsp://EMAP1.planetwideradio.com/tfm","","WMServer/9.0.0.3380" 2 | 82.211.92.253,81.131.231.67,566,48,0,2005-07-03T09:52:37.027000,2005-07-03T09:52:38.693000,bc:df:20:00:02:00,00:00:02:00:00:00,3,1,554,0,3925,0,6,26,18,"WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7","DESCRIBE","rtsp://EMAP1.planetwideradio.com/tfm","","" 3 | 82.211.92.253,81.131.231.67,646,431,0,2005-07-03T09:52:43.781000,2005-07-03T09:52:49.337000,bc:df:20:00:02:00,00:00:02:00:00:00,5,4,554,500,3937,0,6,27,27,"WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7","DESCRIBE","rtsp://EMAP1.planetwideradio.com/tfm","","WMServer/9.0.0.3380" 4 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 RTSP_RESPONSE_STATUS_CODE,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,string RTSP_REQUEST_AGENT,string RTSP_REQUEST_METHOD,string RTSP_REQUEST_URI,string RTSP_RESPONSE_CONTENT_TYPE,string RTSP_RESPONSE_SERVER 5 | -------------------------------------------------------------------------------- /tests/functional/outputs/smtp: -------------------------------------------------------------------------------- 1 | 74.53.140.153,10.10.1.4,21673,1546,0,2009-10-05T06:06:07.529046,2009-10-05T06:06:15.106759,00:1f:33:d9:81:60,00:e0:1c:3c:17:c2,28,25,7,3,0,0,32797,1,1,2147483804,25,1470,0,6,27,27,"GP"," "," " 2 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint32 SMTP_2XX_STAT_CODE_COUNT,uint32 SMTP_3XX_STAT_CODE_COUNT,uint32 SMTP_4XX_STAT_CODE_COUNT,uint32 SMTP_5XX_STAT_CODE_COUNT,uint32 SMTP_COMMAND_FLAGS,uint32 SMTP_MAIL_CMD_COUNT,uint32 SMTP_RCPT_CMD_COUNT,uint32 SMTP_STAT_CODE_FLAGS,uint16 DST_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV,string SMTP_DOMAIN,string SMTP_FIRST_RECIPIENT,string SMTP_FIRST_SENDER 3 | -------------------------------------------------------------------------------- /tests/functional/outputs/ssadetector: -------------------------------------------------------------------------------- 1 | 90.178.247.107,192.168.43.91,49004,64203,0,2019-10-05T15:25:16.735147,2019-10-05T15:25:54.118079,20:39:56:43:58:45,3c:6a:a7:fc:00:67,164,166,10103,54113,0,6,1,30,26 2 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 SSA_CONF_LEVEL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV 3 | -------------------------------------------------------------------------------- /tests/functional/outputs/vlan: -------------------------------------------------------------------------------- 1 | 192.168.170.20,192.168.170.8,56,284,0,2000-01-01T07:47:50.501268,2000-01-01T07:47:51.333401,00:c0:9f:32:41:8c,00:e0:18:b1:0c:ad,1,1,53,32795,123,0,17,0,0 2 | 192.168.170.20,192.168.170.8,56,284,0,2000-01-01T07:47:52.501268,2000-01-01T07:47:53.333401,00:c0:9f:32:41:8c,00:e0:18:b1:0c:ad,1,1,53,32795,0,0,17,0,0 3 | 192.168.170.20,192.168.170.8,56,284,0,2000-01-01T07:47:52.501268,2000-01-01T07:47:53.333401,00:c0:9f:32:41:8c,00:e0:18:b1:0c:ad,1,1,53,32795,150,0,17,0,0 4 | ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint16 VLAN_ID,uint8 DIR_BIT_FIELD,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV 5 | -------------------------------------------------------------------------------- /tests/functional/scripts/run_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | test_dir=$1 4 | build_dir=$2 5 | plugin_name=$3 6 | pcap_filename=$4 7 | 8 | ipfixprobe_bin=$build_dir/src/core/ipfixprobe 9 | libdir=$build_dir/src/plugins 10 | 11 | if [ -x /usr/bin/nemea/logger ]; then 12 | logger_bin=/usr/bin/nemea/logger 13 | fi 14 | 15 | if ! [ -f "$logger_bin" ]; then 16 | echo "/usr/bin/nemea/logger not found!" 17 | return 1 18 | fi 19 | 20 | 21 | run_test() { 22 | "$ipfixprobe_bin" -i "pcap;file=$test_dir/inputs/$pcap_filename" \ 23 | -L "${build_dir}/src/plugins" \ 24 | -o "unirec;ifc=f:${build_dir}/tests/functional/results/${plugin_name}.trapcap:buffer=off:timeout=WAIT;id=0" \ 25 | -p "$plugin_name" >/dev/null 26 | "$logger_bin" -i f:"${build_dir}/tests/functional/results/${plugin_name}.trapcap" -t | sort > "${build_dir}/tests/functional/results/${plugin_name}" 27 | rm "${build_dir}/tests/functional/results/${plugin_name}.trapcap" 28 | 29 | if sort "${test_dir}/outputs/${plugin_name}" | diff -u "${build_dir}/tests/functional/results/${plugin_name}" -s - ; then 30 | echo "$1 plugin test OK" 31 | return 0 32 | fi 33 | 34 | echo "$plugin_name plugin test FAILED" 35 | return 1 36 | } 37 | 38 | run_test 39 | --------------------------------------------------------------------------------