From c73b4dc0ded3e65fcd117097ef598ade5c93f6fc Mon Sep 17 00:00:00 2001 From: Pavel Siska Date: Tue, 24 Oct 2023 11:55:01 +0200 Subject: [PATCH] Reformat all files in the repository In this commit, we perform a comprehensive code reformatting across the entire repository. The goal is to ensure consistent and uniform code formatting for all files. The reformatting process covers all `.cpp` and `.hpp` files. By applying these formatting changes, we aim to improve code readability, maintainability, and overall code quality. --- include/ipfixprobe/flowifc.hpp | 330 ++-- include/ipfixprobe/input.hpp | 32 +- include/ipfixprobe/ipaddr.hpp | 11 +- include/ipfixprobe/ipfix-basiclist.hpp | 42 +- include/ipfixprobe/ipfix-elements.hpp | 971 ++++++------ include/ipfixprobe/options.hpp | 88 +- include/ipfixprobe/output.hpp | 50 +- include/ipfixprobe/packet.hpp | 198 ++- include/ipfixprobe/plugin.hpp | 81 +- include/ipfixprobe/process.hpp | 108 +- include/ipfixprobe/storage.hpp | 271 ++-- include/ipfixprobe/utils.hpp | 150 +- input/benchmark.cpp | 298 ++-- input/benchmark.hpp | 202 ++- input/dpdk-ring.cpp | 26 +- input/dpdk.cpp | 33 +- input/dpdk/dpdkDevice.cpp | 354 ++--- input/dpdk/dpdkDevice.hpp | 93 +- input/dpdk/dpdkMbuf.cpp | 30 +- input/dpdk/dpdkMbuf.hpp | 45 +- input/headers.hpp | 368 ++--- input/ndp.cpp | 111 +- input/ndp.hpp | 74 +- input/nfbCInterface/include/ndpreader.hpp | 44 +- input/nfbCInterface/ndpreader.cpp | 242 +-- input/parser.cpp | 1123 ++++++------- input/parser.hpp | 21 +- input/pcap.cpp | 382 ++--- input/pcap.hpp | 145 +- input/raw.cpp | 561 +++---- input/raw.hpp | 169 +- input/stem.cpp | 237 +-- input/stem.hpp | 56 +- ipfixprobe.cpp | 1080 +++++++------ ipfixprobe.hpp | 451 ++++-- ipfixprobe_stats.cpp | 303 ++-- main.cpp | 14 +- options.cpp | 332 ++-- output/ipfix-basiclist.cpp | 125 +- output/ipfix.cpp | 1588 ++++++++++--------- output/ipfix.hpp | 437 ++--- output/text.cpp | 202 +-- output/text.hpp | 76 +- output/unirec.cpp | 678 ++++---- output/unirec.hpp | 356 +++-- pluginmgr.cpp | 180 +-- pluginmgr.hpp | 52 +- process/basicplus.cpp | 83 +- process/basicplus.hpp | 250 ++- process/bstats.cpp | 185 +-- process/bstats.hpp | 414 ++--- process/common.hpp | 39 +- process/dns-utils.hpp | 214 +-- process/dns.cpp | 1012 ++++++------ process/dns.hpp | 288 ++-- process/dnssd.cpp | 934 +++++------ process/dnssd.hpp | 451 +++--- process/flexprobe-data-processing.cpp | 7 +- process/flexprobe-encryption-processing.cpp | 25 +- process/flexprobe-tcp-tracking.cpp | 199 +-- process/flow_hash.cpp | 25 +- process/flow_hash.hpp | 54 +- process/http.cpp | 904 +++++------ process/http.hpp | 356 ++--- process/icmp.cpp | 36 +- process/icmp.hpp | 103 +- process/idpcontent.cpp | 71 +- process/idpcontent.hpp | 189 +-- process/md5.cpp | 364 ++--- process/md5.hpp | 73 +- process/mpls.cpp | 29 +- process/mpls.hpp | 122 +- process/netbios.cpp | 58 +- process/netbios.hpp | 132 +- process/ntp.cpp | 669 ++++---- process/ntp.hpp | 357 ++--- process/osquery.cpp | 909 +++++------ process/osquery.hpp | 885 ++++++----- process/passivedns.cpp | 680 ++++---- process/passivedns.hpp | 240 ++- process/phists.cpp | 148 +- process/phists.hpp | 334 ++-- process/pstats.cpp | 182 +-- process/pstats.hpp | 337 ++-- process/quic.cpp | 109 +- process/quic.hpp | 175 +- process/rtsp.cpp | 730 ++++----- process/rtsp.hpp | 316 ++-- process/sip.cpp | 1009 ++++++------ process/sip.hpp | 589 +++---- process/smtp.cpp | 616 +++---- process/smtp.hpp | 383 +++-- process/ssadetector.cpp | 277 ++-- process/ssadetector.hpp | 205 +-- process/ssdp.cpp | 329 ++-- process/ssdp.hpp | 280 ++-- process/stats.cpp | 135 +- process/stats.hpp | 96 +- process/tls.cpp | 313 ++-- process/tls.hpp | 245 ++- process/tls_parser.cpp | 528 +++--- process/tls_parser.hpp | 112 +- process/vlan.cpp | 23 +- process/vlan.hpp | 108 +- process/wg.cpp | 274 ++-- process/wg.hpp | 189 ++- stacktrace.cpp | 257 ++- stacktrace.hpp | 2 +- stats.cpp | 195 ++- stats.hpp | 52 +- storage/cache.cpp | 811 +++++----- storage/cache.hpp | 277 ++-- tests/unit/byte-utils.cpp | 16 +- tests/unit/flowifc.cpp | 150 +- tests/unit/options.cpp | 242 +-- tests/unit/skip.cpp | 6 +- tests/unit/unirec.cpp | 89 +- tests/unit/utils.cpp | 137 +- utils.cpp | 4 +- workers.cpp | 357 +++-- workers.hpp | 59 +- 121 files changed, 17433 insertions(+), 16440 deletions(-) diff --git a/include/ipfixprobe/flowifc.hpp b/include/ipfixprobe/flowifc.hpp index 5b9c72b9..105b17d9 100644 --- a/include/ipfixprobe/flowifc.hpp +++ b/include/ipfixprobe/flowifc.hpp @@ -40,14 +40,14 @@ #include #ifdef WITH_NEMEA -#include #include "fields.h" +#include #else #define UR_FIELDS(...) #endif -#include #include "ipaddr.hpp" +#include namespace ipxp { @@ -60,126 +60,114 @@ int get_extension_cnt(); * \brief Flow record extension base struct. */ struct RecordExt { - RecordExt *m_next; /**< Pointer to next extension */ - int m_ext_id; /**< Identifier of extension. */ + RecordExt* m_next; /**< Pointer to next extension */ + int m_ext_id; /**< Identifier of extension. */ - /** - * \brief Constructor. - * \param [in] id ID of extension. - */ - RecordExt(int id) : m_next(nullptr), m_ext_id(id) - { - } + /** + * \brief Constructor. + * \param [in] id ID of extension. + */ + RecordExt(int id) + : m_next(nullptr) + , m_ext_id(id) + { + } #ifdef WITH_NEMEA - /** - * \brief Fill unirec record with stored extension data. - * \param [in] tmplt Unirec template. - * \param [out] record Pointer to the unirec record. - */ - virtual void fill_unirec(ur_template_t *tmplt, void *record) - { - } + /** + * \brief Fill unirec record with stored extension data. + * \param [in] tmplt Unirec template. + * \param [out] record Pointer to the unirec record. + */ + virtual void fill_unirec(ur_template_t* tmplt, void* record) {} - /** - * \brief Get unirec template string. - * \return Unirec template string. - */ - virtual const char *get_unirec_tmplt() const - { - return ""; - } + /** + * \brief Get unirec template string. + * \return Unirec template string. + */ + virtual const char* get_unirec_tmplt() const { return ""; } #endif - /** - * \brief Fill IPFIX record with stored extension data. - * \param [out] buffer IPFIX template record buffer. - * \param [in] size IPFIX template record buffer size. - * \return Number of bytes written to buffer or -1 if data cannot be written. - */ - virtual int fill_ipfix(uint8_t *buffer, int size) - { - return 0; - } + /** + * \brief Fill IPFIX record with stored extension data. + * \param [out] buffer IPFIX template record buffer. + * \param [in] size IPFIX template record buffer size. + * \return Number of bytes written to buffer or -1 if data cannot be written. + */ + virtual int fill_ipfix(uint8_t* buffer, int size) { return 0; } - /** - * \brief Get ipfix string fields. - * \return Return ipfix fields array. - */ - virtual const char **get_ipfix_tmplt() const - { - return nullptr; - } + /** + * \brief Get ipfix string fields. + * \return Return ipfix fields array. + */ + virtual const char** get_ipfix_tmplt() const { return nullptr; } - /** - * \brief Get text representation of exported elements - * \return Return fields converted to text - */ - virtual std::string get_text() const - { - return ""; - } + /** + * \brief Get text representation of exported elements + * \return Return fields converted to text + */ + virtual std::string get_text() const { return ""; } - /** - * \brief Add extension at the end of linked list. - * \param [in] ext Extension to add. - */ - void add_extension(RecordExt *ext) - { - RecordExt **tmp = &m_next; - while (*tmp) { - tmp = &(*tmp)->m_next; - } - *tmp = ext; - } + /** + * \brief Add extension at the end of linked list. + * \param [in] ext Extension to add. + */ + void add_extension(RecordExt* ext) + { + RecordExt** tmp = &m_next; + while (*tmp) { + tmp = &(*tmp)->m_next; + } + *tmp = ext; + } - /** - * \brief Virtual destructor. - */ - virtual ~RecordExt() - { - if (m_next != nullptr) { - delete m_next; - } - } + /** + * \brief Virtual destructor. + */ + virtual ~RecordExt() + { + if (m_next != nullptr) { + delete m_next; + } + } }; struct Record { - RecordExt *m_exts; /**< Extension headers. */ + RecordExt* m_exts; /**< Extension headers. */ - /** - * \brief Add new extension header. - * \param [in] ext Pointer to the extension header. - */ - void add_extension(RecordExt* ext) - { - if (m_exts == nullptr) { - m_exts = ext; - } else { - RecordExt *ext_ptr = m_exts; - while (ext_ptr->m_next != nullptr) { - ext_ptr = ext_ptr->m_next; - } - ext_ptr->m_next = ext; - } - } + /** + * \brief Add new extension header. + * \param [in] ext Pointer to the extension header. + */ + void add_extension(RecordExt* ext) + { + if (m_exts == nullptr) { + m_exts = ext; + } else { + RecordExt* ext_ptr = m_exts; + while (ext_ptr->m_next != nullptr) { + ext_ptr = ext_ptr->m_next; + } + ext_ptr->m_next = ext; + } + } - /** - * \brief Get given extension. - * \param [in] id Type of extension. - * \return Pointer to the requested extension or nullptr if extension is not present. - */ - RecordExt *get_extension(int id) const - { - RecordExt *ext = m_exts; - while (ext != nullptr) { - if (ext->m_ext_id == id) { - return ext; - } - ext = ext->m_next; - } - return nullptr; - } + /** + * \brief Get given extension. + * \param [in] id Type of extension. + * \return Pointer to the requested extension or nullptr if extension is not present. + */ + RecordExt* get_extension(int id) const + { + RecordExt* ext = m_exts; + while (ext != nullptr) { + if (ext->m_ext_id == id) { + return ext; + } + ext = ext->m_next; + } + return nullptr; + } /** * \brief Remove given extension. * \param [in] id Type of extension. @@ -187,88 +175,86 @@ struct Record { */ bool remove_extension(int id) { - RecordExt *ext = m_exts; - RecordExt *prev_ext = nullptr; + RecordExt* ext = m_exts; + RecordExt* prev_ext = nullptr; - while (ext != nullptr) { - if (ext->m_ext_id == id) { - if (prev_ext == nullptr) { // at beginning - m_exts = ext->m_next; - } else if (ext->m_next == nullptr) { // at end - prev_ext->m_next = nullptr; - } else { // in middle - prev_ext->m_next = ext->m_next; - } - ext->m_next = nullptr; - delete ext; - return true; - } - prev_ext = ext; - ext = ext->m_next; - } - return false; + while (ext != nullptr) { + if (ext->m_ext_id == id) { + if (prev_ext == nullptr) { // at beginning + m_exts = ext->m_next; + } else if (ext->m_next == nullptr) { // at end + prev_ext->m_next = nullptr; + } else { // in middle + prev_ext->m_next = ext->m_next; + } + ext->m_next = nullptr; + delete ext; + return true; + } + prev_ext = ext; + ext = ext->m_next; + } + return false; } - /** - * \brief Remove extension headers. - */ - void remove_extensions() - { - if (m_exts != nullptr) { - delete m_exts; - m_exts = nullptr; - } - } + /** + * \brief Remove extension headers. + */ + void remove_extensions() + { + if (m_exts != nullptr) { + delete m_exts; + m_exts = nullptr; + } + } - /** - * \brief Constructor. - */ - Record() : m_exts(nullptr) - { - } + /** + * \brief Constructor. + */ + Record() + : m_exts(nullptr) + { + } - /** - * \brief Destructor. - */ - virtual ~Record() - { - remove_extensions(); - } + /** + * \brief Destructor. + */ + virtual ~Record() { remove_extensions(); } }; #define FLOW_END_INACTIVE 0x01 -#define FLOW_END_ACTIVE 0x02 -#define FLOW_END_EOF 0x03 -#define FLOW_END_FORCED 0x04 -#define FLOW_END_NO_RES 0x05 +#define FLOW_END_ACTIVE 0x02 +#define FLOW_END_EOF 0x03 +#define FLOW_END_FORCED 0x04 +#define FLOW_END_NO_RES 0x05 /** * \brief Flow record struct constaining basic flow record data and extension headers. */ struct Flow : public Record { - uint64_t flow_hash; + uint64_t flow_hash; - struct timeval time_first; - struct timeval time_last; - uint64_t src_bytes; - uint64_t dst_bytes; - uint32_t src_packets; - uint32_t dst_packets; - uint8_t src_tcp_flags; - uint8_t dst_tcp_flags; + struct timeval time_first; + struct timeval time_last; + uint64_t src_bytes; + uint64_t dst_bytes; + uint32_t src_packets; + uint32_t dst_packets; + uint8_t src_tcp_flags; + uint8_t dst_tcp_flags; - uint8_t ip_version; + uint8_t ip_version; - uint8_t ip_proto; - uint16_t src_port; - uint16_t dst_port; - ipaddr_t src_ip; - ipaddr_t dst_ip; + uint8_t ip_proto; + uint16_t src_port; + uint16_t dst_port; + ipaddr_t src_ip; + ipaddr_t dst_ip; - uint8_t src_mac[6]; - uint8_t dst_mac[6]; - uint8_t end_reason; + uint8_t src_mac[6]; + uint8_t dst_mac[6]; + uint8_t end_reason; }; -} +} // namespace ipxp #endif /* IPXP_FLOWIFC_HPP */ diff --git a/include/ipfixprobe/input.hpp b/include/ipfixprobe/input.hpp index b8c8dc76..13356d2c 100644 --- a/include/ipfixprobe/input.hpp +++ b/include/ipfixprobe/input.hpp @@ -32,34 +32,32 @@ #include -#include "plugin.hpp" #include "packet.hpp" +#include "plugin.hpp" namespace ipxp { /** * \brief Base class for packet receivers. */ -class InputPlugin : public Plugin -{ +class InputPlugin : public Plugin { public: - enum class Result { - TIMEOUT = 0, - PARSED, - NOT_PARSED, - END_OF_FILE, - ERROR - }; + enum class Result { TIMEOUT = 0, PARSED, NOT_PARSED, END_OF_FILE, ERROR }; - uint64_t m_seen; - uint64_t m_parsed; - uint64_t m_dropped; + uint64_t m_seen; + uint64_t m_parsed; + uint64_t m_dropped; - InputPlugin() : m_seen(0), m_parsed(0), m_dropped(0) {} - virtual ~InputPlugin() {} + InputPlugin() + : m_seen(0) + , m_parsed(0) + , m_dropped(0) + { + } + virtual ~InputPlugin() {} - virtual Result get(PacketBlock &packets) = 0; + virtual Result get(PacketBlock& packets) = 0; }; -} +} // namespace ipxp #endif /* IPXP_INPUT_TEMPLATE_HPP */ diff --git a/include/ipfixprobe/ipaddr.hpp b/include/ipfixprobe/ipaddr.hpp index 8e11e1b9..bc518469 100644 --- a/include/ipfixprobe/ipaddr.hpp +++ b/include/ipfixprobe/ipaddr.hpp @@ -31,18 +31,15 @@ namespace ipxp { -enum IP : uint8_t { - v4 = 4, - v6 = 6 -}; +enum IP : uint8_t { v4 = 4, v6 = 6 }; /** * \brief Store IPv4 or IPv6 address. */ typedef union ipaddr_u { - uint8_t v6[16]; /**< IPv6 address. */ - uint32_t v4; /**< IPv4 address */ + uint8_t v6[16]; /**< IPv6 address. */ + uint32_t v4; /**< IPv4 address */ } ipaddr_t; -} +} // namespace ipxp #endif /* IPXP_IPADDR_HPP */ diff --git a/include/ipfixprobe/ipfix-basiclist.hpp b/include/ipfixprobe/ipfix-basiclist.hpp index 59c343bb..6aa15d34 100644 --- a/include/ipfixprobe/ipfix-basiclist.hpp +++ b/include/ipfixprobe/ipfix-basiclist.hpp @@ -30,40 +30,40 @@ #define IPFIXBASICLIST #include -#include #include #include +#include namespace ipxp { struct IpfixBasicList { public: - static const uint8_t IpfixBasicListRecordHdrSize = 12; - static const uint8_t IpfixBasicListHdrSize = 9; - static const uint8_t flag = 255; // Maximum size see rfc631; - static const uint8_t hdrSemantic = 3; - - enum ePEMNumber { - CesnetPEM = 8057, - }; + static const uint8_t IpfixBasicListRecordHdrSize = 12; + static const uint8_t IpfixBasicListHdrSize = 9; + static const uint8_t flag = 255; // Maximum size see rfc631; + static const uint8_t hdrSemantic = 3; - ePEMNumber hdrEnterpriseNum; + enum ePEMNumber { + CesnetPEM = 8057, + }; + ePEMNumber hdrEnterpriseNum; - static uint64_t Tv2Ts(timeval input); + static uint64_t Tv2Ts(timeval input); - int32_t HeaderSize(); - int32_t FillBuffer(uint8_t *buffer, uint16_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int16_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, uint32_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int32_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, struct timeval *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, uint8_t *values, uint16_t len, uint16_t fieldID); - int32_t FillBuffer(uint8_t *buffer, int8_t *values, uint16_t len, uint16_t fieldID); + int32_t HeaderSize(); + int32_t FillBuffer(uint8_t* buffer, uint16_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int16_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, uint32_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int32_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, struct timeval* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, uint8_t* values, uint16_t len, uint16_t fieldID); + int32_t FillBuffer(uint8_t* buffer, int8_t* values, uint16_t len, uint16_t fieldID); private: - int32_t FillBufferHdr(uint8_t *buffer, uint16_t length, uint16_t elementLength, uint16_t fieldID); + int32_t + FillBufferHdr(uint8_t* buffer, uint16_t length, uint16_t elementLength, uint16_t fieldID); }; -} +} // namespace ipxp #endif // ifndef IPFIXBASICLIST diff --git a/include/ipfixprobe/ipfix-elements.hpp b/include/ipfixprobe/ipfix-elements.hpp index 45ec4005..a24136bf 100644 --- a/include/ipfixprobe/ipfix-elements.hpp +++ b/include/ipfixprobe/ipfix-elements.hpp @@ -43,7 +43,6 @@ namespace ipxp { * 4. Source memory pointer (to copy value from) */ - /** * Difference between NTP and UNIX epoch in number of seconds. */ @@ -51,14 +50,16 @@ namespace ipxp { /** * Conversion from microseconds to NTP fraction (resolution 1/(2^32)s, ~233 picoseconds). - * Division by 1000000 would lead to wrong value when converting fraction back to microseconds, so 999999 is used. + * Division by 1000000 would lead to wrong value when converting fraction back to microseconds, so + * 999999 is used. */ #define NTP_USEC_TO_FRAC(usec) (uint32_t)(((uint64_t) usec << 32) / 999999) /** * Create 64 bit NTP timestamp which consist of 32 bit seconds part and 32 bit fraction part. */ -#define MK_NTP_TS(ts) (((uint64_t) (ts.tv_sec + EPOCH_DIFF) << 32) | (uint64_t) NTP_USEC_TO_FRAC(ts.tv_usec)) +#define MK_NTP_TS(ts) \ + (((uint64_t) (ts.tv_sec + EPOCH_DIFF) << 32) | (uint64_t) NTP_USEC_TO_FRAC(ts.tv_usec)) /** * Convert FIELD to its "attributes", i.e. BYTES(FIELD) used in the source code produces @@ -68,217 +69,225 @@ namespace ipxp { #define FIELD(EN, ID, LEN, SRC) EN, ID, LEN, SRC /* The list of known IPFIX elements: */ -#define BYTES(F) F(0, 1, 8, &flow.src_bytes) -#define BYTES_REV(F) F(29305, 1, 8, &flow.dst_bytes) -#define PACKETS(F) F(0, 2, 8, (temp = (uint64_t) flow.src_packets, &temp)) -#define PACKETS_REV(F) F(29305, 2, 8, (temp = (uint64_t) flow.dst_packets, &temp)) -#define FLOW_START_MSEC(F) F(0, 152, 8, (temp = ((uint64_t) flow.time_first.tv_sec) * 1000 + (flow.time_first.tv_usec / 1000), &temp)) -#define FLOW_END_MSEC(F) F(0, 153, 8, (temp = ((uint64_t) flow.time_last.tv_sec) * 1000 + (flow.time_last.tv_usec / 1000), &temp)) -#define FLOW_START_USEC(F) F(0, 154, 8, (temp = MK_NTP_TS(flow.time_first), &temp)) -#define FLOW_END_USEC(F) F(0, 155, 8, (temp = MK_NTP_TS(flow.time_last), &temp)) -#define OBSERVATION_MSEC(F) F(0, 323, 8, nullptr) -#define INPUT_INTERFACE(F) F(0, 10, 4, &this->dir_bit_field) -#define OUTPUT_INTERFACE(F) F(0, 14, 2, nullptr) -#define FLOW_END_REASON(F) F(0, 136, 1, &flow.end_reason) -#define FLOW_ID(F) F(0, 148, 8, &flow.flow_hash) - -#define ETHERTYPE(F) F(0, 256, 2, nullptr) - -#define VLAN_ID(F) F(0, 58, 2, nullptr) - -#define L2_SRC_MAC(F) F(0, 56, 6, flow.src_mac) -#define L2_DST_MAC(F) F(0, 80, 6, flow.dst_mac) - -#define L3_PROTO(F) F(0, 60, 1, &flow.ip_version) -#define L3_IPV4_ADDR_SRC(F) F(0, 8, 4, &flow.src_ip.v4) -#define L3_IPV4_ADDR_DST(F) F(0, 12, 4, &flow.dst_ip.v4) -#define L3_IPV4_TOS(F) F(0, 5, 1, nullptr) -#define L3_IPV6_ADDR_SRC(F) F(0, 27, 16, &flow.src_ip.v6) -#define L3_IPV6_ADDR_DST(F) F(0, 28, 16, &flow.dst_ip.v6) -#define L3_IPV4_IDENTIFICATION(F) F(0, 54, 2, nullptr) -#define L3_IPV4_FRAGMENT(F) F(0, 88, 2, nullptr) -#define L3_IPV4_TTL(F) F(0, 192, 1, nullptr) -#define L3_IPV6_TTL(F) F(0, 192, 1, nullptr) -#define L3_TTL(F) F(0, 192, 1, nullptr) -#define L3_TTL_REV(F) F(29305, 192, 1, nullptr) -#define L3_FLAGS(F) F(0, 197, 1, nullptr) -#define L3_FLAGS_REV(F) F(29305, 197, 1, nullptr) - -#define L4_PROTO(F) F(0, 4, 1, &flow.ip_proto) -#define L4_TCP_FLAGS(F) F(0, 6, 1, &flow.src_tcp_flags) -#define L4_TCP_FLAGS_REV(F) F(29305, 6, 1, &flow.dst_tcp_flags) -#define L4_PORT_SRC(F) F(0, 7, 2, &flow.src_port) -#define L4_PORT_DST(F) F(0, 11, 2, &flow.dst_port) -#define L4_ICMP_TYPE_CODE(F) F(0, 32, 2, nullptr) -#define L4_TCP_WIN(F) F(0, 186, 2, nullptr) -#define L4_TCP_WIN_REV(F) F(29305, 186, 2, nullptr) -#define L4_TCP_OPTIONS(F) F(0, 209, 8, nullptr) -#define L4_TCP_OPTIONS_REV(F) F(29305, 209, 8, nullptr) - - -#define L4_TCP_MSS(F) F(8057, 900, 4, nullptr) -#define L4_TCP_MSS_REV(F) F(8057, 901, 4, nullptr) -#define L4_TCP_SYN_SIZE(F) F(8057, 902, 2, nullptr) - -#define HTTP_DOMAIN(F) F(39499, 1, -1, nullptr) -#define HTTP_REFERER(F) F(39499, 3, -1, nullptr) -#define HTTP_URI(F) F(39499, 2, -1, nullptr) -#define HTTP_CONTENT_TYPE(F) F(39499, 10, -1, nullptr) -#define HTTP_STATUS(F) F(39499, 12, 2, nullptr) -#define HTTP_USERAGENT(F) F(39499, 20, -1, nullptr) -#define HTTP_METHOD(F) F(8057, 200, -1, nullptr) -#define HTTP_SERVER(F) F(8057, 201, -1, nullptr) -#define HTTP_SET_COOKIE_NAMES(F) F(8057, 202, -1, nullptr) - -#define RTSP_METHOD(F) F(16982, 600, -1, nullptr) -#define RTSP_USERAGENT(F) F(16982, 601, -1, nullptr) -#define RTSP_URI(F) F(16982, 602, -1, nullptr) -#define RTSP_STATUS(F) F(16982, 603, 2, nullptr) -#define RTSP_CONTENT_TYPE(F) F(16982, 604, -1, nullptr) -#define RTSP_SERVER(F) F(16982, 605, -1, nullptr) - -#define DNS_RCODE(F) F(8057, 1, 1, nullptr) -#define DNS_NAME(F) F(8057, 2, -1, nullptr) -#define DNS_QTYPE(F) F(8057, 3, 2, nullptr) -#define DNS_CLASS(F) F(8057, 4, 2, nullptr) -#define DNS_RR_TTL(F) F(8057, 5, 4, nullptr) -#define DNS_RLENGTH(F) F(8057, 6, 2, nullptr) -#define DNS_RDATA(F) F(8057, 7, -1, nullptr) -#define DNS_PSIZE(F) F(8057, 8, 2, nullptr) -#define DNS_DO(F) F(8057, 9, 1, nullptr) -#define DNS_ID(F) F(8057, 10, 2, nullptr) -#define DNS_ATYPE(F) F(8057, 11, 2, nullptr) -#define DNS_ANSWERS(F) F(8057, 14, 2, nullptr) - -#define SIP_MSG_TYPE(F) F(8057, 100, 2, nullptr) -#define SIP_STATUS_CODE(F) F(8057, 101, 2, nullptr) -#define SIP_CALL_ID(F) F(8057, 102, -1, nullptr) -#define SIP_CALLING_PARTY(F) F(8057, 103, -1, nullptr) -#define SIP_CALLED_PARTY(F) F(8057, 104, -1, nullptr) -#define SIP_VIA(F) F(8057, 105, -1, nullptr) -#define SIP_USER_AGENT(F) F(8057, 106, -1, nullptr) -#define SIP_REQUEST_URI(F) F(8057, 107, -1, nullptr) -#define SIP_CSEQ(F) F(8057, 108, -1, nullptr) - -#define NTP_LEAP(F) F(8057, 18, 1, nullptr) -#define NTP_VERSION(F) F(8057, 19, 1, nullptr) -#define NTP_MODE(F) F(8057, 20, 1, nullptr) -#define NTP_STRATUM(F) F(8057, 21, 1, nullptr) -#define NTP_POLL(F) F(8057, 22, 1, nullptr) -#define NTP_PRECISION(F) F(8057, 23, 1, nullptr) -#define NTP_DELAY(F) F(8057, 24, 4, nullptr) -#define NTP_DISPERSION(F) F(8057, 25, 4, nullptr) -#define NTP_REF_ID(F) F(8057, 26, -1, nullptr) -#define NTP_REF(F) F(8057, 27, -1, nullptr) -#define NTP_ORIG(F) F(8057, 28, -1, nullptr) -#define NTP_RECV(F) F(8057, 29, -1, nullptr) -#define NTP_SENT(F) F(8057, 30, -1, nullptr) - -#define ARP_HA_FORMAT(F) F(8057, 31, 2, nullptr) -#define ARP_PA_FORMAT(F) F(8057, 32, 2, nullptr) -#define ARP_OPCODE(F) F(8057, 33, 2, nullptr) -#define ARP_SRC_HA(F) F(8057, 34, -1, nullptr) -#define ARP_SRC_PA(F) F(8057, 35, -1, nullptr) -#define ARP_DST_HA(F) F(8057, 36, -1, nullptr) -#define ARP_DST_PA(F) F(8057, 37, -1, nullptr) - -#define TLS_SNI(F) F(8057, 808, -1, nullptr) -#define TLS_VERSION(F) F(39499, 333, 2, nullptr) -#define TLS_ALPN(F) F(39499, 337, -1, nullptr) -#define TLS_JA3(F) F(39499, 357, -1, nullptr) - -#define SMTP_COMMANDS(F) F(8057, 810, 4, nullptr) -#define SMTP_MAIL_COUNT(F) F(8057, 811, 4, nullptr) -#define SMTP_RCPT_COUNT(F) F(8057, 812, 4, nullptr) -#define SMTP_SENDER(F) F(8057, 813, -1, nullptr) -#define SMTP_RECIPIENT(F) F(8057, 814, -1, nullptr) -#define SMTP_STATUS_CODES(F) F(8057, 815, 4, nullptr) -#define SMTP_CODE_2XX_COUNT(F) F(8057, 816, 4, nullptr) -#define SMTP_CODE_3XX_COUNT(F) F(8057, 817, 4, nullptr) -#define SMTP_CODE_4XX_COUNT(F) F(8057, 818, 4, nullptr) -#define SMTP_CODE_5XX_COUNT(F) F(8057, 819, 4, nullptr) -#define SMTP_DOMAIN(F) F(8057, 820, -1, nullptr) - -#define SSDP_LOCATION_PORT(F) F(8057, 821, 2, nullptr) -#define SSDP_SERVER(F) F(8057, 822, -1, nullptr) -#define SSDP_USER_AGENT(F) F(8057, 823, -1, nullptr) -#define SSDP_NT(F) F(8057, 824, -1, nullptr) -#define SSDP_ST(F) F(8057, 825, -1, nullptr) - -#define DNSSD_QUERIES(F) F(8057, 826, -1, nullptr) -#define DNSSD_RESPONSES(F) F(8057, 827, -1, nullptr) - -#define OVPN_CONF_LEVEL(F) F(8057, 828, 1, nullptr) -#define SSA_CONF_LEVEL(F) F(8057, 903, 1, nullptr) - -#define NB_NAME(F) F(8057, 831, -1, nullptr) -#define NB_SUFFIX(F) F(8057, 832, 1, nullptr) - - -#define IDP_CONTENT(F) F(8057, 850, -1, nullptr) -#define IDP_CONTENT_REV(F) F(8057, 851, -1, nullptr) - -#define STATS_PCKT_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1013 (uint16*) -#define STATS_PCKT_TIMESTAMPS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1014 (time*) -#define STATS_PCKT_TCPFLGS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1015 (uint8*) -#define STATS_PCKT_DIRECTIONS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1016 (int8*) - -#define SBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1050 (uint16*) -#define SBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1051 (uint16*) -#define SBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1052 (time*) -#define SBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1053 (time*) -#define DBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1054 (uint16*) -#define DBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1055 (uint16*) -#define DBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1056 (time*) -#define DBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1057 (time*) - -#define D_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1063 (uint32*) -#define D_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1062 (uint32*) -#define S_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1060 (uint32*) -#define S_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1061 (uint32*) - -#define QUIC_SNI(F) F(8057, 890, -1, nullptr) -#define QUIC_USER_AGENT(F) F(8057, 891, -1, nullptr) -#define QUIC_VERSION(F) F(8057, 892, 4, nullptr) - -#define OSQUERY_PROGRAM_NAME(F) F(8057, 852, -1, nullptr) -#define OSQUERY_USERNAME(F) F(8057, 853, -1, nullptr) -#define OSQUERY_OS_NAME(F) F(8057, 854, -1, nullptr) -#define OSQUERY_OS_MAJOR(F) F(8057, 855, 2, nullptr) -#define OSQUERY_OS_MINOR(F) F(8057, 856, 2, nullptr) -#define OSQUERY_OS_BUILD(F) F(8057, 857, -1, nullptr) -#define OSQUERY_OS_PLATFORM(F) F(8057, 858, -1, nullptr) -#define OSQUERY_OS_PLATFORM_LIKE(F) F(8057, 859, -1, nullptr) -#define OSQUERY_OS_ARCH(F) F(8057, 860, -1, nullptr) -#define OSQUERY_KERNEL_VERSION(F) F(8057, 861, -1, nullptr) -#define OSQUERY_SYSTEM_HOSTNAME(F) F(8057, 862, -1, nullptr) +#define BYTES(F) F(0, 1, 8, &flow.src_bytes) +#define BYTES_REV(F) F(29305, 1, 8, &flow.dst_bytes) +#define PACKETS(F) F(0, 2, 8, (temp = (uint64_t) flow.src_packets, &temp)) +#define PACKETS_REV(F) F(29305, 2, 8, (temp = (uint64_t) flow.dst_packets, &temp)) +#define FLOW_START_MSEC(F) \ + F(0, \ + 152, \ + 8, \ + (temp = ((uint64_t) flow.time_first.tv_sec) * 1000 + (flow.time_first.tv_usec / 1000), \ + &temp)) +#define FLOW_END_MSEC(F) \ + F(0, \ + 153, \ + 8, \ + (temp = ((uint64_t) flow.time_last.tv_sec) * 1000 + (flow.time_last.tv_usec / 1000), &temp)) +#define FLOW_START_USEC(F) F(0, 154, 8, (temp = MK_NTP_TS(flow.time_first), &temp)) +#define FLOW_END_USEC(F) F(0, 155, 8, (temp = MK_NTP_TS(flow.time_last), &temp)) +#define OBSERVATION_MSEC(F) F(0, 323, 8, nullptr) +#define INPUT_INTERFACE(F) F(0, 10, 4, &this->dir_bit_field) +#define OUTPUT_INTERFACE(F) F(0, 14, 2, nullptr) +#define FLOW_END_REASON(F) F(0, 136, 1, &flow.end_reason) +#define FLOW_ID(F) F(0, 148, 8, &flow.flow_hash) + +#define ETHERTYPE(F) F(0, 256, 2, nullptr) + +#define VLAN_ID(F) F(0, 58, 2, nullptr) + +#define L2_SRC_MAC(F) F(0, 56, 6, flow.src_mac) +#define L2_DST_MAC(F) F(0, 80, 6, flow.dst_mac) + +#define L3_PROTO(F) F(0, 60, 1, &flow.ip_version) +#define L3_IPV4_ADDR_SRC(F) F(0, 8, 4, &flow.src_ip.v4) +#define L3_IPV4_ADDR_DST(F) F(0, 12, 4, &flow.dst_ip.v4) +#define L3_IPV4_TOS(F) F(0, 5, 1, nullptr) +#define L3_IPV6_ADDR_SRC(F) F(0, 27, 16, &flow.src_ip.v6) +#define L3_IPV6_ADDR_DST(F) F(0, 28, 16, &flow.dst_ip.v6) +#define L3_IPV4_IDENTIFICATION(F) F(0, 54, 2, nullptr) +#define L3_IPV4_FRAGMENT(F) F(0, 88, 2, nullptr) +#define L3_IPV4_TTL(F) F(0, 192, 1, nullptr) +#define L3_IPV6_TTL(F) F(0, 192, 1, nullptr) +#define L3_TTL(F) F(0, 192, 1, nullptr) +#define L3_TTL_REV(F) F(29305, 192, 1, nullptr) +#define L3_FLAGS(F) F(0, 197, 1, nullptr) +#define L3_FLAGS_REV(F) F(29305, 197, 1, nullptr) + +#define L4_PROTO(F) F(0, 4, 1, &flow.ip_proto) +#define L4_TCP_FLAGS(F) F(0, 6, 1, &flow.src_tcp_flags) +#define L4_TCP_FLAGS_REV(F) F(29305, 6, 1, &flow.dst_tcp_flags) +#define L4_PORT_SRC(F) F(0, 7, 2, &flow.src_port) +#define L4_PORT_DST(F) F(0, 11, 2, &flow.dst_port) +#define L4_ICMP_TYPE_CODE(F) F(0, 32, 2, nullptr) +#define L4_TCP_WIN(F) F(0, 186, 2, nullptr) +#define L4_TCP_WIN_REV(F) F(29305, 186, 2, nullptr) +#define L4_TCP_OPTIONS(F) F(0, 209, 8, nullptr) +#define L4_TCP_OPTIONS_REV(F) F(29305, 209, 8, nullptr) + +#define L4_TCP_MSS(F) F(8057, 900, 4, nullptr) +#define L4_TCP_MSS_REV(F) F(8057, 901, 4, nullptr) +#define L4_TCP_SYN_SIZE(F) F(8057, 902, 2, nullptr) + +#define HTTP_DOMAIN(F) F(39499, 1, -1, nullptr) +#define HTTP_REFERER(F) F(39499, 3, -1, nullptr) +#define HTTP_URI(F) F(39499, 2, -1, nullptr) +#define HTTP_CONTENT_TYPE(F) F(39499, 10, -1, nullptr) +#define HTTP_STATUS(F) F(39499, 12, 2, nullptr) +#define HTTP_USERAGENT(F) F(39499, 20, -1, nullptr) +#define HTTP_METHOD(F) F(8057, 200, -1, nullptr) +#define HTTP_SERVER(F) F(8057, 201, -1, nullptr) +#define HTTP_SET_COOKIE_NAMES(F) F(8057, 202, -1, nullptr) + +#define RTSP_METHOD(F) F(16982, 600, -1, nullptr) +#define RTSP_USERAGENT(F) F(16982, 601, -1, nullptr) +#define RTSP_URI(F) F(16982, 602, -1, nullptr) +#define RTSP_STATUS(F) F(16982, 603, 2, nullptr) +#define RTSP_CONTENT_TYPE(F) F(16982, 604, -1, nullptr) +#define RTSP_SERVER(F) F(16982, 605, -1, nullptr) + +#define DNS_RCODE(F) F(8057, 1, 1, nullptr) +#define DNS_NAME(F) F(8057, 2, -1, nullptr) +#define DNS_QTYPE(F) F(8057, 3, 2, nullptr) +#define DNS_CLASS(F) F(8057, 4, 2, nullptr) +#define DNS_RR_TTL(F) F(8057, 5, 4, nullptr) +#define DNS_RLENGTH(F) F(8057, 6, 2, nullptr) +#define DNS_RDATA(F) F(8057, 7, -1, nullptr) +#define DNS_PSIZE(F) F(8057, 8, 2, nullptr) +#define DNS_DO(F) F(8057, 9, 1, nullptr) +#define DNS_ID(F) F(8057, 10, 2, nullptr) +#define DNS_ATYPE(F) F(8057, 11, 2, nullptr) +#define DNS_ANSWERS(F) F(8057, 14, 2, nullptr) + +#define SIP_MSG_TYPE(F) F(8057, 100, 2, nullptr) +#define SIP_STATUS_CODE(F) F(8057, 101, 2, nullptr) +#define SIP_CALL_ID(F) F(8057, 102, -1, nullptr) +#define SIP_CALLING_PARTY(F) F(8057, 103, -1, nullptr) +#define SIP_CALLED_PARTY(F) F(8057, 104, -1, nullptr) +#define SIP_VIA(F) F(8057, 105, -1, nullptr) +#define SIP_USER_AGENT(F) F(8057, 106, -1, nullptr) +#define SIP_REQUEST_URI(F) F(8057, 107, -1, nullptr) +#define SIP_CSEQ(F) F(8057, 108, -1, nullptr) + +#define NTP_LEAP(F) F(8057, 18, 1, nullptr) +#define NTP_VERSION(F) F(8057, 19, 1, nullptr) +#define NTP_MODE(F) F(8057, 20, 1, nullptr) +#define NTP_STRATUM(F) F(8057, 21, 1, nullptr) +#define NTP_POLL(F) F(8057, 22, 1, nullptr) +#define NTP_PRECISION(F) F(8057, 23, 1, nullptr) +#define NTP_DELAY(F) F(8057, 24, 4, nullptr) +#define NTP_DISPERSION(F) F(8057, 25, 4, nullptr) +#define NTP_REF_ID(F) F(8057, 26, -1, nullptr) +#define NTP_REF(F) F(8057, 27, -1, nullptr) +#define NTP_ORIG(F) F(8057, 28, -1, nullptr) +#define NTP_RECV(F) F(8057, 29, -1, nullptr) +#define NTP_SENT(F) F(8057, 30, -1, nullptr) + +#define ARP_HA_FORMAT(F) F(8057, 31, 2, nullptr) +#define ARP_PA_FORMAT(F) F(8057, 32, 2, nullptr) +#define ARP_OPCODE(F) F(8057, 33, 2, nullptr) +#define ARP_SRC_HA(F) F(8057, 34, -1, nullptr) +#define ARP_SRC_PA(F) F(8057, 35, -1, nullptr) +#define ARP_DST_HA(F) F(8057, 36, -1, nullptr) +#define ARP_DST_PA(F) F(8057, 37, -1, nullptr) + +#define TLS_SNI(F) F(8057, 808, -1, nullptr) +#define TLS_VERSION(F) F(39499, 333, 2, nullptr) +#define TLS_ALPN(F) F(39499, 337, -1, nullptr) +#define TLS_JA3(F) F(39499, 357, -1, nullptr) + +#define SMTP_COMMANDS(F) F(8057, 810, 4, nullptr) +#define SMTP_MAIL_COUNT(F) F(8057, 811, 4, nullptr) +#define SMTP_RCPT_COUNT(F) F(8057, 812, 4, nullptr) +#define SMTP_SENDER(F) F(8057, 813, -1, nullptr) +#define SMTP_RECIPIENT(F) F(8057, 814, -1, nullptr) +#define SMTP_STATUS_CODES(F) F(8057, 815, 4, nullptr) +#define SMTP_CODE_2XX_COUNT(F) F(8057, 816, 4, nullptr) +#define SMTP_CODE_3XX_COUNT(F) F(8057, 817, 4, nullptr) +#define SMTP_CODE_4XX_COUNT(F) F(8057, 818, 4, nullptr) +#define SMTP_CODE_5XX_COUNT(F) F(8057, 819, 4, nullptr) +#define SMTP_DOMAIN(F) F(8057, 820, -1, nullptr) + +#define SSDP_LOCATION_PORT(F) F(8057, 821, 2, nullptr) +#define SSDP_SERVER(F) F(8057, 822, -1, nullptr) +#define SSDP_USER_AGENT(F) F(8057, 823, -1, nullptr) +#define SSDP_NT(F) F(8057, 824, -1, nullptr) +#define SSDP_ST(F) F(8057, 825, -1, nullptr) + +#define DNSSD_QUERIES(F) F(8057, 826, -1, nullptr) +#define DNSSD_RESPONSES(F) F(8057, 827, -1, nullptr) + +#define OVPN_CONF_LEVEL(F) F(8057, 828, 1, nullptr) +#define SSA_CONF_LEVEL(F) F(8057, 903, 1, nullptr) + +#define NB_NAME(F) F(8057, 831, -1, nullptr) +#define NB_SUFFIX(F) F(8057, 832, 1, nullptr) + +#define IDP_CONTENT(F) F(8057, 850, -1, nullptr) +#define IDP_CONTENT_REV(F) F(8057, 851, -1, nullptr) + +#define STATS_PCKT_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1013 (uint16*) +#define STATS_PCKT_TIMESTAMPS(F) \ + F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1014 (time*) +#define STATS_PCKT_TCPFLGS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1015 (uint8*) +#define STATS_PCKT_DIRECTIONS(F) \ + F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1016 (int8*) + +#define SBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1050 (uint16*) +#define SBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1051 (uint16*) +#define SBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1052 (time*) +#define SBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1053 (time*) +#define DBI_BRST_PACKETS(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1054 (uint16*) +#define DBI_BRST_BYTES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1055 (uint16*) +#define DBI_BRST_TIME_START(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1056 (time*) +#define DBI_BRST_TIME_STOP(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1057 (time*) + +#define D_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1063 (uint32*) +#define D_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1062 (uint32*) +#define S_PHISTS_SIZES(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1060 (uint32*) +#define S_PHISTS_IPT(F) F(0, 291, -1, nullptr) // BASIC LIST -- FIELD IS e8057id1061 (uint32*) + +#define QUIC_SNI(F) F(8057, 890, -1, nullptr) +#define QUIC_USER_AGENT(F) F(8057, 891, -1, nullptr) +#define QUIC_VERSION(F) F(8057, 892, 4, nullptr) + +#define OSQUERY_PROGRAM_NAME(F) F(8057, 852, -1, nullptr) +#define OSQUERY_USERNAME(F) F(8057, 853, -1, nullptr) +#define OSQUERY_OS_NAME(F) F(8057, 854, -1, nullptr) +#define OSQUERY_OS_MAJOR(F) F(8057, 855, 2, nullptr) +#define OSQUERY_OS_MINOR(F) F(8057, 856, 2, nullptr) +#define OSQUERY_OS_BUILD(F) F(8057, 857, -1, nullptr) +#define OSQUERY_OS_PLATFORM(F) F(8057, 858, -1, nullptr) +#define OSQUERY_OS_PLATFORM_LIKE(F) F(8057, 859, -1, nullptr) +#define OSQUERY_OS_ARCH(F) F(8057, 860, -1, nullptr) +#define OSQUERY_KERNEL_VERSION(F) F(8057, 861, -1, nullptr) +#define OSQUERY_SYSTEM_HOSTNAME(F) F(8057, 862, -1, nullptr) #ifdef WITH_FLEXPROBE -#define FX_FRAME_SIGNATURE(F) F(5715, 1010, 18, nullptr) -#define FX_INPUT_INTERFACE(F) F(5715, 1015, 1, nullptr) -#define FX_TCP_TRACKING(F) F(5715, 1020, 1, nullptr) +#define FX_FRAME_SIGNATURE(F) F(5715, 1010, 18, nullptr) +#define FX_INPUT_INTERFACE(F) F(5715, 1015, 1, nullptr) +#define FX_TCP_TRACKING(F) F(5715, 1020, 1, nullptr) #endif -#define WG_CONF_LEVEL(F) F(8057, 1100, 1, nullptr) -#define WG_SRC_PEER(F) F(8057, 1101, 4, nullptr) -#define WG_DST_PEER(F) F(8057, 1102, 4, nullptr) - -#define NTS_MEAN(F) F(8057, 1020, 4, nullptr) -#define NTS_MIN(F) F(8057, 1021, 2, nullptr) -#define NTS_MAX(F) F(8057, 1022, 2, nullptr) -#define NTS_STDEV(F) F(8057, 1023, 4, nullptr) -#define NTS_KURTOSIS(F) F(8057, 1024, 4, nullptr) -#define NTS_ROOT_MEAN_SQUARE(F) F(8057, 1025, 4, nullptr) -#define NTS_AVERAGE_DISPERSION(F) F(8057, 1026, 4, nullptr) -#define NTS_MEAN_SCALED_TIME(F) F(8057, 1027, 4, nullptr) -#define NTS_MEAN_DIFFTIMES(F) F(8057, 1028, 4, nullptr) -#define NTS_MIN_DIFFTIMES(F) F(8057, 1029, 4, nullptr) -#define NTS_MAX_DIFFTIMES(F) F(8057, 1030, 4, nullptr) -#define NTS_TIME_DISTRIBUTION(F) F(8057, 1031, 4, nullptr) -#define NTS_SWITCHING_RATIO(F) F(8057, 1032, 4, nullptr) - -#define MPLS_TOP_LABEL_STACK_SECTION F(0, 70, -1, nullptr) - +#define WG_CONF_LEVEL(F) F(8057, 1100, 1, nullptr) +#define WG_SRC_PEER(F) F(8057, 1101, 4, nullptr) +#define WG_DST_PEER(F) F(8057, 1102, 4, nullptr) + +#define NTS_MEAN(F) F(8057, 1020, 4, nullptr) +#define NTS_MIN(F) F(8057, 1021, 2, nullptr) +#define NTS_MAX(F) F(8057, 1022, 2, nullptr) +#define NTS_STDEV(F) F(8057, 1023, 4, nullptr) +#define NTS_KURTOSIS(F) F(8057, 1024, 4, nullptr) +#define NTS_ROOT_MEAN_SQUARE(F) F(8057, 1025, 4, nullptr) +#define NTS_AVERAGE_DISPERSION(F) F(8057, 1026, 4, nullptr) +#define NTS_MEAN_SCALED_TIME(F) F(8057, 1027, 4, nullptr) +#define NTS_MEAN_DIFFTIMES(F) F(8057, 1028, 4, nullptr) +#define NTS_MIN_DIFFTIMES(F) F(8057, 1029, 4, nullptr) +#define NTS_MAX_DIFFTIMES(F) F(8057, 1030, 4, nullptr) +#define NTS_TIME_DISTRIBUTION(F) F(8057, 1031, 4, nullptr) +#define NTS_SWITCHING_RATIO(F) F(8057, 1032, 4, nullptr) + +#define MPLS_TOP_LABEL_STACK_SECTION F(0, 70, -1, nullptr) /** * IPFIX Templates - list of elements @@ -292,252 +301,244 @@ namespace ipxp { */ #ifdef IPXP_TS_MSEC -#define FLOW_START FLOW_START_MSEC -#define FLOW_END FLOW_END_MSEC +#define FLOW_START FLOW_START_MSEC +#define FLOW_END FLOW_END_MSEC #else -#define FLOW_START FLOW_START_USEC -#define FLOW_END FLOW_END_USEC +#define FLOW_START FLOW_START_USEC +#define FLOW_END FLOW_END_USEC #endif - -#define BASIC_TMPLT_V4(F) \ - F(FLOW_END_REASON) \ - F(BYTES) \ - F(BYTES_REV) \ - F(PACKETS) \ - F(PACKETS_REV) \ - F(FLOW_START) \ - F(FLOW_END) \ - F(L3_PROTO) \ - F(L4_PROTO) \ - F(L4_TCP_FLAGS) \ - F(L4_TCP_FLAGS_REV) \ - F(L4_PORT_SRC) \ - F(L4_PORT_DST) \ - F(INPUT_INTERFACE) \ - F(L3_IPV4_ADDR_SRC) \ - F(L3_IPV4_ADDR_DST) \ - F(L2_SRC_MAC) \ - F(L2_DST_MAC) - -#define BASIC_TMPLT_V6(F) \ - F(FLOW_END_REASON) \ - F(BYTES) \ - F(BYTES_REV) \ - F(PACKETS) \ - F(PACKETS_REV) \ - F(FLOW_START) \ - F(FLOW_END) \ - F(L3_PROTO) \ - F(L4_PROTO) \ - F(L4_TCP_FLAGS) \ - F(L4_TCP_FLAGS_REV) \ - F(L4_PORT_SRC) \ - F(L4_PORT_DST) \ - F(INPUT_INTERFACE) \ - F(L3_IPV6_ADDR_SRC) \ - F(L3_IPV6_ADDR_DST) \ - F(L2_SRC_MAC) \ - F(L2_DST_MAC) - -#define IPFIX_HTTP_TEMPLATE(F) \ - F(HTTP_USERAGENT) \ - F(HTTP_METHOD) \ - F(HTTP_DOMAIN) \ - F(HTTP_REFERER) \ - F(HTTP_URI) \ - F(HTTP_CONTENT_TYPE) \ - F(HTTP_SERVER) \ - F(HTTP_SET_COOKIE_NAMES) \ - F(HTTP_STATUS) - -#define IPFIX_RTSP_TEMPLATE(F) \ - F(RTSP_METHOD) \ - F(RTSP_USERAGENT) \ - F(RTSP_URI) \ - F(RTSP_STATUS)\ - F(RTSP_SERVER) \ - F(RTSP_CONTENT_TYPE) - -#define IPFIX_TLS_TEMPLATE(F) \ - F(TLS_VERSION) \ - F(TLS_SNI) \ - F(TLS_ALPN) \ - F(TLS_JA3) - -#define IPFIX_NTP_TEMPLATE(F) \ - F(NTP_LEAP) \ - F(NTP_VERSION) \ - F(NTP_MODE) \ - F(NTP_STRATUM) \ - F(NTP_POLL) \ - F(NTP_PRECISION) \ - F(NTP_DELAY) \ - F(NTP_DISPERSION) \ - F(NTP_REF_ID) \ - F(NTP_REF) \ - F(NTP_ORIG) \ - F(NTP_RECV) \ - F(NTP_SENT) - -#define IPFIX_DNS_TEMPLATE(F) \ - F(DNS_ANSWERS) \ - F(DNS_RCODE) \ - F(DNS_QTYPE) \ - F(DNS_CLASS) \ - F(DNS_RR_TTL) \ - F(DNS_RLENGTH) \ - F(DNS_PSIZE) \ - F(DNS_DO) \ - F(DNS_ID) \ - F(DNS_NAME) \ - F(DNS_RDATA) - -#define IPFIX_PASSIVEDNS_TEMPLATE(F) \ - F(DNS_ID) \ - F(DNS_RR_TTL) \ - F(DNS_ATYPE) \ - F(DNS_RDATA) \ - F(DNS_NAME) - -#define IPFIX_SMTP_TEMPLATE(F) \ - F(SMTP_COMMANDS) \ - F(SMTP_MAIL_COUNT) \ - F(SMTP_RCPT_COUNT) \ - F(SMTP_STATUS_CODES) \ - F(SMTP_CODE_2XX_COUNT) \ - F(SMTP_CODE_3XX_COUNT) \ - F(SMTP_CODE_4XX_COUNT) \ - F(SMTP_CODE_5XX_COUNT) \ - F(SMTP_DOMAIN) \ - F(SMTP_SENDER) \ - F(SMTP_RECIPIENT) - -#define IPFIX_SIP_TEMPLATE(F) \ - F(SIP_MSG_TYPE) \ - F(SIP_STATUS_CODE) \ - F(SIP_CSEQ) \ - F(SIP_CALLING_PARTY) \ - F(SIP_CALLED_PARTY) \ - F(SIP_CALL_ID) \ - F(SIP_USER_AGENT) \ - F(SIP_REQUEST_URI) \ - F(SIP_VIA) - -#define IPFIX_PSTATS_TEMPLATE(F) \ - F(STATS_PCKT_SIZES) \ - F(STATS_PCKT_TIMESTAMPS) \ - F(STATS_PCKT_TCPFLGS) \ - F(STATS_PCKT_DIRECTIONS) - -#define IPFIX_OVPN_TEMPLATE(F) \ - F(OVPN_CONF_LEVEL) - -#define IPFIX_SSADETECTOR_TEMPLATE(F) \ - F(SSA_CONF_LEVEL) - -#define IPFIX_SSDP_TEMPLATE(F) \ - F(SSDP_LOCATION_PORT) \ - F(SSDP_NT) \ - F(SSDP_USER_AGENT)\ - F(SSDP_ST) \ - F(SSDP_SERVER) - -#define IPFIX_DNSSD_TEMPLATE(F) \ - F(DNSSD_QUERIES) \ - F(DNSSD_RESPONSES) - -#define IPFIX_IDPCONTENT_TEMPLATE(F) \ - F(IDP_CONTENT) \ - F(IDP_CONTENT_REV) - -#define IPFIX_BSTATS_TEMPLATE(F) \ - F(SBI_BRST_PACKETS) \ - F(SBI_BRST_BYTES) \ - F(SBI_BRST_TIME_START) \ - F(SBI_BRST_TIME_STOP) \ - F(DBI_BRST_PACKETS) \ - F(DBI_BRST_BYTES) \ - F(DBI_BRST_TIME_START) \ - F(DBI_BRST_TIME_STOP) - -#define IPFIX_NETBIOS_TEMPLATE(F) \ - F(NB_SUFFIX) \ - F(NB_NAME) - -#define IPFIX_NETBIOS_TEMPLATE(F) \ - F(NB_SUFFIX) \ - F(NB_NAME) - -#define IPFIX_BASICPLUS_TEMPLATE(F) \ - F(L3_TTL) \ - F(L3_TTL_REV) \ - F(L3_FLAGS) \ - F(L3_FLAGS_REV) \ - F(L4_TCP_WIN) \ - F(L4_TCP_WIN_REV) \ - F(L4_TCP_OPTIONS) \ - F(L4_TCP_OPTIONS_REV) \ - F(L4_TCP_MSS) \ - F(L4_TCP_MSS_REV) \ - F(L4_TCP_SYN_SIZE) - -#define IPFIX_PHISTS_TEMPLATE(F) \ - F(S_PHISTS_SIZES) \ - F(S_PHISTS_IPT) \ - F(D_PHISTS_SIZES) \ - F(D_PHISTS_IPT) - -#define IPFIX_WG_TEMPLATE(F) \ - F(WG_CONF_LEVEL) \ - F(WG_SRC_PEER) \ - F(WG_DST_PEER) - -#define IPFIX_QUIC_TEMPLATE(F) \ - F(QUIC_SNI) \ - F(QUIC_USER_AGENT) \ - F(QUIC_VERSION) - -#define IPFIX_OSQUERY_TEMPLATE(F) \ - F(OSQUERY_PROGRAM_NAME) \ - F(OSQUERY_USERNAME) \ - F(OSQUERY_OS_NAME) \ - F(OSQUERY_OS_MAJOR) \ - F(OSQUERY_OS_MINOR) \ - F(OSQUERY_OS_BUILD) \ - F(OSQUERY_OS_PLATFORM) \ - F(OSQUERY_OS_PLATFORM_LIKE) \ - F(OSQUERY_OS_ARCH) \ - F(OSQUERY_KERNEL_VERSION) \ - F(OSQUERY_SYSTEM_HOSTNAME) - -#define IPFIX_ICMP_TEMPLATE(F) \ - F(L4_ICMP_TYPE_CODE) - -#define IPFIX_VLAN_TEMPLATE(F) \ - F(VLAN_ID) - -#define IPFIX_NETTISA_TEMPLATE(F) \ - F(NTS_MEAN) \ - F(NTS_MIN) \ - F(NTS_MAX) \ - F(NTS_STDEV) \ - F(NTS_KURTOSIS) \ - F(NTS_ROOT_MEAN_SQUARE) \ - F(NTS_AVERAGE_DISPERSION) \ - F(NTS_MEAN_SCALED_TIME) \ - F(NTS_MEAN_DIFFTIMES) \ - F(NTS_MIN_DIFFTIMES) \ - F(NTS_MAX_DIFFTIMES) \ - F(NTS_TIME_DISTRIBUTION) \ - F(NTS_SWITCHING_RATIO) - - -#define IPFIX_FLOW_HASH_TEMPLATE(F) \ - F(FLOW_ID) - -#define IPFIX_MPLS_TEMPLATE(F) \ - F(MPLS_TOP_LABEL_STACK_SECTION) +#define BASIC_TMPLT_V4(F) \ + F(FLOW_END_REASON) \ + F(BYTES) \ + F(BYTES_REV) \ + F(PACKETS) \ + F(PACKETS_REV) \ + F(FLOW_START) \ + F(FLOW_END) \ + F(L3_PROTO) \ + F(L4_PROTO) \ + F(L4_TCP_FLAGS) \ + F(L4_TCP_FLAGS_REV) \ + F(L4_PORT_SRC) \ + F(L4_PORT_DST) \ + F(INPUT_INTERFACE) \ + F(L3_IPV4_ADDR_SRC) \ + F(L3_IPV4_ADDR_DST) \ + F(L2_SRC_MAC) \ + F(L2_DST_MAC) + +#define BASIC_TMPLT_V6(F) \ + F(FLOW_END_REASON) \ + F(BYTES) \ + F(BYTES_REV) \ + F(PACKETS) \ + F(PACKETS_REV) \ + F(FLOW_START) \ + F(FLOW_END) \ + F(L3_PROTO) \ + F(L4_PROTO) \ + F(L4_TCP_FLAGS) \ + F(L4_TCP_FLAGS_REV) \ + F(L4_PORT_SRC) \ + F(L4_PORT_DST) \ + F(INPUT_INTERFACE) \ + F(L3_IPV6_ADDR_SRC) \ + F(L3_IPV6_ADDR_DST) \ + F(L2_SRC_MAC) \ + F(L2_DST_MAC) + +#define IPFIX_HTTP_TEMPLATE(F) \ + F(HTTP_USERAGENT) \ + F(HTTP_METHOD) \ + F(HTTP_DOMAIN) \ + F(HTTP_REFERER) \ + F(HTTP_URI) \ + F(HTTP_CONTENT_TYPE) \ + F(HTTP_SERVER) \ + F(HTTP_SET_COOKIE_NAMES) \ + F(HTTP_STATUS) + +#define IPFIX_RTSP_TEMPLATE(F) \ + F(RTSP_METHOD) \ + F(RTSP_USERAGENT) \ + F(RTSP_URI) \ + F(RTSP_STATUS) \ + F(RTSP_SERVER) \ + F(RTSP_CONTENT_TYPE) + +#define IPFIX_TLS_TEMPLATE(F) \ + F(TLS_VERSION) \ + F(TLS_SNI) \ + F(TLS_ALPN) \ + F(TLS_JA3) + +#define IPFIX_NTP_TEMPLATE(F) \ + F(NTP_LEAP) \ + F(NTP_VERSION) \ + F(NTP_MODE) \ + F(NTP_STRATUM) \ + F(NTP_POLL) \ + F(NTP_PRECISION) \ + F(NTP_DELAY) \ + F(NTP_DISPERSION) \ + F(NTP_REF_ID) \ + F(NTP_REF) \ + F(NTP_ORIG) \ + F(NTP_RECV) \ + F(NTP_SENT) + +#define IPFIX_DNS_TEMPLATE(F) \ + F(DNS_ANSWERS) \ + F(DNS_RCODE) \ + F(DNS_QTYPE) \ + F(DNS_CLASS) \ + F(DNS_RR_TTL) \ + F(DNS_RLENGTH) \ + F(DNS_PSIZE) \ + F(DNS_DO) \ + F(DNS_ID) \ + F(DNS_NAME) \ + F(DNS_RDATA) + +#define IPFIX_PASSIVEDNS_TEMPLATE(F) \ + F(DNS_ID) \ + F(DNS_RR_TTL) \ + F(DNS_ATYPE) \ + F(DNS_RDATA) \ + F(DNS_NAME) + +#define IPFIX_SMTP_TEMPLATE(F) \ + F(SMTP_COMMANDS) \ + F(SMTP_MAIL_COUNT) \ + F(SMTP_RCPT_COUNT) \ + F(SMTP_STATUS_CODES) \ + F(SMTP_CODE_2XX_COUNT) \ + F(SMTP_CODE_3XX_COUNT) \ + F(SMTP_CODE_4XX_COUNT) \ + F(SMTP_CODE_5XX_COUNT) \ + F(SMTP_DOMAIN) \ + F(SMTP_SENDER) \ + F(SMTP_RECIPIENT) + +#define IPFIX_SIP_TEMPLATE(F) \ + F(SIP_MSG_TYPE) \ + F(SIP_STATUS_CODE) \ + F(SIP_CSEQ) \ + F(SIP_CALLING_PARTY) \ + F(SIP_CALLED_PARTY) \ + F(SIP_CALL_ID) \ + F(SIP_USER_AGENT) \ + F(SIP_REQUEST_URI) \ + F(SIP_VIA) + +#define IPFIX_PSTATS_TEMPLATE(F) \ + F(STATS_PCKT_SIZES) \ + F(STATS_PCKT_TIMESTAMPS) \ + F(STATS_PCKT_TCPFLGS) \ + F(STATS_PCKT_DIRECTIONS) + +#define IPFIX_OVPN_TEMPLATE(F) F(OVPN_CONF_LEVEL) + +#define IPFIX_SSADETECTOR_TEMPLATE(F) F(SSA_CONF_LEVEL) + +#define IPFIX_SSDP_TEMPLATE(F) \ + F(SSDP_LOCATION_PORT) \ + F(SSDP_NT) \ + F(SSDP_USER_AGENT) \ + F(SSDP_ST) \ + F(SSDP_SERVER) + +#define IPFIX_DNSSD_TEMPLATE(F) \ + F(DNSSD_QUERIES) \ + F(DNSSD_RESPONSES) + +#define IPFIX_IDPCONTENT_TEMPLATE(F) \ + F(IDP_CONTENT) \ + F(IDP_CONTENT_REV) + +#define IPFIX_BSTATS_TEMPLATE(F) \ + F(SBI_BRST_PACKETS) \ + F(SBI_BRST_BYTES) \ + F(SBI_BRST_TIME_START) \ + F(SBI_BRST_TIME_STOP) \ + F(DBI_BRST_PACKETS) \ + F(DBI_BRST_BYTES) \ + F(DBI_BRST_TIME_START) \ + F(DBI_BRST_TIME_STOP) + +#define IPFIX_NETBIOS_TEMPLATE(F) \ + F(NB_SUFFIX) \ + F(NB_NAME) + +#define IPFIX_NETBIOS_TEMPLATE(F) \ + F(NB_SUFFIX) \ + F(NB_NAME) + +#define IPFIX_BASICPLUS_TEMPLATE(F) \ + F(L3_TTL) \ + F(L3_TTL_REV) \ + F(L3_FLAGS) \ + F(L3_FLAGS_REV) \ + F(L4_TCP_WIN) \ + F(L4_TCP_WIN_REV) \ + F(L4_TCP_OPTIONS) \ + F(L4_TCP_OPTIONS_REV) \ + F(L4_TCP_MSS) \ + F(L4_TCP_MSS_REV) \ + F(L4_TCP_SYN_SIZE) + +#define IPFIX_PHISTS_TEMPLATE(F) \ + F(S_PHISTS_SIZES) \ + F(S_PHISTS_IPT) \ + F(D_PHISTS_SIZES) \ + F(D_PHISTS_IPT) + +#define IPFIX_WG_TEMPLATE(F) \ + F(WG_CONF_LEVEL) \ + F(WG_SRC_PEER) \ + F(WG_DST_PEER) + +#define IPFIX_QUIC_TEMPLATE(F) \ + F(QUIC_SNI) \ + F(QUIC_USER_AGENT) \ + F(QUIC_VERSION) + +#define IPFIX_OSQUERY_TEMPLATE(F) \ + F(OSQUERY_PROGRAM_NAME) \ + F(OSQUERY_USERNAME) \ + F(OSQUERY_OS_NAME) \ + F(OSQUERY_OS_MAJOR) \ + F(OSQUERY_OS_MINOR) \ + F(OSQUERY_OS_BUILD) \ + F(OSQUERY_OS_PLATFORM) \ + F(OSQUERY_OS_PLATFORM_LIKE) \ + F(OSQUERY_OS_ARCH) \ + F(OSQUERY_KERNEL_VERSION) \ + F(OSQUERY_SYSTEM_HOSTNAME) + +#define IPFIX_ICMP_TEMPLATE(F) F(L4_ICMP_TYPE_CODE) + +#define IPFIX_VLAN_TEMPLATE(F) F(VLAN_ID) + +#define IPFIX_NETTISA_TEMPLATE(F) \ + F(NTS_MEAN) \ + F(NTS_MIN) \ + F(NTS_MAX) \ + F(NTS_STDEV) \ + F(NTS_KURTOSIS) \ + F(NTS_ROOT_MEAN_SQUARE) \ + F(NTS_AVERAGE_DISPERSION) \ + F(NTS_MEAN_SCALED_TIME) \ + F(NTS_MEAN_DIFFTIMES) \ + F(NTS_MIN_DIFFTIMES) \ + F(NTS_MAX_DIFFTIMES) \ + F(NTS_TIME_DISTRIBUTION) \ + F(NTS_SWITCHING_RATIO) + +#define IPFIX_FLOW_HASH_TEMPLATE(F) F(FLOW_ID) + +#define IPFIX_MPLS_TEMPLATE(F) F(MPLS_TOP_LABEL_STACK_SECTION) #ifdef WITH_FLEXPROBE #define IPFIX_FLEXPROBE_DATA_TEMPLATE(F) F(FX_FRAME_SIGNATURE) F(FX_INPUT_INTERFACE) @@ -555,37 +556,37 @@ namespace ipxp { * This macro is define in order to use all elements of all defined * templates at once. */ -#define IPFIX_ENABLED_TEMPLATES(F) \ - BASIC_TMPLT_V4(F) \ - BASIC_TMPLT_V6(F) \ - IPFIX_HTTP_TEMPLATE(F) \ - IPFIX_RTSP_TEMPLATE(F) \ - IPFIX_TLS_TEMPLATE(F) \ - IPFIX_NTP_TEMPLATE(F) \ - IPFIX_SIP_TEMPLATE(F) \ - IPFIX_DNS_TEMPLATE(F) \ - IPFIX_PASSIVEDNS_TEMPLATE(F) \ - IPFIX_PSTATS_TEMPLATE(F) \ - IPFIX_OVPN_TEMPLATE(F) \ - IPFIX_SMTP_TEMPLATE(F) \ - IPFIX_SSDP_TEMPLATE(F) \ - IPFIX_DNSSD_TEMPLATE(F) \ - IPFIX_IDPCONTENT_TEMPLATE(F) \ - IPFIX_NETBIOS_TEMPLATE(F) \ - IPFIX_BASICPLUS_TEMPLATE(F) \ - IPFIX_BSTATS_TEMPLATE(F) \ - IPFIX_PHISTS_TEMPLATE(F) \ - IPFIX_WG_TEMPLATE(F) \ - IPFIX_QUIC_TEMPLATE(F) \ - IPFIX_OSQUERY_TEMPLATE(F) \ - IPFIX_FLEXPROBE_DATA_TEMPLATE(F) \ - IPFIX_FLEXPROBE_TCP_TEMPLATE(F) \ - IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) \ - IPFIX_SSADETECTOR_TEMPLATE(F) \ - IPFIX_ICMP_TEMPLATE(F) \ - IPFIX_VLAN_TEMPLATE(F) \ - IPFIX_NETTISA_TEMPLATE(F) \ - IPFIX_FLOW_HASH_TEMPLATE(F) +#define IPFIX_ENABLED_TEMPLATES(F) \ + BASIC_TMPLT_V4(F) \ + BASIC_TMPLT_V6(F) \ + IPFIX_HTTP_TEMPLATE(F) \ + IPFIX_RTSP_TEMPLATE(F) \ + IPFIX_TLS_TEMPLATE(F) \ + IPFIX_NTP_TEMPLATE(F) \ + IPFIX_SIP_TEMPLATE(F) \ + IPFIX_DNS_TEMPLATE(F) \ + IPFIX_PASSIVEDNS_TEMPLATE(F) \ + IPFIX_PSTATS_TEMPLATE(F) \ + IPFIX_OVPN_TEMPLATE(F) \ + IPFIX_SMTP_TEMPLATE(F) \ + IPFIX_SSDP_TEMPLATE(F) \ + IPFIX_DNSSD_TEMPLATE(F) \ + IPFIX_IDPCONTENT_TEMPLATE(F) \ + IPFIX_NETBIOS_TEMPLATE(F) \ + IPFIX_BASICPLUS_TEMPLATE(F) \ + IPFIX_BSTATS_TEMPLATE(F) \ + IPFIX_PHISTS_TEMPLATE(F) \ + IPFIX_WG_TEMPLATE(F) \ + IPFIX_QUIC_TEMPLATE(F) \ + IPFIX_OSQUERY_TEMPLATE(F) \ + IPFIX_FLEXPROBE_DATA_TEMPLATE(F) \ + IPFIX_FLEXPROBE_TCP_TEMPLATE(F) \ + IPFIX_FLEXPROBE_ENCR_TEMPLATE(F) \ + IPFIX_SSADETECTOR_TEMPLATE(F) \ + IPFIX_ICMP_TEMPLATE(F) \ + IPFIX_VLAN_TEMPLATE(F) \ + IPFIX_NETTISA_TEMPLATE(F) \ + IPFIX_FLOW_HASH_TEMPLATE(F) /** * Helper macro, convert FIELD into its name as a C literal. @@ -595,5 +596,5 @@ namespace ipxp { */ #define IPFIX_FIELD_NAMES(F) #F, -} +} // namespace ipxp #endif /* IPXP_IPFIX_ELEMENTS_HPP */ diff --git a/include/ipfixprobe/options.hpp b/include/ipfixprobe/options.hpp index 06223e1f..e3982f30 100644 --- a/include/ipfixprobe/options.hpp +++ b/include/ipfixprobe/options.hpp @@ -29,63 +29,65 @@ #ifndef IPXP_OPTIONS_HPP #define IPXP_OPTIONS_HPP -#include -#include +#include #include +#include +#include #include #include -#include -#include +#include namespace ipxp { -class OptionsParser -{ +class OptionsParser { public: - static const char DELIM = ';'; - typedef std::function OptionParserFunc; - enum OptionFlags : uint32_t { - RequiredArgument = 1, - OptionalArgument = 2, - NoArgument = 4 - }; + static const char DELIM = ';'; + typedef std::function OptionParserFunc; + enum OptionFlags : uint32_t { RequiredArgument = 1, OptionalArgument = 2, NoArgument = 4 }; - OptionsParser(); - OptionsParser(const std::string &name, const std::string &info); - ~OptionsParser(); - OptionsParser(OptionsParser &p) = delete; - OptionsParser(OptionsParser &&p) = delete; - void operator=(OptionsParser &p) = delete; - void operator=(OptionsParser &&p) = delete; - void parse(const char *args) const; - void parse(int argc, const char **argv) const; - void usage(std::ostream &os, int indentation = 0, std::string mod_name = "") const; + OptionsParser(); + OptionsParser(const std::string& name, const std::string& info); + ~OptionsParser(); + OptionsParser(OptionsParser& p) = delete; + OptionsParser(OptionsParser&& p) = delete; + void operator=(OptionsParser& p) = delete; + void operator=(OptionsParser&& p) = delete; + void parse(const char* args) const; + void parse(int argc, const char** argv) const; + void usage(std::ostream& os, int indentation = 0, std::string mod_name = "") const; protected: - std::string m_name; - std::string m_info; - char m_delim; - struct Option { - std::string m_short; - std::string m_long; - std::string m_hint; - std::string m_description; - OptionParserFunc m_parser; - OptionFlags m_flags; - }; - std::vector