CESNET · hynekkar · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024
diff --git a/input/parser.cpp b/input/parser.cpp
@@ -503,7 +503,9 @@ inline uint16_t parse_tcp_hdr(const u_char *data_ptr, uint16_t data_len, Packet
       uint8_t opt_len = (opt_kind <= 1 ? 1 : *(opt_ptr + 1));
       DEBUG_MSG("\t\t%u: len=%u\n", opt_kind, opt_len);
 
-      pkt->tcp_options |= ((uint64_t) 1 << opt_kind);
+      // according to ipfix standard, tcp option flags are reversed from the bit indices in each byte
+      // see https://www.iana.org/assignments/ipfix/ipfix.xhtml, entity no. 209 - tcpOptions
+      pkt->tcp_options |= uint64_t(1) << ((opt_kind & 0xF8) + (0x07 - (opt_kind&0x07)));
       if (opt_kind == 0x00) {
          break;
       } else if (opt_kind == 0x02) {

diff --git a/process/basicplus.cpp b/process/basicplus.cpp
@@ -93,10 +93,11 @@ int BASICPLUSPlugin::pre_update(Flow &rec, Packet &pkt)
       p->ip_ttl[1]  = pkt.ip_ttl;
       p->ip_flg[1]  = pkt.ip_flags;
       p->tcp_mss[1] = pkt.tcp_mss;
-      p->tcp_opt[1] = pkt.tcp_options;
       p->tcp_win[1] = pkt.tcp_window;
       p->dst_filled = true;
    }
+   // update tcp options mask across the tcp flow
+   p->tcp_opt[dir] |= pkt.tcp_options;
    return 0;
 }
 

diff --git a/tests/functional/reference/basicplus b/tests/functional/reference/basicplus
@@ -1,10 +1,10 @@
-54.175.219.8,192.168.0.30,131,4074,0,258,258,2016-04-07T18:23:33.012019,2016-04-07T18:23:33.158195,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,2,0,0,80,44338,0,229,280,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,137,305,0,258,258,2016-04-07T18:23:31.194983,2016-04-07T18:23:31.405022,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44328,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,190,12692,0,258,258,2016-04-07T18:23:31.967204,2016-04-07T18:23:32.139824,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,6,0,0,80,44332,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,194,477,0,258,258,2016-04-07T18:23:32.672966,2016-04-07T18:23:32.841347,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44336,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,195,595,0,258,258,2016-04-07T18:23:33.331016,2016-04-07T18:23:33.554300,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44340,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,199,8564,0,258,258,2016-04-07T18:23:34.353031,2016-04-07T18:23:34.496023,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,5,0,0,80,44344,0,229,279,0,2,2,64,41,6,24,24
-54.175.222.246,192.168.0.30,130,459,0,258,258,2016-04-07T18:23:32.300116,2016-04-07T18:23:32.535279,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44586,0,229,280,0,2,2,64,41,6,24,24
-54.175.222.246,192.168.0.30,138,0,0,258,0,2016-04-07T18:23:31.598243,2016-04-07T18:23:31.598243,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,0,0,0,80,44582,0,229,0,0,2,0,64,0,6,24,0
-54.175.222.246,192.168.0.30,200,36844,0,258,258,2016-04-07T18:23:33.713573,2016-04-07T18:23:34.034665,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,20,0,0,80,44594,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,131,4074,0,32832,32832,2016-04-07T18:23:33.012019,2016-04-07T18:23:33.158195,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,2,0,0,80,44338,0,229,280,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,137,305,0,32832,32832,2016-04-07T18:23:31.194983,2016-04-07T18:23:31.405022,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44328,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,190,12692,0,32832,32832,2016-04-07T18:23:31.967204,2016-04-07T18:23:32.139824,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,6,0,0,80,44332,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,194,477,0,32832,32832,2016-04-07T18:23:32.672966,2016-04-07T18:23:32.841347,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44336,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,195,595,0,32832,32832,2016-04-07T18:23:33.331016,2016-04-07T18:23:33.554300,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44340,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,199,8564,0,32832,32832,2016-04-07T18:23:34.353031,2016-04-07T18:23:34.496023,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,5,0,0,80,44344,0,229,279,0,2,2,64,41,6,24,24
+54.175.222.246,192.168.0.30,130,459,0,32832,32832,2016-04-07T18:23:32.300116,2016-04-07T18:23:32.535279,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44586,0,229,280,0,2,2,64,41,6,24,24
+54.175.222.246,192.168.0.30,138,0,0,32832,0,2016-04-07T18:23:31.598243,2016-04-07T18:23:31.598243,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,0,0,0,80,44582,0,229,0,0,2,0,64,0,6,24,0
+54.175.222.246,192.168.0.30,200,36844,0,32832,32832,2016-04-07T18:23:33.713573,2016-04-07T18:23:34.034665,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,20,0,0,80,44594,0,229,279,0,2,2,64,41,6,24,24
 ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,uint64 TCP_OPT,uint64 TCP_OPT_REV,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint32 TCP_MSS,uint32 TCP_MSS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint16 TCP_SYN_SIZE,uint16 TCP_WIN,uint16 TCP_WIN_REV,uint8 DIR_BIT_FIELD,uint8 IP_FLG,uint8 IP_FLG_REV,uint8 IP_TTL,uint8 IP_TTL_REV,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV