#include "config.h"
#endif
+#include "netflow.h"
+
#include <fstream>
#include <mutex>
#include <sys/stat.h>
#include "log/messages.h"
#include "managers/module_manager.h"
#include "main/reload_tuner.h"
-#include "profiler/profiler.h"
-#include "protocols/packet.h"
#include "pub_sub/netflow_event.h"
#include "src/utils/endian.h"
#include "time/packet_time.h"
using namespace snort;
-THREAD_LOCAL NetFlowStats netflow_stats;
-THREAD_LOCAL ProfileStats netflow_perf_stats;
-
-// Used to ensure we fully populate the record; can't rely on the actual values being zero
-struct RecordStatus
-{
- bool src = false;
- bool dst = false;
- bool first = false;
- bool last = false;
- bool src_tos = false;
- bool dst_tos = false;
- bool bytes_sent = false;
- bool packets_sent = false;
-};
-
-// -----------------------------------------------------------------------------
-// static variables
-// -----------------------------------------------------------------------------
-
-// temporary cache required to dump the output
-typedef std::pair<snort::SfIp, NetFlowSessionRecord> IpRecord;
-typedef std::vector<IpRecord> DumpCache;
-static DumpCache* dump_cache = nullptr;
-
-// compare struct to use with ip sort
-struct IpCompare
-{
- bool operator()(const IpRecord& a, const IpRecord& b)
- { return a.first.less_than(b.first); }
-};
-
-static std::unordered_map<int, int>* udp_srv_map = nullptr;
-static std::unordered_map<int, int>* tcp_srv_map = nullptr;
-
// -----------------------------------------------------------------------------
// static functions
// -----------------------------------------------------------------------------
static bool decode_netflow_v9(const unsigned char* data, uint16_t size,
const Packet* p, const NetFlowRules* p_rules)
{
+ // Ensure this flow isn't implicitly trusted
+ p->flow->set_deferred_trust(NetFlowModule::module_id, true);
+
NetFlow9Hdr header;
const NetFlow9Hdr *pheader;
const NetFlow9FlowSet *flowset;
static bool decode_netflow_v5(const unsigned char* data, uint16_t size,
const Packet* p, const NetFlowRules* p_rules)
{
+ // Ensure this flow isn't implicitly trusted
+ p->flow->set_deferred_trust(NetFlowModule::module_id, true);
+
NetFlow5Hdr header;
const NetFlow5Hdr *pheader;
const NetFlow5RecordHdr *precord;
void show(const snort::SnortConfig*) const override;
void install_reload_handler(snort::SnortConfig*) override;
+ bool is_control_channel() const override
+ { return true; }
+
private:
const NetFlowConfig *config;
static void netflow_dtor(Inspector* p)
{ delete p; }
+static void netflow_inspector_pinit()
+{
+ NetFlowModule::init();
+}
+
static const InspectApi netflow_api =
{
{
PROTO_BIT__UDP,
nullptr, // buffers
"netflow", // service
- nullptr,
+ netflow_inspector_pinit,
nullptr, //pterm
nullptr, // pre-config tinit
nullptr, // pre-config tterm
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2022-2022 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// netflow.h author Michael Matirko <mmatirkoe@cisco.com>
+
+#ifndef NETFLOW_H
+#define NETFLOW_H
+
+#include <unordered_map>
+#include <vector>
+
+#include "flow/flow_data.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "utils/util.h"
+
+#include "netflow_cache.cc"
+#include "netflow_record.h"
+
+THREAD_LOCAL NetFlowStats netflow_stats;
+THREAD_LOCAL snort::ProfileStats netflow_perf_stats;
+
+// Used to ensure we fully populate the record; can't rely on the actual values being zero
+struct RecordStatus
+{
+ bool src = false;
+ bool dst = false;
+ bool first = false;
+ bool last = false;
+ bool src_tos = false;
+ bool dst_tos = false;
+ bool bytes_sent = false;
+ bool packets_sent = false;
+};
+
+// temporary cache required to dump the output
+typedef std::pair<snort::SfIp, NetFlowSessionRecord> IpRecord;
+typedef std::vector<IpRecord> DumpCache;
+static DumpCache* dump_cache = nullptr;
+
+struct IpCompare
+{
+ bool operator()(const IpRecord& a, const IpRecord& b)
+ { return a.first.less_than(b.first); }
+};
+
+static std::unordered_map<int, int>* udp_srv_map = nullptr;
+static std::unordered_map<int, int>* tcp_srv_map = nullptr;
+
+#endif
projects / thirdparty / snort3.git / commitdiff
