From acb23221e2372aa9a23cbfae6525ebbb37f9646c Mon Sep 17 00:00:00 2001
From: Alfredo Cardigliano <cardigliano@ntop.org>
Date: Wed, 29 Apr 2020 09:35:27 +0000
Subject: [PATCH] Add support for SRC_AS DST_AS BGP_NEXT_ADJACENT_ASN
 BGP_PREV_ADJACENT_ASN information elements

---
 include/ParsedFlowCore.h   |  1 +
 include/ntop_flow.h        |  2 ++
 src/ParsedFlowCore.cpp     |  9 ++++++++-
 src/ZMQParserInterface.cpp | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/include/ParsedFlowCore.h b/include/ParsedFlowCore.h
index e897c2a0b3..2f4c2015a8 100644
--- a/include/ParsedFlowCore.h
+++ b/include/ParsedFlowCore.h
@@ -40,6 +40,7 @@ class ParsedFlowCore {
   u_int32_t in_pkts, in_bytes, out_pkts, out_bytes, vrfId;
   u_int32_t in_fragments, out_fragments;
   u_int8_t absolute_packet_octet_counters;
+  u_int32_t src_as, dst_as, prev_adjacent_as, next_adjacent_as;
   struct {
     u_int8_t tcp_flags, client_tcp_flags, server_tcp_flags;
     u_int32_t ooo_in_pkts, ooo_out_pkts;
diff --git a/include/ntop_flow.h b/include/ntop_flow.h
index 63b59287f9..14c6a8b488 100644
--- a/include/ntop_flow.h
+++ b/include/ntop_flow.h
@@ -117,6 +117,8 @@
 #define PACKET_SECTION_OFFSET   102
 #define SAMPLED_PACKET_SIZE   103
 #define SAMPLED_PACKET_ID   104
+#define BGP_NEXT_ADJACENT_ASN 128
+#define BGP_PREV_ADJACENT_ASN 129
 #define EXPORTER_IPV4_ADDRESS   130
 #define EXPORTER_IPV6_ADDRESS   131
 #define FLOW_ID   148
diff --git a/src/ParsedFlowCore.cpp b/src/ParsedFlowCore.cpp
index 98bcbf3e22..ff08ba30c9 100644
--- a/src/ParsedFlowCore.cpp
+++ b/src/ParsedFlowCore.cpp
@@ -42,6 +42,7 @@ ParsedFlowCore::ParsedFlowCore() {
   memset(&tcp, 0, sizeof(tcp));
   first_switched = last_switched = 0;
   direction = source_id = 0;
+  src_as = dst_as = prev_adjacent_as = next_adjacent_as = 0;
 }
 
 /* *************************************** */
@@ -67,6 +68,8 @@ ParsedFlowCore::ParsedFlowCore(const ParsedFlowCore &pfc) {
   first_switched = pfc.first_switched, last_switched = pfc.last_switched;
   direction = pfc.direction;
   source_id = pfc.source_id;
+  src_as = pfc.src_as, dst_as = pfc.dst_as;
+  prev_adjacent_as = pfc.prev_adjacent_as, next_adjacent_as = pfc.next_adjacent_as;
 }
 
 /* *************************************** */
@@ -85,7 +88,8 @@ void ParsedFlowCore::swap() {
   u_int8_t tmp_tcp_flags;
   u_int32_t tmp_ooo_pkts, tmp_retr_pkts, tmp_lost_pkts;
   struct timeval tmp_nw_latency;
-
+  u_int32_t tmp_src_as, tmp_prev_adjacent_as;
+  
   memcpy(&tmp_mac, &src_mac, sizeof(tmp_mac));
   tmp_ip.set(&src_ip);
   tmp_port = src_port, tmp_index = inIndex;
@@ -94,6 +98,7 @@ void ParsedFlowCore::swap() {
   tmp_tcp_flags = tcp.client_tcp_flags;
   tmp_ooo_pkts = tcp.ooo_in_pkts, tmp_retr_pkts = tcp.retr_in_pkts, tmp_lost_pkts = tcp.lost_in_pkts;
   memcpy(&tmp_nw_latency, &tcp.clientNwLatency, sizeof(tcp.clientNwLatency));
+  tmp_src_as = src_as, tmp_prev_adjacent_as = prev_adjacent_as;
 
   memcpy(&src_mac, &dst_mac, sizeof(src_mac));
   src_ip.set(&dst_ip);
@@ -103,6 +108,7 @@ void ParsedFlowCore::swap() {
   tcp.client_tcp_flags = tcp.server_tcp_flags;
   tcp.ooo_in_pkts = tcp.ooo_out_pkts, tcp.retr_in_pkts = tcp.retr_out_pkts, tcp.lost_in_pkts = tcp.lost_out_pkts;
   memcpy(&tcp.clientNwLatency, &tcp.serverNwLatency, sizeof(tcp.clientNwLatency));
+  src_as = dst_as, prev_adjacent_as = next_adjacent_as;
 
   memcpy(&dst_mac, &tmp_mac, sizeof(dst_mac));
   dst_ip.set(&tmp_ip);
@@ -112,6 +118,7 @@ void ParsedFlowCore::swap() {
   tcp.server_tcp_flags = tmp_tcp_flags;
   tcp.ooo_out_pkts = tmp_ooo_pkts, tcp.retr_out_pkts = tmp_retr_pkts, tcp.lost_out_pkts = tmp_lost_pkts;
   memcpy(&tcp.serverNwLatency, &tmp_nw_latency, sizeof(tcp.serverNwLatency));
+  dst_as = tmp_src_as, next_adjacent_as = tmp_prev_adjacent_as;
 }
 
 /* *************************************** */
diff --git a/src/ZMQParserInterface.cpp b/src/ZMQParserInterface.cpp
index 5468efb780..1bca0dde8d 100755
--- a/src/ZMQParserInterface.cpp
+++ b/src/ZMQParserInterface.cpp
@@ -87,6 +87,10 @@ ZMQParserInterface::ZMQParserInterface(const char *endpoint, const char *custom_
   addMapping("IPV4_SRC_MASK", IPV4_SRC_MASK);
   addMapping("IPV4_DST_MASK", IPV4_DST_MASK);
   addMapping("IPV4_NEXT_HOP", IPV4_NEXT_HOP);
+  addMapping("SRC_AS", SRC_AS);
+  addMapping("DST_AS", DST_AS);
+  addMapping("BGP_NEXT_ADJACENT_ASN", BGP_NEXT_ADJACENT_ASN);
+  addMapping("BGP_PREV_ADJACENT_ASN", BGP_PREV_ADJACENT_ASN);
   addMapping("OOORDER_IN_PKTS", OOORDER_IN_PKTS, NTOP_PEN);
   addMapping("OOORDER_OUT_PKTS", OOORDER_OUT_PKTS, NTOP_PEN);
   addMapping("RETRANSMITTED_IN_PKTS", RETRANSMITTED_IN_PKTS, NTOP_PEN);
@@ -484,6 +488,18 @@ bool ZMQParserInterface::parsePENZeroField(ParsedFlow * const flow, u_int32_t fi
     if(strcmp(value->string, "0.0.0.0"))
       return false;
     break;
+  case SRC_AS:
+    flow->src_as = value->int_num;
+    break;
+  case DST_AS:
+    flow->dst_as = value->int_num;
+    break;
+  case BGP_NEXT_ADJACENT_ASN:
+    flow->next_adjacent_as = value->int_num;
+    break;
+  case BGP_PREV_ADJACENT_ASN:
+    flow->prev_adjacent_as = value->int_num;
+    break;
   default:
     ntop->getTrace()->traceEvent(TRACE_INFO, "Skipping no-PEN flow fieldId %u", field);
     return false;
@@ -736,6 +752,22 @@ bool ZMQParserInterface::matchPENZeroField(ParsedFlow * const flow, u_int32_t fi
     if (value->string) return (flow->vrfId == (u_int) atoi(value->string));
     else return (flow->vrfId == value->int_num);
 
+  case SRC_AS:
+    if (value->string) return (flow->src_as == (u_int32_t) atoi(value->string));
+    else return (flow->src_as == value->int_num);
+
+  case DST_AS:
+    if (value->string) return (flow->dst_as == (u_int32_t) atoi(value->string));
+    else return (flow->dst_as == value->int_num);
+
+  case BGP_NEXT_ADJACENT_ASN:
+    if (value->string) return (flow->next_adjacent_as == (u_int32_t) atoi(value->string));
+    else return (flow->next_adjacent_as == value->int_num);
+
+  case BGP_PREV_ADJACENT_ASN:
+    if (value->string) return (flow->prev_adjacent_as == (u_int32_t) atoi(value->string));
+    else return (flow->prev_adjacent_as == value->int_num);
+
   default:
     ntop->getTrace()->traceEvent(TRACE_INFO, "Skipping no-PEN flow fieldId %u", field);
     break;