Merge remote-tracking branch 'origin/hutak-unirec-array' into devel

extra_plugins/output/unirec/CMakeLists.txt

@@ -7,7 +7,7 @@ set(UNIREC_DESCRIPTION
 )
 
 set(UNIREC_VERSION_MAJOR 2)
-set(UNIREC_VERSION_MINOR 0)
+set(UNIREC_VERSION_MINOR 2)
 set(UNIREC_VERSION_PATCH 0)
 set(UNIREC_VERSION
     ${UNIREC_VERSION_MAJOR}.${UNIREC_VERSION_MINOR}.${UNIREC_VERSION_PATCH})
@@ -19,9 +19,9 @@ include(CheckCXXCompilerFlag)
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/CMakeModules")
 
 # Find IPFIXcol and libnf
-find_package(IPFIXcol2 2.0.0 REQUIRED)
-find_package(LibTrap REQUIRED)
-find_package(Unirec REQUIRED)
+find_package(IPFIXcol2 2.1.0 REQUIRED)  # support for basicList is required
+find_package(LibTrap 1.13.1 REQUIRED)
+find_package(LibUnirec 2.8.0 REQUIRED)
 
 # Set default build type if not specified by user
 if (NOT CMAKE_BUILD_TYPE)
@@ -49,7 +49,7 @@ configure_file(
 include_directories(
     "${IPFIXCOL2_INCLUDE_DIRS}"  # IPFIXcol2 header files
     "${LIBTRAP_INCLUDE_DIRS}"    # libtrap header files
-    "${UNIREC_INCLUDE_DIRS}"     # unirec header files
+    "${LIBUNIREC_INCLUDE_DIRS}"  # unirec header files
 )
 
 # Create a linkable module
@@ -67,7 +67,7 @@ add_library(unirec-output MODULE
 
 target_link_libraries(unirec-output
     ${LIBTRAP_LIBRARIES}               # libtrap
-    ${UNIREC_LIBRARIES}                # unirec
+    ${LIBUNIREC_LIBRARIES}             # unirec
     m                                  # standard math library
 )
 

extra_plugins/output/unirec/CMakeModules/FindLibTrap.cmake

@@ -5,30 +5,53 @@
 
 # use pkg-config to get the directories and then use these values
 # in the find_path() and find_library() calls
-find_package(PkgConfig)
-pkg_check_modules(PC_LIBTRAP QUIET LibTrap)
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+	pkg_check_modules(PC_LIBTRAP QUIET "libtrap")
+endif()
 set(LIBTRAP_DEFINITIONS ${PC_LIBTRAP_CFLAGS_OTHER})
 
 find_path(
-	LIBTRAP_INCLUDE_DIR trap.h
+	LIBTRAP_INCLUDE_DIR libtrap/trap.h
 	HINTS ${PC_LIBTRAP_INCLUDEDIR} ${PC_LIBTRAP_INCLUDE_DIRS}
-	PATH_SUFFIXES include/libtrap
+	PATH_SUFFIX include
 )
 
 find_library(
-	LIBTRAP_LIBRARY NAMES trap
+	LIBTRAP_LIBRARY NAMES trap libtrap
 	HINTS ${PC_LIBTRAP_LIBDIR} ${PC_LIBTRAP_LIBRARY_DIRS}
 	PATH_SUFFIXES lib lib64
 )
 
-# handle the QUIETLY and REQUIRED arguments and set LIBLIBTRAP_FOUND to TRUE
+if (PC_LIBTRAP_VERSION)
+	# Version extracted from pkg-config
+	set(LIBTRAP_VERSION_STRING ${PC_LIBTRAP_VERSION})
+elseif (LIBTRAP_INCLUDE_DIR AND LIBTRAP_LIBRARY)
+	# Try to get the version of the installed library
+	try_run(
+		TRAP_RES_RUN TRAP_RES_COMP
+		${CMAKE_CURRENT_BINARY_DIR}/try_run/trap_version_test/
+		${PROJECT_SOURCE_DIR}/CMakeModules/try_run/trap_version.c
+		CMAKE_FLAGS
+		  -DLINK_LIBRARIES=${LIBTRAP_LIBRARY}
+		  -DINCLUDE_DIRECTORIES=${LIBTRAP_INCLUDE_DIR}
+		RUN_OUTPUT_VARIABLE LIBTRAP_VERSION_VAR
+    )
+
+	if (TRAP_RES_COMP AND TRAP_RES_RUN EQUAL 0)
+		# Successfully compiled and executed with return code 0
+		set(LIBTRAP_VERSION_STRING ${LIBTRAP_VERSION_VAR})
+	endif()
+endif()
+
+# handle the QUIETLY and REQUIRED arguments and set LIBTRAP_FOUND to TRUE
 # if all listed variables are TRUE
 include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(libtrap
+find_package_handle_standard_args(LibTrap
 	REQUIRED_VARS LIBTRAP_LIBRARY LIBTRAP_INCLUDE_DIR
 	VERSION_VAR LIBTRAP_VERSION_STRING
 )
 
 set(LIBTRAP_LIBRARIES ${LIBTRAP_LIBRARY})
 set(LIBTRAP_INCLUDE_DIRS ${LIBTRAP_INCLUDE_DIR})
-mark_as_advanced(LIBTRAP_INCLUDE_DIR LIBTRAP_LIBRARIES)
+mark_as_advanced(LIBTRAP_INCLUDE_DIR LIBTRAP_LIBRARY)

extra_plugins/output/unirec/CMakeModules/FindLibUnirec.cmake

@@ -0,0 +1,42 @@
+#  LIBUNIREC_FOUND - System has libfds
+#  LIBUNIREC_INCLUDE_DIRS - The libfds include directories
+#  LIBUNIREC_LIBRARIES - The libraries needed to use libfds
+#  LIBUNIREC_DEFINITIONS - Compiler switches required for using libfds
+
+# use pkg-config to get the directories and then use these values
+# in the find_path() and find_library() calls
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+	pkg_check_modules(PC_UNIREC QUIET "unirec")
+endif()
+set(LIBUNIREC_DEFINITIONS ${PC_UNIREC_CFLAGS_OTHER})
+
+find_path(
+	UNIREC_INCLUDE_DIR unirec/unirec.h
+	HINTS ${PC_UNIREC_INCLUDEDIR} ${PC_UNIREC_INCLUDE_DIRS}
+	PATH_SUFFIXES include
+)
+
+find_library(
+	UNIREC_LIBRARY NAMES unirec libunirec
+	HINTS ${PC_UNIREC_LIBDIR} ${PC_UNIREC_LIBRARY_DIRS}
+	PATH_SUFFIXES lib lib64
+)
+
+if (PC_UNIREC_VERSION)
+	# Version extracted from pkg-config
+	set(UNIREC_VERSION_STRING ${PC_UNIREC_VERSION})
+endif()
+
+
+# handle the QUIETLY and REQUIRED arguments and set LIBUNIREC_FOUND to TRUE
+# if all listed variables are TRUE
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(LibUnirec
+	REQUIRED_VARS UNIREC_LIBRARY UNIREC_INCLUDE_DIR
+	VERSION_VAR UNIREC_VERSION_STRING
+)
+
+set(LIBUNIREC_LIBRARIES ${UNIREC_LIBRARY})
+set(LIBUNIREC_INCLUDE_DIRS ${UNIREC_INCLUDE_DIR})
+mark_as_advanced(UNIREC_INCLUDE_DIR UNIREC_LIBRARY)

extra_plugins/output/unirec/CMakeModules/try_run/trap_version.c

@@ -0,0 +1,10 @@
+#include <libtrap/trap.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int
+main(int argc, char *argv[])
+{
+    printf("%s", trap_version);
+    return EXIT_SUCCESS;
+}

extra_plugins/output/unirec/config/unirec-elements.txt

@@ -4,8 +4,12 @@
 # fields. You can change setting by editing this file. Each entry consists
 # of the following parameters:
 #  - UniRec field name
-#  - UniRec data type (int{8,16,32,64}, uint{8,16,32,64}, float, double, time,
-#      ipaddr, macaddr, char, string, bytes)
+#  - UniRec data type - one of the following:
+#      int{8,16,32,64}, uint{8,16,32,64},
+#      float, double, time, ipaddr, macaddr, char, string, bytes
+#      int{8,16,32,64}*, uint{8,16,32,64}*,          // "array of" types
+#      float*, double*, time*, ipaddr*, macaddr*     // "array of" types
+#      string_trimmed                                // trimmed string (i.e. no tailing '\0')
 #  - Comma separated list of IPFIX Information Elements identifiers
 #      ("eXXidYY" where XX is Private Enterprise Number and YY is field ID)
 #
@@ -31,6 +35,13 @@ TIME_FIRST                     time          e0id150,e0id152,e0id154,e0id156 # T
 TIME_LAST                      time          e0id151,e0id153,e0id155,e0id157 # Time of the last packet of a flow
 DIR_BIT_FIELD                  uint8         _internal_dbf_   # Bit field used for determining incoming/outgoing flow (1 => Incoming, 0 => Outgoing)
 LINK_BIT_FIELD                 uint64        _internal_lbf_   # Bit field of links on which was flow seen
+SRC_MAC                        macaddr       e0id56
+DST_MAC                        macaddr       e0id80
+
+# --- Additional biflow fields ---
+BYTES_REV                      uint64        e29305id1
+PACKETS_REV                    uint32        e29305id2
+TCP_FLAGS_REV                  uint8         e29305id6
 
 # --- DNS specific fields ---
 DNS_ID                         uint16        e39499id110      # DNS transaction id
@@ -123,32 +134,40 @@ IPV6_TUN_TYPE                  uint8         e16982id405      # IPv6 tunnel type
 APP_ID                         bytes         e0id95           # Application ID from libprotoident / NBAR2 / Flowmon's NBAR plugin
 
 # --- Flowmon TLS fields
-TLS_CONTENT_TYPE	uint8	flowmon:tlsContentType		# tlsContentType
-TLS_HANDSHAKE_TYPE	uint32	flowmon:tlsHandshakeType	# https://tools.ietf.org/html/rfc5246#appendix-A.4
-TLS_SETUP_TIME		uint64	flowmon:tlsSetupTime		# tlsSetupTime
-TLS_SERVER_VERSION	uint16	flowmon:tlsServerVersion	# 8b major and 8b minor, 0x0303 ~ TLS1.2
-TLS_SERVER_RANDOM	bytes	flowmon:tlsServerRandom		# tlsServerRandom
-TLS_SERVER_SESSIONID	bytes	flowmon:tlsServerSessionId	# tlsServerSessionId
-TLS_CIPHER_SUITE	uint16	flowmon:tlsCipherSuite		# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
-TLS_ALPN		string	flowmon:tlsAlpn			# TLS Application-Layer Protocol Negotiation https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
-TLS_SNI			string	flowmon:tlsSni			# Server Name Indication https://en.wikipedia.org/wiki/Server_Name_Indication
-TLS_SNI_LENGTH		uint16	flowmon:tlsSniLength		# Length of TLS_SNI field
-TLS_CLIENT_VERSION	uint16	flowmon:tlsClientVersion	# tlsClientVersion
-TLS_CIPHER_SUITES	bytes	flowmon:tlsCipherSuites		# List of 2B ciphers, beware of network byte order. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
-TLS_CLIENT_RANDOM	bytes	flowmon:tlsClientRandom		# tlsClientRandom
-TLS_CLIENT_SESSIONID	bytes	flowmon:tlsClientSessionId	# tlsClientSessionId
-TLS_EXTENSION_TYPES	bytes	flowmon:tlsExtensionTypes	# tlsExtensionTypes
-TLS_EXTENSION_LENGTHS	bytes	flowmon:tlsExtensionLengths	# tlsExtensionLengths
-TLS_ELLIPTIC_CURVES	bytes	flowmon:tlsEllipticCurves	# tlsEllipticCurves
-TLS_EC_POINTFORMATS	bytes	flowmon:tlsEcPointFormats	# tlsEcPointFormats
-TLS_CLIENT_KEYLENGTH	int32	flowmon:tlsClientKeyLength	# Length of client's key
-TLS_ISSUER_CN		string	flowmon:tlsIssuerCn		# Common name of certificate issuer
-TLS_SUBJECT_CN		string	flowmon:tlsSubjectCn		# Certificate Common Name
-TLS_SUBJECT_ON		string	flowmon:tlsSubjectOn		# Certificate Organization Name
-TLS_VALIDITY_NOTBEFORE	int64	flowmon:tlsValidityNotBefore	# UNIX timestamp of certificate creation
-TLS_VALIDITY_NOTAFTER	int64	flowmon:tlsValidityNotAfter	# UNIX timestamp of certificate expiration
-TLS_SIGNATURE_ALG	uint16	flowmon:tlsSignatureAlg		# tlsSignatureAlg
-TLS_PUBLIC_KEYALG	uint16	flowmon:tlsPublicKeyAlg		# tlsPublicKeyAlg
-TLS_PUBLIC_KEYLENGTH	int32	flowmon:tlsPublicKeyLength	# tlsPublicKeyLength
-TLS_JA_3FINGERPRINT	bytes	flowmon:tlsJa3Fingerprint	# tlsJa3Fingerprint
+TLS_CONTENT_TYPE               uint8         flowmon:tlsContentType       # tlsContentType
+TLS_HANDSHAKE_TYPE             uint32        flowmon:tlsHandshakeType     # https://tools.ietf.org/html/rfc5246#appendix-A.4
+TLS_SETUP_TIME                 uint64        flowmon:tlsSetupTime         # tlsSetupTime
+TLS_SERVER_VERSION             uint16        flowmon:tlsServerVersion     # 8b major and 8b minor, 0x0303 ~ TLS1.2
+TLS_SERVER_RANDOM              bytes         flowmon:tlsServerRandom      # tlsServerRandom
+TLS_SERVER_SESSIONID           bytes         flowmon:tlsServerSessionId   # tlsServerSessionId
+TLS_CIPHER_SUITE               uint16        flowmon:tlsCipherSuite       # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_ALPN                       string        flowmon:tlsAlpn              # TLS Application-Layer Protocol Negotiation https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+TLS_SNI                        string        flowmon:tlsSni               # Server Name Indication https://en.wikipedia.org/wiki/Server_Name_Indication
+TLS_SNI_LENGTH                 uint16        flowmon:tlsSniLength         # Length of TLS_SNI field
+TLS_CLIENT_VERSION             uint16        flowmon:tlsClientVersion     # tlsClientVersion
+TLS_CIPHER_SUITES              bytes         flowmon:tlsCipherSuites      # List of 2B ciphers, beware of network byte order. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_CLIENT_RANDOM              bytes         flowmon:tlsClientRandom      # tlsClientRandom
+TLS_CLIENT_SESSIONID           bytes         flowmon:tlsClientSessionId   # tlsClientSessionId
+TLS_EXTENSION_TYPES            bytes         flowmon:tlsExtensionTypes    # tlsExtensionTypes
+TLS_EXTENSION_LENGTHS          bytes         flowmon:tlsExtensionLengths  # tlsExtensionLengths
+TLS_ELLIPTIC_CURVES            bytes         flowmon:tlsEllipticCurves    # tlsEllipticCurves
+TLS_EC_POINTFORMATS            bytes         flowmon:tlsEcPointFormats    # tlsEcPointFormats
+TLS_CLIENT_KEYLENGTH           int32         flowmon:tlsClientKeyLength   # Length of client's key
+TLS_ISSUER_CN                  string        flowmon:tlsIssuerCn          # Common name of certificate issuer
+TLS_SUBJECT_CN                 string        flowmon:tlsSubjectCn         # Certificate Common Name
+TLS_SUBJECT_ON                 string        flowmon:tlsSubjectOn         # Certificate Organization Name
+TLS_VALIDITY_NOTBEFORE         int64         flowmon:tlsValidityNotBefore # UNIX timestamp of certificate creation
+TLS_VALIDITY_NOTAFTER          int64         flowmon:tlsValidityNotAfter  # UNIX timestamp of certificate expiration
+TLS_SIGNATURE_ALG              uint16        flowmon:tlsSignatureAlg      # tlsSignatureAlg
+TLS_PUBLIC_KEYALG              uint16        flowmon:tlsPublicKeyAlg      # tlsPublicKeyAlg
+TLS_PUBLIC_KEYLENGTH           int32         flowmon:tlsPublicKeyLength   # tlsPublicKeyLength
+TLS_JA_3FINGERPRINT            bytes         flowmon:tlsJa3Fingerprint    # tlsJa3Fingerprint
 
+# --- Per-Packet Information elements ---
+PPI_TLS_REC_LENGTHS            int16*        e0id291/e8057id1010          # basicList of TLS record lengths
+PPI_TLS_REC_TIMES             uint16*        e0id291/e8057id1011          # basicList of TLS record timestamps
+PPI_TLS_CONTENT_TYPES          uint8*        e0id291/e8057id1012          # basicList of TLS record content types
+PPI_PKT_LENGTHS                int16*        e0id291/e8057id1013          # basicList of packet lengths
+PPI_PKT_TIMES                   time*        e0id291/e8057id1014          # basicList of packet timestamps
+PPI_PKT_FLAGS                   int8*        e0id291/e8057id1015          # basicList of packet TCP flags
+PPI_PKT_DIRECTIONS              int8*        e0id291/e8057id1016          # basicList of packet directions