constcast
/
vermont
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

copied branch vermont-dynamic-config@r2113 to trunk 

git-svn-id: file:///Users/braun/svn/vermont/trunk/vermont@2115 aef3b71b-58ee-0310-9ba9-8811b9f0742f
master
limmer 2009-06-23 17:09:49 +00:00
parent d6886176bd
commit 78ba659249
520 changed files with 35681 additions and 18289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

935
.cproject
View File

@ -1,935 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?>
<cproject>
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="cdt.managedbuild.config.gnu.exe.debug.1251998143">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.exe.debug.1251998143" moduleId="org.eclipse.cdt.core.settings" name="Debug">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactExtension="" artifactName="vermont" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="rm -rf" description="" id="cdt.managedbuild.config.gnu.exe.debug.1251998143" name="Debug" parent="cdt.managedbuild.config.gnu.exe.debug" postannouncebuildStep="" postbuildStep="" preannouncebuildStep="" prebuildStep="">
<folderInfo id="cdt.managedbuild.config.gnu.exe.debug.1251998143." name="/" resourcePath="">
<toolChain id="cdt.managedbuild.toolchain.gnu.exe.debug.47694596" name="Linux GCC" superClass="cdt.managedbuild.toolchain.gnu.exe.debug">
<targetPlatform id="cdt.managedbuild.target.gnu.platform.exe.debug.1624941896" name="Debug Platform" superClass="cdt.managedbuild.target.gnu.platform.exe.debug"/>
<builder arguments="" autoBuildTarget="all" buildPath="${workspace_loc:/vermont}" cleanBuildTarget="clean" command="make" enableAutoBuild="true" enableCleanBuild="true" enabledIncrementalBuild="true" id="cdt.managedbuild.target.gnu.builder.exe.debug.957107736" incrementalBuildTarget="all" keepEnvironmentInBuildfile="false" managedBuildOn="false" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="16" superClass="cdt.managedbuild.target.gnu.builder.exe.debug"/>
<tool id="cdt.managedbuild.tool.gnu.archiver.base.299534257" name="GCC Archiver" superClass="cdt.managedbuild.tool.gnu.archiver.base"/>
<tool id="cdt.managedbuild.tool.gnu.cpp.compiler.exe.debug.1898448878" name="GCC C++ Compiler" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.exe.debug">
<option id="gnu.cpp.compiler.exe.debug.option.optimization.level.813553410" name="Optimization Level" superClass="gnu.cpp.compiler.exe.debug.option.optimization.level" value="gnu.cpp.compiler.optimization.level.none" valueType="enumerated"/>
<option id="gnu.cpp.compiler.exe.debug.option.debugging.level.727856535" name="Debug Level" superClass="gnu.cpp.compiler.exe.debug.option.debugging.level" value="gnu.cpp.compiler.debugging.level.max" valueType="enumerated"/>
<option id="gnu.cpp.compiler.option.include.paths.18915410" name="Include paths (-I)" superClass="gnu.cpp.compiler.option.include.paths" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/vermont}&quot;"/>
<listOptionValue builtIn="false" value="/usr/include/libxml2"/>
<listOptionValue builtIn="false" value="/usr/include"/>
</option>
<inputType id="cdt.managedbuild.tool.gnu.cpp.compiler.input.1797039793" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.c.compiler.exe.debug.612123382" name="GCC C Compiler" superClass="cdt.managedbuild.tool.gnu.c.compiler.exe.debug">
<option defaultValue="gnu.c.optimization.level.none" id="gnu.c.compiler.exe.debug.option.optimization.level.186878245" name="Optimization Level" superClass="gnu.c.compiler.exe.debug.option.optimization.level" valueType="enumerated"/>
<option id="gnu.c.compiler.exe.debug.option.debugging.level.1759660860" name="Debug Level" superClass="gnu.c.compiler.exe.debug.option.debugging.level" value="gnu.c.debugging.level.max" valueType="enumerated"/>
<inputType id="cdt.managedbuild.tool.gnu.c.compiler.input.1113570563" superClass="cdt.managedbuild.tool.gnu.c.compiler.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.c.linker.exe.debug.1783243397" name="GCC C Linker" superClass="cdt.managedbuild.tool.gnu.c.linker.exe.debug"/>
<tool id="cdt.managedbuild.tool.gnu.cpp.linker.exe.debug.1345188485" name="GCC C++ Linker" superClass="cdt.managedbuild.tool.gnu.cpp.linker.exe.debug">
<inputType id="cdt.managedbuild.tool.gnu.cpp.linker.input.1647204913" superClass="cdt.managedbuild.tool.gnu.cpp.linker.input">
<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
<additionalInput kind="additionalinput" paths="$(LIBS)"/>
</inputType>
</tool>
<tool id="cdt.managedbuild.tool.gnu.assembler.exe.debug.1812427071" name="GCC Assembler" superClass="cdt.managedbuild.tool.gnu.assembler.exe.debug">
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.1033177449" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
<storageModule moduleId="org.eclipse.cdt.core.language.mapping"/>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1251998143;cdt.managedbuild.config.gnu.exe.debug.1251998143.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.612123382;cdt.managedbuild.tool.gnu.c.compiler.input.1113570563">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1270526306;cdt.managedbuild.config.gnu.exe.release.1270526306.;cdt.managedbuild.tool.gnu.cpp.compiler.exe.release.296705285;cdt.managedbuild.tool.gnu.cpp.compiler.input.61225976">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1251998143;cdt.managedbuild.config.gnu.exe.debug.1251998143.;cdt.managedbuild.tool.gnu.cpp.compiler.exe.debug.1898448878;cdt.managedbuild.tool.gnu.cpp.compiler.input.1797039793">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1270526306;cdt.managedbuild.config.gnu.exe.release.1270526306.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.681074039;cdt.managedbuild.tool.gnu.c.compiler.input.1775617454">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
</storageModule>
</cconfiguration>
<cconfiguration id="cdt.managedbuild.config.gnu.exe.release.1270526306">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.config.gnu.exe.release.1270526306" moduleId="org.eclipse.cdt.core.settings" name="Release">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="vermont" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.release,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="rm -rf" description="" id="cdt.managedbuild.config.gnu.exe.release.1270526306" name="Release" parent="cdt.managedbuild.config.gnu.exe.release">
<folderInfo id="cdt.managedbuild.config.gnu.exe.release.1270526306." name="/" resourcePath="">
<toolChain id="cdt.managedbuild.toolchain.gnu.exe.release.1398931065" name="Linux GCC" superClass="cdt.managedbuild.toolchain.gnu.exe.release">
<targetPlatform id="cdt.managedbuild.target.gnu.platform.exe.release.788370759" name="Debug Platform" superClass="cdt.managedbuild.target.gnu.platform.exe.release"/>
<builder buildPath="${workspace_loc:/vermont/Release}" id="cdt.managedbuild.target.gnu.builder.exe.release.238026715" managedBuildOn="true" name="Gnu Make Builder.Release" superClass="cdt.managedbuild.target.gnu.builder.exe.release"/>
<tool id="cdt.managedbuild.tool.gnu.archiver.base.500126339" name="GCC Archiver" superClass="cdt.managedbuild.tool.gnu.archiver.base"/>
<tool id="cdt.managedbuild.tool.gnu.cpp.compiler.exe.release.296705285" name="GCC C++ Compiler" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.exe.release">
<option id="gnu.cpp.compiler.exe.release.option.optimization.level.157533968" superClass="gnu.cpp.compiler.exe.release.option.optimization.level" value="gnu.cpp.compiler.optimization.level.most" valueType="enumerated"/>
<option id="gnu.cpp.compiler.exe.release.option.debugging.level.537512712" superClass="gnu.cpp.compiler.exe.release.option.debugging.level" value="gnu.cpp.compiler.debugging.level.none" valueType="enumerated"/>
<inputType id="cdt.managedbuild.tool.gnu.cpp.compiler.input.61225976" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.c.compiler.exe.release.681074039" name="GCC C Compiler" superClass="cdt.managedbuild.tool.gnu.c.compiler.exe.release">
<option defaultValue="gnu.c.optimization.level.most" id="gnu.c.compiler.exe.release.option.optimization.level.2041466484" superClass="gnu.c.compiler.exe.release.option.optimization.level" valueType="enumerated"/>
<option id="gnu.c.compiler.exe.release.option.debugging.level.1385458536" superClass="gnu.c.compiler.exe.release.option.debugging.level" value="gnu.c.debugging.level.none" valueType="enumerated"/>
<inputType id="cdt.managedbuild.tool.gnu.c.compiler.input.1775617454" superClass="cdt.managedbuild.tool.gnu.c.compiler.input"/>
</tool>
<tool id="cdt.managedbuild.tool.gnu.c.linker.exe.release.197941090" name="GCC C Linker" superClass="cdt.managedbuild.tool.gnu.c.linker.exe.release"/>
<tool id="cdt.managedbuild.tool.gnu.cpp.linker.exe.release.1181241027" name="GCC C++ Linker" superClass="cdt.managedbuild.tool.gnu.cpp.linker.exe.release">
<inputType id="cdt.managedbuild.tool.gnu.cpp.linker.input.193575813" superClass="cdt.managedbuild.tool.gnu.cpp.linker.input">
<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
<additionalInput kind="additionalinput" paths="$(LIBS)"/>
</inputType>
</tool>
<tool id="cdt.managedbuild.tool.gnu.assembler.exe.release.1182956309" name="GCC Assembler" superClass="cdt.managedbuild.tool.gnu.assembler.exe.release">
<inputType id="cdt.managedbuild.tool.gnu.assembler.input.564448259" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.language.mapping"/>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1251998143;cdt.managedbuild.config.gnu.exe.debug.1251998143.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.612123382;cdt.managedbuild.tool.gnu.c.compiler.input.1113570563">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1270526306;cdt.managedbuild.config.gnu.exe.release.1270526306.;cdt.managedbuild.tool.gnu.cpp.compiler.exe.release.296705285;cdt.managedbuild.tool.gnu.cpp.compiler.input.61225976">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1251998143;cdt.managedbuild.config.gnu.exe.debug.1251998143.;cdt.managedbuild.tool.gnu.cpp.compiler.exe.debug.1898448878;cdt.managedbuild.tool.gnu.cpp.compiler.input.1797039793">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1270526306;cdt.managedbuild.config.gnu.exe.release.1270526306.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.681074039;cdt.managedbuild.tool.gnu.c.compiler.input.1775617454">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC"/>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileCPP">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.cpp" command="g++" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.managedbuilder.core.GCCWinManagedMakePerProjectProfileC">
<buildOutputProvider>
<openAction enabled="false" filePath=""/>
<parser enabled="false"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/specs.c" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerProjectProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="specsFile">
<runAction arguments="-E -P -v -dD ${plugin_state_location}/${specs_file}" command="gcc" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
<profile id="org.eclipse.cdt.make.core.GCCStandardMakePerFileProfile">
<buildOutputProvider>
<openAction enabled="true" filePath=""/>
<parser enabled="true"/>
</buildOutputProvider>
<scannerInfoProvider id="makefileGenerator">
<runAction arguments="-f ${project_name}_scd.mk" command="make" useDefault="true"/>
<parser enabled="true"/>
</scannerInfoProvider>
</profile>
</scannerConfigBuildInfo>
</storageModule>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="vermont.cdt.managedbuild.target.gnu.exe.1934038238" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
</storageModule>
</cproject>

81
.project
View File

@ -1,81 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>vermont</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<arguments>
<dictionary>
<key>org.eclipse.cdt.make.core.cleanBuildTarget</key>
<value>clean</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.enableCleanBuild</key>
<value>true</value>
</dictionary>
<dictionary>
<key>?name?</key>
<value></value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.append_environment</key>
<value>true</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.stopOnError</key>
<value>true</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.buildCommand</key>
<value>make</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.contents</key>
<value>org.eclipse.cdt.make.core.activeConfigSettings</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.buildLocation</key>
<value>${workspace_loc:/vermont}</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.useDefaultBuildCmd</key>
<value>false</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.enableAutoBuild</key>
<value>true</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.enableFullBuild</key>
<value>true</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.buildArguments</key>
<value>-j16</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.fullBuildTarget</key>
<value>all</value>
</dictionary>
<dictionary>
<key>org.eclipse.cdt.make.core.autoBuildTarget</key>
<value>all</value>
</dictionary>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.core.cnature</nature>
</natures>
</projectDescription>

319
CMakeLists.txt
View File

@ -1,319 +0,0 @@
#
# VERMONT build scripts for CMake
# Copyright (C) 2007 Christoph Sommer <christoph.sommer@informatik.uni-erlangen.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
PROJECT(VERMONT)
### CMake configuration
# allow building with old CMake. Use some bundled modules as a fallback
CMAKE_MINIMUM_REQUIRED(VERSION 2.3.5)
SET(CMAKE_MODULE_PATH ${CMAKE_ROOT}/Modules ${CMAKE_SOURCE_DIR}/cmake/modules)
# move some config clutter to the advanced section
MARK_AS_ADVANCED(
CMAKE_BACKWARDS_COMPATIBILITY
CMAKE_BUILD_TYPE
CMAKE_INSTALL_PREFIX
EXECUTABLE_OUTPUT_PATH
LIBRARY_OUTPUT_PATH
)
### basic modules
SUBDIRS(common concentrator ipfixlolib sampler)
ADD_EXECUTABLE(vermont
collector_configuration.cc
exporter_configuration.cc
pcapexporter_configuration.cc
metering_configuration.cc
observer_configuration.cc
vermont.cc
ipfix_configuration.cc
vermontmain_configuration.cc
packetselection_configuration.cc
packetreporting_configuration.cc
flowmetering_configuration.cc
dbwriter_configuration.cc
dbreader_configuration.cc
)
INCLUDE_DIRECTORIES(${VERMONT_SOURCE_DIR})
INCLUDE_DIRECTORIES(${VERMONT_SOURCE_DIR}/common)
INCLUDE_DIRECTORIES(${VERMONT_SOURCE_DIR}/concentrator)
INCLUDE_DIRECTORIES(${VERMONT_SOURCE_DIR}/ipfixlolib)
INCLUDE_DIRECTORIES(${VERMONT_SOURCE_DIR}/sampler)
TARGET_LINK_LIBRARIES(vermont
concentrator
sampler
ipfixlolib
common
)
INSTALL(TARGETS vermont
RUNTIME DESTINATION bin
)
INSTALL(FILES README CONFIGURATION LICENSE
DESTINATION share/doc/vermont
)
INSTALL(FILES ipfix-config-schema.xsd
DESTINATION share/vermont
)
# INSTALL(DIRECTORY requires cmake 2.5
#INSTALL(DIRECTORY configs/
# DESTINATION share/vermont/configs
# PATTERN ".svn" EXCLUDE
#)
### doxygen
FIND_PACKAGE(Doxygen REQUIRED)
### threads
FIND_PACKAGE(Threads REQUIRED)
TARGET_LINK_LIBRARIES(vermont
${CMAKE_THREAD_LIBS_INIT}
)
### boost
FIND_PACKAGE(Boost REQUIRED)
MARK_AS_ADVANCED(
Boost_INCLUDE_DIR
Boost_REGEX_LIBRARY
Boost_FILESYSTEM_LIBRARY
Boost_UNIT_TEST_FRAMEWORK_LIBRARY
)
IF (Boost_FOUND)
MESSAGE(STATUS "Found boost libraries")
ADD_DEFINITIONS(-DHAVE_BOOST_FILESYSTEM)
INCLUDE_DIRECTORIES(${Boost_INCLUDE_DIRS})
FIND_LIBRARY(Boost_REGEX_LIBRARY NAMES boost_regex-mt boost_regex PATHS ${Boost_LIBRARY_DIRS})
IF (NOT Boost_REGEX_LIBRARY)
MESSAGE(FATAL_ERROR "Could not find boost regex library")
ENDIF(NOT Boost_REGEX_LIBRARY)
FIND_LIBRARY(Boost_FILESYSTEM_LIBRARY NAMES boost_filesystem-mt boost_filesystem PATHS ${Boost_LIBRARY_DIRS})
IF (NOT Boost_FILESYSTEM_LIBRARY)
MESSAGE(FATAL_ERROR "Could not find boost filesystem library")
ENDIF(NOT Boost_FILESYSTEM_LIBRARY)
FIND_LIBRARY(Boost_UNIT_TEST_FRAMEWORK_LIBRARY NAMES boost_unit_test_framework-mt boost_unit_test_framework PATHS ${Boost_LIBRARY_DIRS})
IF (NOT Boost_UNIT_TEST_FRAMEWORK_LIBRARY)
MESSAGE(FATAL_ERROR "Could not find boost unit test framework")
ENDIF (NOT Boost_UNIT_TEST_FRAMEWORK_LIBRARY)
TARGET_LINK_LIBRARIES(vermont
${Boost_REGEX_LIBRARY}
${Boost_FILESYSTEM_LIBRARY}
)
ELSE (Boost_FOUND)
MESSAGE(FATAL_ERROR "Could not find boost libraries")
REMOVE_DEFINITIONS(-DHAVE_BOOST_FILESYSTEM)
ENDIF (Boost_FOUND)
### libxml2
FIND_PACKAGE(LibXml2 REQUIRED)
MARK_AS_ADVANCED(
LIBXML2_INCLUDE_DIR
LIBXML2_LIBRARIES
)
IF (LIBXML2_INCLUDE_DIR AND LIBXML2_LIBRARIES)
MESSAGE(STATUS "Found libxml2 libraries")
INCLUDE_DIRECTORIES(${LIBXML2_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(vermont
${LIBXML2_LIBRARIES}
)
ELSE (LIBXML2_INCLUDE_DIR AND LIBXML2_LIBRARIES)
MESSAGE(FATAL_ERROR "Could not find libxml2 libraries")
ENDIF (LIBXML2_INCLUDE_DIR AND LIBXML2_LIBRARIES)
### debug
OPTION(DEBUG "Enable debug code. Vermont will run significantly slower if enabled." OFF)
IF (DEBUG)
message(STATUS "Configuring build process for debug version")
REMOVE_DEFINITIONS(-O3)
ADD_DEFINITIONS(-O0 -g -pg -Wall -Werror -DDEBUG)
SET_TARGET_PROPERTIES(vermont PROPERTIES LINK_FLAGS "-g -pg")
ELSE (DEBUG)
REMOVE_DEFINITIONS(-O0 -g -pg -Wall -Werror -DDEBUG)
ADD_DEFINITIONS(-O3)
SET_TARGET_PROPERTIES(vermont PROPERTIES LINK_FLAGS "")
ENDIF (DEBUG)
### IP_HEADER_OFFSET
SET(IP_HEADER_OFFSET 14 CACHE STRING "Start position of the IP header in an ethernet frame in Bytes. This value needs to be adjusted according to the network monitored. The default value is 14 for ethernet devices. Other common values are 4 (BSD loop back device) and 18 (Ethernet VLAN)")
ADD_DEFINITIONS(-DIP_HEADER_OFFSET=${IP_HEADER_OFFSET})
### PCAP_MAX_CAPTURE_LENGTH
SET(PCAP_MAX_CAPTURE_LENGTH 128 CACHE STRING "Maximum PCAP packet capture length (this amount of bytes is always allocated for each packet, the smaller the better!)")
ADD_DEFINITIONS(-DPCAP_MAX_CAPTURE_LENGTH=${PCAP_MAX_CAPTURE_LENGTH})
### SUPPORT_NETFLOWV9
OPTION(SUPPORT_NETFLOWV9 "Enable NetFlow version 9 support" ON)
IF (SUPPORT_NETFLOWV9)
ADD_DEFINITIONS(-DSUPPORT_NETFLOWV9)
ELSE (SUPPORT_NETFLOWV9)
REMOVE_DEFINITIONS(-DSUPPORT_NETFLOWV9)
ENDIF (SUPPORT_NETFLOWV9)
### MySQL
OPTION(SUPPORT_MYSQL "Enable dbwriter/dbreader support" ON)
IF (SUPPORT_MYSQL)
FIND_PACKAGE(MySQL REQUIRED)
MARK_AS_ADVANCED(
MYSQL_ADD_INCLUDE_DIR
MYSQL_ADD_LIBRARY
MYSQL_CONFIG
MYSQL_CONFIG_PREFER_PATH
)
IF (NOT MYSQL_FOUND)
MESSAGE(STATUS "Could not find MySQL libraries. Disabling dbwriter/dbreader support.")
ENDIF (NOT MYSQL_FOUND)
ENDIF (SUPPORT_MYSQL)
IF (MYSQL_FOUND)
MESSAGE(STATUS "Found MySQL libraries")
ADD_DEFINITIONS(-DDB_SUPPORT_ENABLED)
INCLUDE_DIRECTORIES(${MYSQL_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(vermont
${MYSQL_LIBRARIES}
)
ELSE (MYSQL_FOUND)
REMOVE_DEFINITIONS(-DDB_SUPPORT_ENABLED)
ENDIF (MYSQL_FOUND)
### libpcap-mmap
OPTION(USE_PCAPMMAP "Use libpcap-mmap." OFF)
MARK_AS_ADVANCED(
PCAP_LIBRARY_REGULAR
PCAP_LIBRARY_MMAP
)
IF (USE_PCAPMMAP)
FIND_LIBRARY(PCAP_LIBRARY_MMAP NAMES pcap pcap-mmap PATHS ${VERMONT_SOURCE_DIR} ${VERMONT_SOURCE_DIR}/../libpcap-mmap ${VERMONT_SOURCE_DIR}/../../../trunk/libpcap-mmap NO_DEFAULT_PATH)
SET(PCAP_LIBRARY "${PCAP_LIBRARY_MMAP}")
IF (PCAP_LIBRARY_MMAP)
SET(PCAP_LIBRARY "${PCAP_LIBRARY_MMAP}")
ELSE (PCAP_LIBRARY_MMAP)
MESSAGE(FATAL_ERROR "Could not find libpcap-mmap")
ENDIF (PCAP_LIBRARY_MMAP)
ELSE (USE_PCAPMMAP)
FIND_LIBRARY(PCAP_LIBRARY_REGULAR NAMES pcap)
IF (PCAP_LIBRARY_REGULAR)
SET(PCAP_LIBRARY "${PCAP_LIBRARY_REGULAR}")
ELSE (PCAP_LIBRARY_REGULAR)
MESSAGE(FATAL_ERROR "Could not find libpcap")
ENDIF (PCAP_LIBRARY_REGULAR)
ENDIF (USE_PCAPMMAP)
TARGET_LINK_LIBRARIES(vermont ${PCAP_LIBRARY})
### sctp
OPTION(SUPPORT_SCTP "Support SCTP transport protocol" ON)
IF (SUPPORT_SCTP)
FIND_PACKAGE(Sctp REQUIRED)
MARK_AS_ADVANCED(
SCTP_LIBRARIES
SCTP_INCLUDE_DIR
)
ADD_DEFINITIONS(-DSUPPORT_SCTP)
ELSE (SUPPORT_SCTP)
REMOVE_DEFINITIONS(-DSUPPORT_SCTP)
ENDIF (SUPPORT_SCTP)
### connection filter
OPTION(CONNECTION_FILTER "Enables/disables the connection filter." ON)
IF (CONNECTION_FILTER)
ADD_DEFINITIONS(-DHAVE_CONNECTION_FILTER)
ENDIF(CONNECTION_FILTER)
### gsl
OPTION(USE_GSL "Enables/disables GSL in connectionflter." ON)
IF (CONNECTION_FILTER AND NOT USE_GSL)
MESSAGE(FATAL_ERROR "GSL is needed for Connectionfilter at the moment.
You cannot have -DCONNECTION_FILTER=ON and -DUSE_GSL=OFF")
ENDIF (CONNECTION_FILTER AND NOT USE_GSL)
IF (USE_GSL)
FIND_PACKAGE(GSL)
MARK_AS_ADVANCED(
GSL_INCLUDE_DIR
GSL_LIBRARIES
GSL_LIBRARY
BLAS_LIBRARY
)
IF (GSL_FOUND)
MESSAGE(STATUS "GNU scientific library found")
ELSE (GSL_FOUND)
MESSAGE(FATAL_ERROR "GNU scientific library not found. Please
install the library or use -DCONNECTION_FILTER=OFF")
ENDIF (GSL_FOUND)
ADD_DEFINITIONS(-DHAVE_GSL)
TARGET_LINK_LIBRARIES(vermont ${GSL_LIBRARIES})
ENDIF (USE_GSL)
### tools
OPTION(WITH_TOOLS "Build misc tools." ON)
IF (WITH_TOOLS)
SUBDIRS(tools)
ELSE (WITH_TOOLS)
ENDIF (WITH_TOOLS)
### tests
OPTION(WITH_TESTS "Build unit tests." ON)
IF (WITH_TESTS)
SUBDIRS(tests)
ELSE (WITH_TESTS)
ENDIF (WITH_TESTS)
### IPFIXLOLIB_RAWDIR_SUPPORT
OPTION(IPFIXLOLIB_RAWDIR_SUPPORT "Enable ipfix rawdir support" OFF)
IF (IPFIXLOLIB_RAWDIR_SUPPORT)
ADD_DEFINITIONS(-DIPFIXLOLIB_RAWDIR_SUPPORT)
ELSE (IPFIXLOLIB_RAWDIR_SUPPORT)
REMOVE_DEFINITIONS(-DIPFIXLOLIB_RAWDIR_SUPPORT)
ENDIF (IPFIXLOLIB_RAWDIR_SUPPORT)

31
CONFIGURATION
View File

@ -1,31 +0,0 @@
The XML configuration schema allows configurations which are not supported by
VERMONT. This is a list of working configurations. See directory configs/ for
some working configuration files.
WARNING: Unsupported configurations may result in a "Segmentation Fault"
observationProcess -> meteringProcess(packetSelection + packetReporting) -> exportingProcess
observationProcess --|
|--> meteringProcess(packetSelection + packetReporting) -> exportingProcess
observationProcess---|
observationProcess -> meteringProcess(packetSelection) -> meteringProcess(packetReporting) -> exportingProcess
observationProcess -> meteringProcess(flowMetering) -> exportingProcess
collectingProcess -> meteringProcess(flowMetering) -> exportingProces
observationProcess --|
|--> meteringProcess(flowMetering) -> exportingProcess
collectingProcess --|
observationProcess -> meteringProcess(packetselection + flowMetering) -> dbWriter
collectingProcess -> meteringProcess(flowMetering) -> dbWriter
collectingProcess -> dbWriter
dbReader -> exportingProcess
dbReader -> meteringProcess(flowMetering) -> exportingProcess

12
INSTALL Normal file
View File

@ -0,0 +1,12 @@
Required Ubuntu/Debian packages for compilation:
- cmake libboost-dev libxml2-dev libpcap-dev libsctp-dev
Note: for high efficiency the PCAP-MMAP modification is suggested.
See <http://public.lanl.gov/cpw/>
Compile Procedure:
- call 'cmake .'
- if any adjustment to compilation settings are needed, 'ccmake .' is suggested
- call 'make'
- call './vermont'

340
LICENSE
View File

@ -1,340 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

112
README
View File

@ -1,112 +0,0 @@
This is VERMONT - VERsatile MONitoring Tool.
IPFIX/PSAMP probe
Released under GPL2, no guarantees, no warranty
REQUIREMENTS
- cmake
- Decent and recent gcc compiler w/ C++ support (there are some gcc-isms)
- libpcap
- *nix (Linux and recent FreeBSD preferred, other untested)
- boost (you need at least boost_filesystem, boost_regex and
boost_unit_test_framework)
- libxml
- libsctp
Optional:
- libmysqlclient
- libgsl
INSTALLATION
This project uses CMake for platform- and user-specific configuration.
In order to create the build files for actual compilation, you will
need to run CMake, before you can compile the sources.
For example, the following two commands will build VERMONT in its default
configuration on POSIX-compliant systems:
$ cmake .
$ make
Specific configuration options can be set prior to running make. The
command "cmake -LH" will display a list of the most important options.
CMake options can be set either by running cmake with one or more
parameters "-D OPTION=VALUE" or interactively by running "ccmake ." or
one of its graphical equivalents.
Although not strictly necessary, VERMONT binaries and data files can be
copied out of the source tree and to a user-defined location by running:
$ make install
CONFIGURATION
The configuration of VERMONT is now based on XML. Configuration files must
conform with the XML Schema ipfix-config-schema.xsd. Though, there are
additional restrictions.
See file CONFIGURATION for more information.
SAMPLER
Does packet sampling, reads raw packet data from an interface, put them thru
a filtering mechanism and finally export matching packets to an PSAMP/IPFIX
collector.
CONCENTRATOR
Reads IPFIX/Netflow data from socket, aggregates data for certain flows,
exports this data again via IPFIX.
THE HOOK
You can configure VERMONT to inject SAMPLER's captured packets into the
CONCENTRATOR for aggregation and export. Config option is in section main,
value packets.
DB READER/WRITER
New subsystems within the concentrator that allow reading from and writing
to a MySQL database.
NOTES ON MONITORING PORTS
Some switches add an additional field VLAN with size 4Bytes.
So you have to adjust the pcap_expression (pcap_filter) to "vlan and ip".
Futhermore, the Packet::IPHeaderOffset has to adjusted to 18. This can be
done via the configure script. Run configure with
configure --with-ipheader-offset=18
NOTES ON THREADS
When threads are to be exited, their real exit is waited for using
pthread_join().
This may lock for a while because I/O from sockets etc. is done in blocking
mode, so when no packet arrives, the thread will block in read().
You may want to rewrite the Thread class to do a pthread_detach() instread and
grep for further occurences of pthread_join().
NOTES ON SOCKET RECEIVE BUFFER
If incoming IPFIX traffic is bursty, increasing the socket receive buffer
reduces packet losses.
System calls for Linux with proc file system:
$ cat /proc/sys/net/core/rmem_default
$ cat /proc/sys/net/core/rmem_max
Write new value X (in bytes):
$ sysctl -w net/core/rmem_default=X
$ sysctl -w net/core/rmem_max=X
APPENDIX
faster Linux MMAP()ed PCAP: http://public.lanl.gov/cpw/

2
TODO
View File

@ -1,2 +0,0 @@
- Template management is performed via ObservationDomainId. It should be done
with the SourceID struct

14
cmake/modules/FindMySQL.cmake
View File

@ -30,23 +30,23 @@ IF(UNIX)
ARGS --include
OUTPUT_VARIABLE MY_TMP)
string (REGEX REPLACE "-I([^ ]*)( .*)?" "\\1" MY_TMP "${MY_TMP}")
SET(MYSQL_ADD_INCLUDE_DIR ${MY_TMP})
SET(MYSQL_ADD_INCLUDE_DIR ${MY_TMP} CACHE FILEPATH INTERNAL)
# set LIBRARY_DIR
EXEC_PROGRAM(${MYSQL_CONFIG}
ARGS --libs
OUTPUT_VARIABLE MY_TMP)
string (REGEX REPLACE "(.* )?-L([^ ]*)( .*)?" "\\2" MY_TMP "${MY_TMP}")
SET(MYSQL_ADD_LIBRARY ${MY_TMP})
string (REGEX REPLACE "-L([^ ]*)( .*)?" "\\1" MY_TMP "${MY_TMP}")
SET(MYSQL_ADD_LIBRARY ${MY_TMP} CACHE FILEPATH INTERNAL)
ENDIF(MYSQL_CONFIG)
ELSE(UNIX)
set(MYSQL_ADD_INCLUDE_DIR "c:/msys/local/include")
set(MYSQL_ADD_LIBRARY "c:/msys/local/lib")
set(MYSQL_ADD_INCLUDE_DIR "c:/msys/local/include" CACHE FILEPATH INTERNAL)
set(MYSQL_ADD_LIBRARY "c:/msys/local/lib" CACHE FILEPATH INTERNAL)
ENDIF(UNIX)
# if(NOT DEFINED MYSQL_FOUND)
if (NOT DEFINED MYSQL_FOUND)
find_path(MYSQL_INCLUDE_DIR mysql.h
/usr/local/include
@ -75,4 +75,4 @@ ENDIF(UNIX)
mark_as_advanced(MYSQL_INCLUDE_DIR MYSQL_LIBRARIES)
# endif (NOT DEFINED MYSQL_FOUND)
endif (NOT DEFINED MYSQL_FOUND)

59
cmake/modules/FindPostgreSQL.cmake Normal file
View File

@ -0,0 +1,59 @@
# - Find PostgreSQL
# Find the PostgreSQL includes and client library
# This module defines
# POSTGRESQL_INCLUDE_DIR, where to find POSTGRESQL.h
# POSTGRESQL_LIBRARIES, the libraries needed to use POSTGRESQL.
# POSTGRESQL_FOUND, If false, do not try to use PostgreSQL.
#
# Copyright (c) 2006, Jaroslaw Staniek, <js@iidea.pl>
#
# Redistribution and use is allowed according to the terms of the BSD license.
# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
# Add the postgresql and mysql include paths here
if(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
set(POSTGRESQL_FOUND TRUE)
else(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
# FIND_PATH(POSTGRESQL_INCLUDE_DIR postgres.h
find_path(POSTGRESQL_INCLUDE_DIR libpq-fe.h
/usr/include/server
/usr/include/pgsql/server
/usr/local/include/pgsql/server
/usr/include/postgresql
/usr/include/postgresql/server
/usr/include/postgresql/*/server
/usr/local/include/postgresql/server
/usr/local/include/postgresql/*/server
$ENV{ProgramFiles}/PostgreSQL/*/include/server
$ENV{SystemDrive}/PostgreSQL/*/include/server
)
find_library(POSTGRESQL_LIBRARIES NAMES pq libpq
PATHS
/usr/lib
/usr/local/lib
/usr/lib/postgresql
/usr/lib64
/usr/local/lib64
/usr/lib64/postgresql
$ENV{ProgramFiles}/PostgreSQL/*/lib/ms
$ENV{SystemDrive}/PostgreSQL/*/lib/ms
)
if(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
set(POSTGRESQL_FOUND TRUE)
message(STATUS "Found PostgreSQL: ${POSTGRESQL_INCLUDE_DIR}, ${POSTGRESQL_LIBRARIES}")
INCLUDE_DIRECTORIES(${POSTGRESQL_INCLUDE_DIR})
else(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
set(POSTGRESQL_FOUND FALSE)
message(STATUS "PostgreSQL not found.")
endif(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)
mark_as_advanced(POSTGRESQL_INCLUDE_DIR POSTGRESQL_LIBRARIES)
endif(POSTGRESQL_INCLUDE_DIR AND POSTGRESQL_LIBRARIES)

24
cmake/modules/FindSctp.cmake
View File

@ -1,6 +1,7 @@
# This line added for distribution with Vermont:
MESSAGE(STATUS "Using bundled FindSctp.cmake...")
FIND_PATH(
SCTP_INCLUDE_DIR
sctp.h
@ -8,25 +9,36 @@ FIND_PATH(
/usr/local/include/ /usr/local/include/sctp/ /usr/local/include/netinet/
)
# check wether we have we have all necessary functions within our libc
INCLUDE(CheckFunctionExists)
CHECK_FUNCTION_EXISTS(sctp_sendmsg SCTP_SENDMSGV_FOUND)
# check for external libsctp
FIND_LIBRARY(
SCTP_LIBRARIES NAMES sctp
PATHS /usr/lib/ /usr/local/lib/
)
IF (SCTP_LIBRARIES OR SCTP_SENDMSGV_FOUND)
SET (FOUND_SCTP_LIBRARIES TRUE)
ENDIF (SCTP_LIBRARIES OR SCTP_SENDMSGV_FOUND)
IF (SCTP_INCLUDE_DIR)
MESSAGE(STATUS "Found sctp include dirs")
ELSE (SCTP_INCLUDE_DIR)
MESSAGE(STATUS "Could not find sctp include dirs")
ENDIF(SCTP_INCLUDE_DIR)
IF (SCTP_LIBRARIES)
IF (FOUND_SCTP_LIBRARIES)
MESSAGE(STATUS "Found sctp libraries")
ELSE (SCTP_LIBRARIES)
SET(SCTP_FOUND TRUE)
ELSE (FOUND_SCTP_LIBRARIES)
MESSAGE(STATUS "Could not find sctp libraries")
ENDIF(SCTP_LIBRARIES)
ENDIF(FOUND_SCTP_LIBRARIES)
IF (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
IF (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES)
MESSAGE(STATUS "Found sctp")
ELSE (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
ELSE (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES)
MESSAGE(FATAL_ERROR "ERROR: Could not find libsctp. Please install the library.")
ENDIF (SCTP_INCLUDE_DIR AND SCTP_LIBRARIES)
ENDIF (SCTP_INCLUDE_DIR AND FOUND_SCTP_LIBRARIES)

208
collector_configuration.cc
View File

@ -1,208 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#include "collector_configuration.h"
#include "metering_configuration.h"
#include "flowmetering_configuration.h"
#include "exporter_configuration.h"
#include "dbwriter_configuration.h"
#include "concentrator/IpfixAggregator.hpp"
#include "concentrator/IpfixReceiverUdpIpV4.hpp"
#include "concentrator/IpfixReceiverSctpIpV4.hpp"
#include "common/msg.h"
CollectorConfiguration::CollectorConfiguration(xmlDocPtr document, xmlNodePtr startPoint)
: Configuration(document, startPoint), running(false), observationDomainId(0),
ipfixCollector(0), ipfixParser(0)
{
xmlChar* idString = xmlGetProp(startPoint, (const xmlChar*)"id");
if (NULL == idString) {
THROWEXCEPTION("Got collector without unique id!");
}
id = configTypes::collector + (const char*)idString;
xmlFree(idString);
}
CollectorConfiguration::~CollectorConfiguration()
{
for (unsigned i = 0; i != listeners.size(); ++i) {
delete listeners[i];
}
if (ipfixCollector) {
stopSystem();
delete ipfixCollector;
}
}
void CollectorConfiguration::configure()
{
msg(MSG_INFO, "CollectorConfiguration: Start reading packetReporting section");
xmlNodePtr i = start->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "listener")) {
readListener(i);
} else if (tagMatches(i, "udpTemplateLifetime")) {
templateLifetime = getTimeInSecs(i);
} else if (tagMatches(i, "observationDomainId")) {
observationDomainId = atoi(getContent(i).c_str());
} else if (tagMatches(i, "next")) {
fillNextVector(i);
}
i = i->next;
}
setUp();
msg(MSG_INFO, "CollectorConfiguration: Successfully parsed collectingProcess section");
}
void CollectorConfiguration::readListener(xmlNodePtr p)
{
xmlNodePtr i = p->xmlChildrenNode;
Listener* listener = new Listener();
listener->port = 4739; // standard port for IPFIX
while (NULL != i) {
if (tagMatches(i, "ipAddressType")) {
// we only have ipv4 at the moment
// so nothing is implemented yet for ipv6
if (getContent(i) != "4") {
msg(MSG_ERROR, "Only ipv4 is supported at the moment. \"ipAddressType\" will be ignored at the moment");
}
} else if (tagMatches(i, "ipAddress")) {
listener->ipAddress = getContent(i);
} else if (tagMatches(i, "transportProtocol")) {
if ((getContent(i) == "17") || (getContent(i) == "UDP")) {
listener->protocolType = 17;
#ifdef SUPPORT_SCTP
}else if ((getContent(i) == "132") || (getContent(i) == "SCTP")){
listener->protocolType = 132;
#endif
/*
}else if ((getContent(i) == "6") || (getContent(i) == "TCP")){
listener->protocolType = 6;
*/
}else{
THROWEXCEPTION("Unsupported protocol %s. Vermont only supports UDP (17) and SCTP (132). For using SCTP make sure you did not turn it off in ./configure",getContent(i).c_str());
}
} else if (tagMatches(i, "port")) {
listener->port = (uint16_t)atoi(getContent(i).c_str());
}
i = i->next;
}
listeners.push_back(listener);
}
void CollectorConfiguration::setUp()
{
ipfixCollector = new IpfixCollector;
if (!ipfixCollector) {
THROWEXCEPTION("Could not create collector");
}
for (unsigned i = 0; i != listeners.size(); ++i) {
IpfixReceiver* ipfixReceiver;
switch(listeners[i]->protocolType){
case 17:
ipfixReceiver = new IpfixReceiverUdpIpV4(listeners[i]->port, listeners[i]->ipAddress);
break;
case 132:
ipfixReceiver = new IpfixReceiverSctpIpV4(listeners[i]->port, listeners[i]->ipAddress);
break;
}
if (!ipfixReceiver) {
THROWEXCEPTION("Could not create receiver");
}
ipfixCollector->addIpfixReceiver(ipfixReceiver);
}
ipfixParser = new IpfixParser;
if (!ipfixParser) {
THROWEXCEPTION("Could not create IPFIX parser");
}
if (templateLifetime){
ipfixParser->setTemplateLivetime(templateLifetime);
}
}
void CollectorConfiguration::connect(Configuration* c)
{
// the collector can put it's data only into
// - an metering process which is aggregating or
// - an exporting process
MeteringConfiguration* metering = dynamic_cast<MeteringConfiguration*>(c);
if (metering) {
metering->setObservationDomainId(observationDomainId);
FlowMeteringConfiguration* fm = metering->getFlowMeteringConfiguration();
if (!fm) {
THROWEXCEPTION("Metering process isn't aggregating ->"
" cannot connect it to an collector!");
}
msg(MSG_DEBUG, "CollectorConfiguration: Got metering process which is aggreagting");
IpfixAggregator* aggregator = fm->getIpfixAggregator();
if (!aggregator) {
THROWEXCEPTION("CollectorConfiguration: ipfixAggregator is null -> This is a bug! Please report it");
}
msg(MSG_DEBUG, "Adding aggregator to ipfixParser");
ipfixParser->addFlowSink(aggregator);
msg(MSG_DEBUG, "Adding ipfixPacketProcessor to ipfixCollector");
ipfixCollector->addIpfixPacketProcessor(ipfixParser);
msg(MSG_DEBUG, "Sucessfully set up connection between collector and aggregator");
return;
}
ExporterConfiguration* exporter = dynamic_cast<ExporterConfiguration*>(c);
if (exporter) {
exporter->createIpfixSender(observationDomainId);
IpfixSender* ipfixSender = exporter->getIpfixSender();
msg(MSG_DEBUG, "Adding IpfixSender callbacks to IpfixParser");
ipfixParser->addFlowSink(ipfixSender);
msg(MSG_DEBUG, "Adding IpfixPacketProcessor to IpfixCollector");
ipfixCollector->addIpfixPacketProcessor(ipfixParser);
msg(MSG_DEBUG, "Successfully set up connection between collector and exporter");
return;
}
#ifdef DB_SUPPORT_ENABLED
DbWriterConfiguration* dbWriterConfiguration = dynamic_cast<DbWriterConfiguration*>(c);
if (dbWriterConfiguration) {
msg(MSG_DEBUG, "Adding DBwriter to IpfixCollector");
dbWriterConfiguration->setObservationDomainId(observationDomainId);
ipfixParser->addFlowSink(dbWriterConfiguration->getDbWriter());
msg(MSG_DEBUG, "Adding IpfixPacketProcessor to IpfixCollector");
ipfixCollector->addIpfixPacketProcessor(ipfixParser);
msg(MSG_DEBUG, "Successfully set up connction between collector and dbwriter");
return;
}
#endif
THROWEXCEPTION("Cannot connect %s to a collector!", c->getId().c_str());
}
void CollectorConfiguration::startSystem()
{
if (running) return;
msg(MSG_DEBUG, "CollectorConfiguration: Starting collecting process");
ipfixCollector->start();
running = true;
}
void CollectorConfiguration::stopSystem()
{
if (!running) return;
msg(MSG_DEBUG, "CollectorConfiguration: Stopping collecting process");
ipfixCollector->stop();
running = false;
}

51
collector_configuration.h
View File

@ -1,51 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#ifndef _COLLECTOR_CONFIGURATION_H_
#define _COLLECTOR_CONFIGURATION_H_
#include "ipfix_configuration.h"
#include <concentrator/IpfixCollector.hpp>
#include <vector>
class CollectorConfiguration : public Configuration{
public:
CollectorConfiguration(xmlDocPtr document, xmlNodePtr startPoint);
~CollectorConfiguration();
virtual void configure();
virtual void connect(Configuration*);
virtual void startSystem();
virtual void stopSystem();
protected:
void setUp();
void readListener(xmlNodePtr i);
bool running; /**< true between calls to startSystem() and stopSystem() */
private:
struct Listener {
std::string ipAddress;
unsigned protocolType;
uint16_t port;
};
std::vector<Listener*> listeners;
uint16_t observationDomainId;
uint16_t templateLifetime;
IpfixCollector* ipfixCollector;
IpfixParser* ipfixParser;
};
#endif

5
common/Makefile.am
View File

@ -1,5 +0,0 @@
noinst_LIBRARIES=libcommon.a
libcommon_a_SOURCES=TimeoutSemaphore.h TimeoutSemaphore.cpp msg.h msg.cc StatisticsManager.h StatisticsManager.cpp
AM_CXXFLAGS=-Wall -Werror

94
common/StatisticsManager.cpp
View File

@ -1,94 +0,0 @@
#include "StatisticsManager.h"
#include <stdio.h>
#include <string>
#include <unistd.h>
using namespace std;
StatisticsManager::StatisticsManager()
: Thread(threadWrapper), interval(10000)
{
}
StatisticsManager::~StatisticsManager()
{
while (!statModules.empty()) {
StatisticsModule* sm = statModules.front();
statModules.pop_front();
delete sm;
}
}
StatisticsManager& StatisticsManager::getInstance()
{
static StatisticsManager sm;
return sm;
}
void StatisticsManager::addModule(StatisticsModule* statmodule)
{
mutex.lock();
statModules.push_back(statmodule);
mutex.unlock();
}
void StatisticsManager::removeModule(StatisticsModule* statmodule)
{
mutex.lock();
statModules.remove(statmodule);
mutex.unlock();
}
void* StatisticsManager::threadWrapper(void* sm)
{
reinterpret_cast<StatisticsManager*>(sm)->runStats();
return 0;
}
void StatisticsManager::setInterval(long milliseconds)
{
interval = milliseconds;
}
void StatisticsManager::setOutput(const string& output)
{
outputFile = output;
}
void StatisticsManager::runStats()
{
// truncate output file
FILE* f = fopen(outputFile.c_str(), "w");
if (f == 0) THROWEXCEPTION("failed to open file %s", outputFile.c_str());
fclose(f);
while (!exitFlag) {
if (usleep(interval*1000) != 0) THROWEXCEPTION("usleep failed");
FILE* f = fopen(outputFile.c_str(), "a");
if (f == 0) THROWEXCEPTION("failed to open file %s", outputFile.c_str());
fprintf(f, "statistics dump at %lu\n", (long unsigned)time(0));
mutex.lock();
list<StatisticsModule*>::const_iterator iter = statModules.begin();
while (iter != statModules.end()) {
string text = (*iter)->getStatistics();
fprintf(f, "%s\n", text.c_str());
iter++;
}
mutex.unlock();
fclose(f);
}
}
void StatisticsManager::start()
{
run(this);
}
void StatisticsManager::stop()
{
join();
}

44
common/StatisticsManager.h
View File

@ -1,44 +0,0 @@
#if !defined(STATISTICS_MANAGER_H)
#define STATISTICS_MANAGER_H
#include "Mutex.h"
#include "Thread.h"
#include <list>
#include <string>
// statistics output
class StatisticsModule
{
public:
virtual ~StatisticsModule() {}
virtual std::string getStatistics() = 0;
};
class StatisticsManager : Thread
{
private:
std::list<StatisticsModule*> statModules;
unsigned long interval;
Mutex mutex;
std::string outputFile;
StatisticsManager();
static void* threadWrapper(void* sm);
void runStats();
public:
virtual ~StatisticsManager();
static StatisticsManager& getInstance();
void addModule(StatisticsModule* statmodule);
void removeModule(StatisticsModule* statmodule);
void start();
void stop();
void setInterval(long milliseconds);
void setOutput(const std::string& output);
};
#endif

60
common/Time.h
View File

@ -1,60 +0,0 @@
/**
* General functions for manipulating timing structures
*/
#if !defined(TIME_H)
#define TIME_H
#include <time.h>
#include <sys/time.h>
/* Subtract the `struct timeval' values X and Y,
storing the result in RESULT.
Return 1 if the difference is negative, otherwise 0. */
inline int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval* y)
{
/* Perform the carry for the later subtraction by updating y. */
if (x->tv_usec < y->tv_usec) {
int nsec = (y->tv_usec - x->tv_usec) / 1000000 + 1;
y->tv_usec -= 1000000 * nsec;
y->tv_sec += nsec;
}
if (x->tv_usec - y->tv_usec > 1000000) {
int nsec = (x->tv_usec - y->tv_usec) / 1000000;
y->tv_usec += 1000000 * nsec;
y->tv_sec -= nsec;
}
/* Compute the time remaining to wait.
tv_usec is certainly positive. */
result->tv_sec = x->tv_sec - y->tv_sec;
result->tv_usec = x->tv_usec - y->tv_usec;
/* Return 1 if result is negative. */
return x->tv_sec < y->tv_sec;
}
/**
* adds to current time the value in timediff_ms and returns the result in
* ts
*/
inline void addToCurTime(struct timespec* ts, long timediff_ms)
{
struct timeval tv;
// calculate absolute time from timeout
gettimeofday(&tv, 0);
// add timeout value to the current time
// if no timeout is given, use standard timeout, as we need to check the exitFlag regularly
tv.tv_usec += timediff_ms * 1000L;
if (tv.tv_usec >= 1000000L)
{
tv.tv_sec += (tv.tv_usec/1000000L);
tv.tv_usec %= 1000000L;
}
ts->tv_sec = tv.tv_sec;
ts->tv_nsec = tv.tv_usec * 1000L;
}
#endif

4
common/TimeoutSemaphore.cpp
View File

@ -1,4 +0,0 @@
#include "TimeoutSemaphore.h"
// variables for global management of all semaphores
bool TimeoutSemaphore::exitFlag = false;

119
concentrator/FlowSink.cpp
View File

@ -1,119 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#include "common/msg.h"
#include "FlowSink.hpp"
FlowSink::FlowSink()
: ipfixRecords(), thread(flowSinkProcess), exitFlag(false)
{
DPRINTF("initialized with a queue size of %d", ipfixRecords.getCount());
}
FlowSink::FlowSink(int queueSize)
: ipfixRecords(queueSize), thread(flowSinkProcess), exitFlag(false)
{
DPRINTF("initialized with a queue size of %d", queueSize);
}
FlowSink::~FlowSink() {
msg(MSG_DEBUG, "destructor called");
terminateSink();
}
void FlowSink::push(boost::shared_ptr<IpfixRecord> ipfixRecord)
{
ipfixRecords.push(ipfixRecord);
}
void* FlowSink::flowSinkProcess(void* flowSink_)
{
FlowSink* flowSink = (FlowSink*)flowSink_;
flowSink->flowSinkProcess();
return 0;
}
void FlowSink::flowSinkProcess()
{
msg(MSG_INFO, "now running FlowSink thread");
while(!exitFlag) {
boost::shared_ptr<IpfixRecord> ipfixRecord;
if (!ipfixRecords.pop(&ipfixRecord)) break;
{
IpfixDataRecord* rec = dynamic_cast<IpfixDataRecord*>(ipfixRecord.get());
if (rec) onDataRecord(rec->sourceID.get(), rec->templateInfo.get(), rec->dataLength, rec->data);
}
{
IpfixDataDataRecord* rec = dynamic_cast<IpfixDataDataRecord*>(ipfixRecord.get());
if (rec) onDataDataRecord(rec->sourceID.get(), rec->dataTemplateInfo.get(), rec->dataLength, rec->data);
}
{
IpfixOptionsRecord* rec = dynamic_cast<IpfixOptionsRecord*>(ipfixRecord.get());
if (rec) onOptionsRecord(rec->sourceID.get(), rec->optionsTemplateInfo.get(), rec->dataLength, rec->data);
}
{
IpfixTemplateRecord* rec = dynamic_cast<IpfixTemplateRecord*>(ipfixRecord.get());
if (rec) onTemplate(rec->sourceID.get(), rec->templateInfo.get());
}
{
IpfixDataTemplateRecord* rec = dynamic_cast<IpfixDataTemplateRecord*>(ipfixRecord.get());
if (rec) onDataTemplate(rec->sourceID.get(), rec->dataTemplateInfo.get());
}
{
IpfixOptionsTemplateRecord* rec = dynamic_cast<IpfixOptionsTemplateRecord*>(ipfixRecord.get());
if (rec) onOptionsTemplate(rec->sourceID.get(), rec->optionsTemplateInfo.get());
}
{
IpfixTemplateDestructionRecord* rec = dynamic_cast<IpfixTemplateDestructionRecord*>(ipfixRecord.get());
if (rec) onTemplateDestruction(rec->sourceID.get(), rec->templateInfo.get());
}
{
IpfixDataTemplateDestructionRecord* rec = dynamic_cast<IpfixDataTemplateDestructionRecord*>(ipfixRecord.get());
if (rec) onDataTemplateDestruction(rec->sourceID.get(), rec->dataTemplateInfo.get());
}
{
IpfixOptionsTemplateDestructionRecord* rec = dynamic_cast<IpfixOptionsTemplateDestructionRecord*>(ipfixRecord.get());
if (rec) onOptionsTemplateDestruction(rec->sourceID.get(), rec->optionsTemplateInfo.get());
}
}
}
void FlowSink::runSink() {
thread.run(this);
}
bool FlowSink::terminateSink() {
exitFlag = true;
msg(MSG_DEBUG, "waiting for exporter thread");
thread.join();
msg(MSG_DEBUG, "exporter thread joined");
return true;
}
void FlowSink::setSinkOwner(const char* owner)
{
ipfixRecords.setOwner(owner);
}
ConcurrentQueue< boost::shared_ptr<IpfixRecord> >* FlowSink::getSinkQueue()
{
return &ipfixRecords;
}

203
concentrator/FlowSink.hpp
View File

@ -1,203 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef INCLUDE_FlowSink_hpp
#define INCLUDE_FlowSink_hpp
#include <stdint.h>
#include <memory>
#include <stdexcept>
#include <boost/smart_ptr.hpp>
#include "IpfixRecord.hpp"
#include "common/Thread.h"
#include "common/ConcurrentQueue.h"
/*
* IPFIX Flow Sink class
*
* The IPFIX Flow Sink class servers as a base class for all modules
* which can receive and act upon IPFIX flows.
*/
class FlowSink {
public:
FlowSink(int queueSize);
FlowSink();
virtual ~FlowSink();
/**
* Push an IpfixRecord into the queue for later pickup by the FlowSink's thread
*/
void push(boost::shared_ptr<IpfixRecord> ipfixRecord);
/**
* Start the FlowSink's flowSinkProcess thread
*/
void runSink();
/**
* Stop the FlowSink's flowSinkProcess thread
*/
bool terminateSink();
void setSinkOwner(const char* owner);
ConcurrentQueue< boost::shared_ptr<IpfixRecord> >* getSinkQueue();
protected:
// Allow HookingFilter to directly call FlowSink::onDataRecord
friend class HookingFilter;
friend class ExpressHookingFilter;
/**
* Callback function invoked when a new Template arrives.
* @param sourceID SourceID of the exporter that sent this Template
* @param templateInfo Pointer to a structure defining this Template
* @return 0 if packet handled successfully
*/
virtual int onTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new DataTemplate arrives.
* @param sourceID SourceID of the exporter that sent this DataTemplate
* @param optionsTemplateInfo Pointer to a structure defining this Template
* @return 0 if packet handled successfully
*/
virtual int onOptionsTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new DataTemplate arrives.
* @param sourceID SourceID of the exporter that sent this DataTemplate
* @param dataTemplateInfo Pointer to a structure defining this Template
* @return 0 if packet handled successfully
*/
virtual int onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new Data Record arrives.
* @param sourceID SourceID of the exporter that sent this Record
* @param templateInfo Pointer to a structure defining the Template used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all fields
* @return 0 if packet handled successfully
*/
virtual int onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo, uint16_t length, IpfixRecord::Data* data)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new raw data packet arrives
* @param packet Packet which arrived in the sampler
*/
virtual int onPacket(const Packet* packet)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new Options Record arrives.
* @param sourceID SourceID of the exporter that sent this Record
* @param optionsTemplateInfo Pointer to a structure defining the OptionsTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all fields
* @return 0 if packet handled successfully
*/
virtual int onOptionsRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo, uint16_t length, IpfixRecord::Data* data)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a new Data Record with associated Fixed Values arrives.
* @param sourceID SourceID of the exporter that sent this Record
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
* @return 0 if packet handled successfully
*/
virtual int onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data)
{
THROWEXCEPTION("method not implemented");
return 1;
}
/**
* Callback function invoked when a Template is being destroyed.
* Particularly useful for cleaning up userData associated with this Template
* @param sourceID SourceID of the exporter that sent this Template
* @param templateInfo Pointer to a structure defining this Template
* @return 0 if packet handled successfully
*/
virtual int onTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo)
{
return 1;
}
/**
* Callback function invoked when a OptionsTemplate is being destroyed.
* Particularly useful for cleaning up userData associated with this Template
* @param sourceID SourceID of the exporter that sent this OptionsTemplate
* @param optionsTemplateInfo Pointer to a structure defining this OptionsTemplate
* @return 0 if packet handled successfully
*/
virtual int onOptionsTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo)
{
return 1;
}
/**
* Callback function invoked when a DataTemplate is being destroyed.
* Particularly useful for cleaning up userData associated with this Template
* @param sourceID SourceID of the exporter that sent this DataTemplate
* @param dataTemplateInfo Pointer to a structure defining this DataTemplate
* @return 0 if packet handled successfully
*/
virtual int onDataTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo)
{
return 1;
}
static void* flowSinkProcess(void* flowSink);
virtual void flowSinkProcess();
ConcurrentQueue< boost::shared_ptr<IpfixRecord> > ipfixRecords;
Thread thread;
bool exitFlag;
};
#endif

56
concentrator/FlowSource.hpp
View File

@ -1,56 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef INCLUDED_FlowSource_hpp
#define INCLUDED_FlowSource_hpp
#include <list>
#include <boost/smart_ptr.hpp>
#include "FlowSink.hpp"
#include "IpfixRecord.hpp"
/*
* IPFIX Flow Source class
*
* The IPFIX Flow Source class servers as a base class for all modules
* which produce an IpfixRecord and pass it to a FlowSink
*/
class FlowSource {
public:
FlowSource();
virtual ~FlowSource();
/**
* Add a FlowSink that receives flows we collect
*/
virtual void addFlowSink(FlowSink* flowSink);
/**
* Push an IpfixRecord to all registered FlowSink objects
*/
void push(boost::shared_ptr<IpfixRecord> ipfixRecord);
protected:
typedef std::list<FlowSink*> FlowSinks;
FlowSinks flowSinks; /**< List of FlowSink objects that receive flows we collect */
};
#endif

1425
concentrator/Hashtable.cpp
View File

File diff suppressed because it is too large Load Diff

187
concentrator/Hashtable.hpp
View File

@ -1,187 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef HASHING_H
#define HASHING_H
#include "FlowSource.hpp"
#include "IpfixParser.hpp"
#include "Rules.hpp"
#include "common/StatisticsManager.h"
#include <list>
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <boost/smart_ptr.hpp>
#define HASHTABLE_SIZE 65536
/**
* Hash-powered buffer for outgoing flows.
* This is where outbound flows are aggregated while waiting to be exported.
*
* The Hashtable module receives flows from higher levels,
* collects them in Buffers, then passes them on to lower levels by calling the
* appropriate callback functions.
*
* Flows that differ only in aggregatable fields (like @c IPFIX_TYPEID_inOctetDeltaCount) are
* aggregated.
* If for a buffered flow no new aggregatable flows arrive for a certain timespan
* or the flow was kept buffered for a certain amount of time it is
* passed on to lower levels (i.e. exported) and removed from the hashtable.
*
* Polling for expired flows is accomplished by periodically calling @c expireFlows().
*
* Each @c Hashtable contains some fixed-value IPFIX fields @c Hashtable.data
* described by the @c Hashtable.dataInfo array. The remaining, variable-value
* fields are stored in @c Hashtable.buckets[].data structures described by the
* @c Hashtable.fieldInfo array.
*/
class Hashtable : public FlowSource, StatisticsModule {
public:
class Bucket;
/**
* Single Bucket containing one buffered flow's variable data.
* Is either a direct entry in @c Hashtable::bucket or a member of another Hashtable::Bucket's spillchain
*/
class Bucket {
public:
uint32_t expireTime; /**< timestamp when this bucket will expire if no new flows are added */
uint32_t forceExpireTime; /**< timestamp when this bucket is forced to expire */
boost::shared_array<IpfixRecord::Data> data; /**< contains variable fields of aggregated flow; format defined in Hashtable::dataInfo::fieldInfo */
Hashtable::Bucket* next; /**< next bucket in spill chain */
};
Hashtable(Rule* rule, uint16_t minBufferTime, uint16_t maxBufferTime);
~Hashtable();
int isToBeAggregated(IpfixRecord::FieldInfo::Type type);
virtual void addFlowSink(FlowSink* flowSink);
void aggregateTemplateData(IpfixRecord::TemplateInfo* ti, IpfixRecord::Data* data);
void ExpAggregateTemplateData(const Packet* p);
void aggregateDataTemplateData(IpfixRecord::DataTemplateInfo* ti, IpfixRecord::Data* data);
void aggregatePacket(const Packet* p);
virtual std::string getStatistics();
void expireFlows();
int bucketCount; /**< size of this hashtable (must be HASHTABLE_SIZE) */
Hashtable::Bucket* buckets[HASHTABLE_SIZE]; /**< array of pointers to hash buckets at start of spill chain. Members are NULL where no entry present */
int recordsReceived; /**< Statistics: Number of records received from higher-level modules */
int recordsSent; /**< Statistics: Number of records sent to lower-level modules */
uint16_t minBufferTime; /**< If for a buffered flow no new aggregatable flows arrive for this many seconds, export it */
uint16_t maxBufferTime; /**< If a buffered flow was kept buffered for this many seconds, export it */
protected:
/**
* fast accessible structure containing data for aggregation, the first noAggFields members of array
* are aggregatable
*/
struct ExpFieldData {
uint16_t typeId; /**< type of corresponding ipfix field */
// following fields are used by aggregation functions for a fast lookup of needed data inside
// the raw packet (source) and the hashtable bucket (destination)
uint32_t srcIndex; /**< index to raw packet data relative to Packet::netHeader, sometimes unique for each processed packet */
uint16_t dstIndex; /**< index in ipfix data */
uint16_t srcLength; /**< length of source field data */
uint16_t dstLength; /**< length of destination field data */
/**
* additional data stored by aggregation function
* if ip addresses need to be masked, this contains the masked ips (as the raw packet data must not
* be touched) + mask byte
*/
uint8_t data[5];
/**
* this index is used by the createMaskedField function to determine original location of IP address
* inside the raw packet (as srcIndex is overwritten with index which points to data[0]
*/
uint32_t origSrcIndex;
bool varSrcIdx; /**< specifies if the index in the raw packet data is variable between packets relative to Packet::netHeader*/
Rule::Field::Modifier modifier; /**< modifier when copying field (such as a mask) */
void (*copyDataFunc) (IpfixRecord::Data*, const IpfixRecord::Data*, ExpFieldData*); /**< function which is able to copy data from raw packet to ipfix field */
};
struct ExpHelperTable
{
/**< contains number of aggregatable fields in expFieldData */
uint16_t noAggFields;
uint16_t dstIpEFieldIndex; /**< 0 if destination ip should not be masked, == index dstip, if to be masked */
uint16_t srcIpEFieldIndex; /**< 0 if source ip should not be masked, == index srcip, if to be masked */
ExpFieldData* expFieldData;
uint16_t* varSrcPtrFields; /**< array with indizes to expFieldData elements, which have a srcIndex which varies from packet to packet */
uint16_t varSrcPtrFieldsLen; /**< length of varSrcPtrFields */
};
ExpHelperTable expHelperTable;
boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplate; /**< structure describing both variable and fixed fields and containing fixed data */
uint16_t fieldLength; /**< length in bytes of all variable-length fields */
Rule::Field::Modifier* fieldModifier; /**< specifies what modifier to apply to a given field */
uint32_t statTotalEntries; /**< number of entries in hashtable, used for statistics */
uint32_t statEmptyBuckets; /**< number of empty buckets in hashtable, used for statistics */
uint32_t statExportedBuckets; /**< number of exported entries/flows, used for statistics */
uint32_t statLastExpBuckets; /**< last number of exported entries/flows, used for statistics */
Hashtable::Bucket* createBucket(boost::shared_array<IpfixRecord::Data> data);
void exportBucket(Hashtable::Bucket* bucket);
void destroyBucket(Hashtable::Bucket* bucket);
int aggregateField(IpfixRecord::FieldInfo::Type* type, IpfixRecord::Data* baseData, IpfixRecord::Data* deltaData);
int aggregateFlow(IpfixRecord::Data* baseFlow, IpfixRecord::Data* flow);
uint16_t getHash(IpfixRecord::Data* data);
int equalFlow(IpfixRecord::Data* flow1, IpfixRecord::Data* flow2);
void bufferDataBlock(boost::shared_array<IpfixRecord::Data> data);
// internal functions for express aggregator
void buildExpHelperTable();
static void copyDataEqualLengthNoMod(IpfixRecord::Data* dst, const IpfixRecord::Data* src, ExpFieldData* efd);
static void copyDataGreaterLengthIPNoMod(IpfixRecord::Data* dst, const IpfixRecord::Data* src, ExpFieldData* efd);
static void copyDataGreaterLengthIPMask(IpfixRecord::Data* dst, const IpfixRecord::Data* src, ExpFieldData* efd);
static void copyDataGreaterLengthNoMod(IpfixRecord::Data* dst, const IpfixRecord::Data* src, ExpFieldData* efd);
static void copyDataSetOne(IpfixRecord::Data* dst, const IpfixRecord::Data* src, ExpFieldData* efd);
void (*getCopyDataFunction(const ExpFieldData* efd))(IpfixRecord::Data*, const IpfixRecord::Data*, ExpFieldData*);
void fillExpFieldData(ExpFieldData* efd, IpfixRecord::FieldInfo* hfi, Rule::Field::Modifier fieldModifier, uint16_t index);
uint16_t expCalculateHash(const IpfixRecord::Data* data);
boost::shared_array<IpfixRecord::Data> buildBucketData(const Packet* p);
void expAggregateField(const ExpFieldData* efd, IpfixRecord::Data* baseData, const IpfixRecord::Data* deltaData);
void expAggregateFlow(IpfixRecord::Data* bucket, const Packet* p);
bool expEqualFlow(IpfixRecord::Data* bucket, const Packet* p);
void createMaskedField(IpfixRecord::Data* address, uint8_t imask);
void createMaskedFields(const Packet* p);
void updatePointers(const Packet* p);
};
#endif

271
concentrator/IpfixAggregator.cpp
View File

@ -1,271 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#include <stdexcept>
#include <netinet/in.h>
#include <unistd.h>
#include "IpfixAggregator.hpp"
#include "IpfixParser.hpp"
#include "IpfixSender.hpp"
#include "common/msg.h"
/**
* Creates a new Aggregator. Do not forget to set the callback functions, then call @c startAggregator().
* @param ruleFile filename of file containing a set of rules
* @param minBufferTime TODO
* @param maxBufferTime TODO
*/
IpfixAggregator::IpfixAggregator(char* ruleFile, uint16_t minBufferTime, uint16_t maxBufferTime)
{
Rules* rules = new Rules(ruleFile);
if (!rules) {
THROWEXCEPTION("could not parse rules file %s", ruleFile);
}
buildAggregator(rules, minBufferTime, maxBufferTime);
setSinkOwner("IpfixAggregator");
}
/**
* Creates a new Aggregator. Do not forget to set the callback functions, then call @c startAggreagtor().
* @param rules Rules for aggregator to work with
* @param minBufferTime TODO
* @param maxBufferTime TODO
*/
IpfixAggregator::IpfixAggregator(Rules* rules, uint16_t minBufferTime, uint16_t maxBufferTime)
{
buildAggregator(rules, minBufferTime, maxBufferTime);
setSinkOwner("IpfixAggregator");
}
/**
* Builds a new aggregator from the given rules (helper function for @c createAggregator and @c createAggregatorFromRules)
*/
void IpfixAggregator::buildAggregator(Rules* rules, uint16_t minBufferTime, uint16_t maxBufferTime)
{
int i;
this->rules = rules;
for (i = 0; i < rules->count; i++) {
rules->rule[i]->initialize();
rules->rule[i]->hashtable = new Hashtable(rules->rule[i], minBufferTime, maxBufferTime);
}
if (pthread_mutex_init(&mutex, NULL) != 0) {
msg(MSG_FATAL, "Could not init mutex");
}
if (pthread_mutex_lock(&mutex) != 0) {
msg(MSG_FATAL, "Could not lock mutex");
}
msg(MSG_INFO, "Done. Parsed %d rules; minBufferTime %d, maxBufferTime %d", rules->count, minBufferTime, maxBufferTime);
}
/**
* Frees memory used by an Aggregator.
* Make sure the Aggregator is not being used before calling this method.
*/
IpfixAggregator::~IpfixAggregator()
{
int i;
for (i = 0; i < rules->count; i++) {
delete ((Hashtable*)rules->rule[i]->hashtable);
}
delete rules;
pthread_mutex_unlock(&mutex);
pthread_mutex_destroy(&mutex);
}
/**
* Starts or resumes processing Records
*/
void IpfixAggregator::start() {
pthread_mutex_unlock(&mutex);
}
/**
* Temporarily pauses processing Records
*/
void IpfixAggregator::stop() {
pthread_mutex_lock(&mutex);
}
/**
* Injects new DataRecords into the Aggregator.
* @param sourceID ignored
* @param ti structure describing @c data
* @param length length (in bytes) of @c data
* @param data raw data block containing the Record
* @return 0 on success, non-zero on error
*/
int IpfixAggregator::onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* ti, uint16_t length, IpfixRecord::Data* data)
{
int i;
DPRINTF("Got a Data Record\n");
#if defined(DEBUG)
if(!rules) {
THROWEXCEPTION("Aggregator not started");
}
#endif
// tobi_optimize: why the hell is here a mutex?!
// is it allowed to specify the hookingfilter to several receivers?
pthread_mutex_lock(&mutex);
for (i = 0; i < rules->count; i++) {
if (rules->rule[i]->templateDataMatches(ti, data)) {
DPRINTF("rule %d matches", i);
((Hashtable*)rules->rule[i]->hashtable)->aggregateTemplateData(ti, data);
}
}
pthread_mutex_unlock(&mutex);
return 0;
}
/**
* replacement of onDataRecord which is only able to handle raw IP packets and aggregate those
* efficiently
* @param packet raw network packet which was received
* @return 0 if packet handled successfully
*/
int IpfixAggregator::onPacket(const Packet* packet)
{
int i;
#if defined(DEBUG)
if(!rules) {
THROWEXCEPTION("Aggregator not started");
}
#endif
pthread_mutex_lock(&mutex);
for (i = 0; i < rules->count; i++) {
if (rules->rule[i]->ExptemplateDataMatches(packet)) {
DPRINTF("rule %d matches\n", i);
((Hashtable*)rules->rule[i]->hashtable)->aggregatePacket(packet);
}
}
pthread_mutex_unlock(&mutex);
return 0;
}
/**
* Injects new DataRecords into the Aggregator.
* @param sourceID ignored
* @param ti structure describing @c data
* @param length length (in bytes) of @c data
* @param data raw data block containing the Record
* @return 0 on success, non-zero on error
*/
int IpfixAggregator::onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* ti, uint16_t length, IpfixRecord::Data* data)
{
int i;
DPRINTF("onDataDataRecord: Got a DataData Record\n");
if(!rules) {
msg(MSG_FATAL, "Aggregator not started");
return -1;
}
pthread_mutex_lock(&mutex);
for (i = 0; i < rules->count; i++) {
if (rules->rule[i]->dataTemplateDataMatches(ti, data)) {
DPRINTF("rule %d matches\n", i);
((Hashtable*)rules->rule[i]->hashtable)->aggregateDataTemplateData(ti, data);
}
}
pthread_mutex_unlock(&mutex);
return 0;
}
/**
* Checks for flows buffered longer than @c ipfixAggregator::minBufferTime and/or @c ipfixAggregator::maxBufferTime and passes them to the previously defined callback functions.
*/
void IpfixAggregator::poll() {
int i;
pthread_mutex_lock(&mutex);
for (i = 0; i < rules->count; i++) {
((Hashtable*)rules->rule[i]->hashtable)->expireFlows();
}
pthread_mutex_unlock(&mutex);
}
/**
* Adds a set of callback functions to the list of functions to call when Templates or Records have to be sent
* @param flowSink the destination module
*/
void IpfixAggregator::addFlowSink(FlowSink* flowSink) {
int i;
for (i = 0; i < rules->count; i++) {
((Hashtable*)rules->rule[i]->hashtable)->addFlowSink(flowSink);
}
}
/**
* Called by the logger timer thread. Dumps info using msg_stat
*/
void IpfixAggregator::stats()
{
int i;
pthread_mutex_lock(&mutex);
for (i = 0; i < rules->count; i++) {
int j;
uint32_t usedBuckets = 0;
uint32_t usedHeads = 0;
uint32_t longestSpillchain = 0;
uint32_t avgAge = 0;
Hashtable* ht = rules->rule[i]->hashtable;
msg_stat("Concentrator: Rule %2d: Records: %6d received, %6d sent", i, ht->recordsReceived, ht->recordsSent);
ht->recordsReceived = 0;
ht->recordsSent = 0;
for (j = 0; j < HASHTABLE_SIZE; j++) {
Hashtable::Bucket* hb = ht->buckets[j];
if (hb) usedHeads++;
uint32_t bucketsInSpillchain = 0;
while (hb) {
avgAge += time(0) - (hb->forceExpireTime - ht->maxBufferTime);
usedBuckets++;
bucketsInSpillchain++;
hb = hb->next;
}
if (bucketsInSpillchain > longestSpillchain) longestSpillchain = bucketsInSpillchain;
}
msg_stat("Concentrator: Rule %2d: Hashbuckets: %6d used, %6d at head, %6d max chain, %6d avg age", i, usedBuckets, usedHeads, longestSpillchain, usedBuckets?(avgAge / usedBuckets):0);
}
pthread_mutex_unlock(&mutex);
}

63
concentrator/IpfixAggregator.hpp
View File

@ -1,63 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef AGGREGATOR_H
#define AGGREGATOR_H
#include "IpfixParser.hpp"
#include "Rules.hpp"
#include "Hashtable.hpp"
#include <pthread.h>
/**
* Represents an Aggregator.
*
* Uses Rules and Hashtable to implement an IPFIX Aggregator.
*/
class IpfixAggregator : public FlowSink
{
public:
IpfixAggregator(char* ruleFile, uint16_t minBufferTime, uint16_t maxBufferTime);
IpfixAggregator(Rules* rules, uint16_t minBufferTime, uint16_t maxBufferTime);
~IpfixAggregator();
void buildAggregator(Rules* rules, uint16_t minBufferTime, uint16_t maxBufferTime);
void start();
void stop();
int onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* ti, uint16_t length, IpfixRecord::Data* data);
int onPacket(const Packet* packet);
int onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* ti, uint16_t length, IpfixRecord::Data* data);
void poll();
/**
* Add a FlowSink that receives flows we export
*/
void addFlowSink(FlowSink* flowSink);
void stats();
protected:
Rules* rules; /**< Set of rules that define the aggregator */
pthread_mutex_t mutex; /**< Mutex to synchronize and/or pause aggregator */
};
#endif

116
concentrator/IpfixCollector.cpp
View File

@ -1,116 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
// FIXME: Basic support for NetflowV9 packets, templates and flow records is provided. Will break when fed field types with type ID >= 0x8000.
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
/* for ntohll et al */
#include "ipfixlolib/ipfixlolib.h"
#include "IpfixReceiver.hpp"
#include "TemplateBuffer.hpp"
#include "ipfix.hpp"
#include "common/msg.h"
#include "IpfixCollector.hpp"
/**
* Adds a PacketProcessor to the list of PacketProcessors
* @param ipfixCollector Collector to assign the PacketProcessor to
* @param packetProcessor handle of packetProcessor
*/
void IpfixCollector::addIpfixPacketProcessor(IpfixPacketProcessor* packetProcessor) {
packetProcessors.push_back(packetProcessor);
for (std::list<IpfixReceiver*>::iterator i = ipfixReceivers.begin(); i != ipfixReceivers.end(); i++) {
(*i)->setPacketProcessors(packetProcessors);
}
}
/**
* Creates a new IpfixCollector.
* Call @c startIpfixCollector() to start receiving and processing messages.
*/
IpfixCollector::IpfixCollector() {
}
/**
* Frees memory used by a IpfixCollector.
* @param ipfixCollector Handle returned by @c createIpfixCollector()
*/
IpfixCollector::~IpfixCollector() {
for (std::list<IpfixReceiver*>::iterator i = ipfixReceivers.begin(); i != ipfixReceivers.end(); i++) {
//FIXME: who should delete those?
//delete (*i);
}
for (std::list<IpfixPacketProcessor*>::iterator i = packetProcessors.begin(); i != packetProcessors.end(); i++) {
//FIXME: who should delete those?
//delete (*i);
}
}
/**
* Starts receiving and processing messages.
* All sockets prepared by calls to createIpfixCollector() will start
* receiving messages until stopIpfixCollector() is called.
* @return 0 on success, non-zero on error
*/
int IpfixCollector::start() {
int err = 0;
for (std::list<IpfixReceiver*>::iterator i = ipfixReceivers.begin(); i != ipfixReceivers.end(); i++) {
err += (*i)->start();
}
return err;
}
/**
* Stops processing messages.
* No more messages will be processed until the next startIpfixCollector() call.
* @return 0 on success, non-zero on error
*/
int IpfixCollector::stop() {
int err = 0;
for (std::list<IpfixReceiver*>::iterator i = ipfixReceivers.begin(); i != ipfixReceivers.end(); i++) {
err += (*i)->stop();
}
return err;
}
/**
* Adds a IpfixReceiver to the list of IpfixReceivers
* @param ipfixCollector Collector to assign the IpfixReceiver to
* @param ipfixReceiver handle of ipfixReceiver
*/
void IpfixCollector::addIpfixReceiver(IpfixReceiver* ipfixReceiver) {
ipfixReceivers.push_back(ipfixReceiver);
}

516
concentrator/IpfixDbReader.cpp
View File

@ -1,516 +0,0 @@
/*
* IPFIX Database Reader/Writer
* Copyright (C) 2006 Jürgen Abberger
* Copyright (C) 2006 Lothar Braun <braunl@informatik.uni-tuebingen.de>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/* Some constants that are common to IpfixDbWriter and IpfixDbReader */
#ifdef DB_SUPPORT_ENABLED
#include <stdexcept>
#include <string.h>
#include <stdlib.h>
#include "IpfixDbReader.hpp"
#include "common/msg.h"
/***** Internal Functions ****************************************************/
void copyUintNetByteOrder(IpfixRecord::Data* dest, char* src, IpfixRecord::FieldInfo::Type type);
/**
* First send a a new template, then send the dataTemplates for all stored
* tables.
*/
void* IpfixDbReader::readFromDB(void* ipfixDbReader_)
{
IpfixDbReader* ipfixDbReader = (IpfixDbReader*)ipfixDbReader_;
int i;
DbData* dbData = ipfixDbReader->dbReader->dbData;
// TODO: make IpfixDbReader exit if exit was requested!
pthread_mutex_lock(&ipfixDbReader->mutex);
msg(MSG_DIALOG, "Start sending tables");
for(i = 0; i < dbData->tableCount && i < MAX_TABLES; i++) {
boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo(new IpfixRecord::DataTemplateInfo);
if(ipfixDbReader->dbReaderSendNewTemplate(dataTemplateInfo, i) != 0)
{
msg(MSG_ERROR, "IpfixDbReader: Template error, skip table");
continue;
}
ipfixDbReader->dbReaderSendTable(dataTemplateInfo, i);
ipfixDbReader->dbReaderDestroyTemplate(dataTemplateInfo);
//here we can make a pause if required
pthread_mutex_unlock(&ipfixDbReader->mutex);
pthread_mutex_lock(&ipfixDbReader->mutex);
}
msg(MSG_DIALOG,"Sending from database is done");
return 0;
}
/**
* Constructs a template from the table data and sends it to all connected
* modules.
*/
int IpfixDbReader::dbReaderSendNewTemplate(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo, int table_index)
{
int i;
int fieldLength = 0;
DbData* dbData = dbReader->dbData;
dataTemplateInfo->templateId =0;
dataTemplateInfo->preceding= 0;
dataTemplateInfo->fieldCount = 0;
dataTemplateInfo->fieldInfo = NULL;
dataTemplateInfo->dataCount = 0;
dataTemplateInfo->dataInfo = NULL;
dataTemplateInfo->data = NULL;
dataTemplateInfo->userData = NULL;
/**get columnsname of the table*/
if(getColumns(table_index) != 0) {
msg(MSG_ERROR,"IpfixDbReader: Could not get columns for template");
return 1;
}
for(i = 0; i < dbData->colCount; i++) {
dataTemplateInfo->fieldCount++;
dataTemplateInfo->fieldInfo = (IpfixRecord::FieldInfo*)realloc(dataTemplateInfo->fieldInfo,
sizeof(IpfixRecord::FieldInfo)*dataTemplateInfo->fieldCount);
IpfixRecord::FieldInfo* fi = &dataTemplateInfo->fieldInfo[dataTemplateInfo->fieldCount - 1];
fi->type.id = dbData->columns[i]->ipfixId;
fi->type.length = dbData->columns[i]->length;
fi->type.eid = 0;
fi->offset = fieldLength;
fieldLength = fieldLength + fi->type.length;
}
/* Pass Data Template to flowSinks */
boost::shared_ptr<IpfixDataTemplateRecord> ipfixRecord(new IpfixDataTemplateRecord);
ipfixRecord->sourceID = srcId;
ipfixRecord->dataTemplateInfo = dataTemplateInfo;
push(ipfixRecord);
msg(MSG_DEBUG,"IpfixDbReader sent template for table %s", dbData->tableNames[table_index]);
return 0;
}
void copyUintNetByteOrder(IpfixRecord::Data* dest, char* src, IpfixRecord::FieldInfo::Type type) {
switch (type.length) {
case 1:
*(uint8_t*)dest = *(uint8_t*)src;
return;
case 2:
*(uint16_t*)dest = htons(*(uint16_t*)src);
return;
case 4:
*(uint32_t*)dest = htonl(*(uint32_t*)src);
return;
case 8:
*(uint64_t*)dest = htonll(*(uint64_t*)src);
return;
default:
msg(MSG_ERROR, "IpfixDbReader: Uint with length %d unparseable", type.length);
return;
}
}
/**
* Select a given table and get the values by reading
* the database. The Typs of the values from database are
* strings, therefore they must change into IPFIX format
*/
int IpfixDbReader::dbReaderSendTable(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo, int table_index)
{
MYSQL_RES* dbResult = NULL;
MYSQL_ROW dbRow = NULL;
DbData* dbData = dbReader->dbData;
int i;
boost::shared_array<IpfixRecord::Data> data(new IpfixRecord::Data[MAX_MSG_LEN]);
int dataLength = 0;
unsigned delta = 0;
unsigned flowTime = 0;
unsigned lastFlowTime = 0;
long long tmp;
char select[STARTLEN] = "SELECT * FROM ";
strncat(select, dbReader->dbData->tableNames[table_index],TABLE_WIDTH);
strcat(select," ORDER BY lastSwitched");
/** get all data from database*/
if(mysql_query(conn, select) != 0) {
msg(MSG_ERROR,"IpfixDbReader: Select on table failed. Error: %s",
mysql_error(conn));
return 1;
}
dbResult = mysql_store_result(conn);
msg(MSG_INFO,"IpfixDbReader starts sending records from table %s", dbData->tableNames[table_index]);
while((dbRow = mysql_fetch_row(dbResult))) {
if (delta == 0) {
for (i = 0; i != dbData->colCount; ++i) {
if (IPFIX_TYPEID_flowEndSeconds) {
delta = time(NULL) - atoll(dbRow[i]);
flowTime = lastFlowTime = atoll(dbRow[i]) + delta;
}
}
if (delta == 0) {
msg(MSG_FATAL, "IpfixDbReader: flowEndTime in first data base record missing!");
mysql_free_result(dbResult);
return 1;
}
}
for(i = 0; i != dbData->colCount; ++i) {
switch(dbData->columns[i]->ipfixId) {
case IPFIX_TYPEID_flowEndSeconds:
flowTime = atoll(dbRow[i]) + delta;
case IPFIX_TYPEID_flowStartSeconds:
tmp = atoll(dbRow[i]) + delta;
copyUintNetByteOrder(data.get() + dataTemplateInfo->fieldInfo[i].offset,
(char*)&tmp,
dataTemplateInfo->fieldInfo[i].type);
dataLength += dataTemplateInfo->fieldInfo[i].type.length;
break;
case IPFIX_TYPEID_octetDeltaCount:
case IPFIX_TYPEID_packetDeltaCount:
case IPFIX_TYPEID_destinationIPv4Address:
case IPFIX_TYPEID_sourceIPv4Address:
case IPFIX_TYPEID_sourceTransportPort:
case IPFIX_TYPEID_destinationTransportPort:
case IPFIX_TYPEID_protocolIdentifier:
case IPFIX_TYPEID_classOfServiceIPv4:
tmp = atoll(dbRow[i]);
copyUintNetByteOrder(data.get() + dataTemplateInfo->fieldInfo[i].offset,
(char*)&tmp,
dataTemplateInfo->fieldInfo[i].type);
dataLength += dataTemplateInfo->fieldInfo[i].type.length;
break;
}
}
/** according to flowstarttime wait for sending the record*/
if(flowTime != lastFlowTime) {
time_t t = time(NULL);
if (t > (int)flowTime) {
msg(MSG_ERROR, "IpfixDbReader: Sending flows too slowly");
} else {
sleep (flowTime - t);
}
lastFlowTime = flowTime;
}
boost::shared_ptr<IpfixDataDataRecord> ipfixRecord(new IpfixDataDataRecord);
ipfixRecord->sourceID = srcId;
ipfixRecord->dataTemplateInfo = dataTemplateInfo;
ipfixRecord->dataLength = dataLength;
ipfixRecord->message = data;
ipfixRecord->data = data.get();
push(ipfixRecord);
msg(MSG_DEBUG,"IpfixDbReader sent record");
}
mysql_free_result(dbResult);
msg(MSG_INFO,"Sending from table %s done", dbData->tableNames[table_index]);
return 0;
}
/**
* get all tableNames in database that matches with the wildcard "h\_%"
**/
int IpfixDbReader::dbReaderDestroyTemplate(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo)
{
boost::shared_ptr<IpfixDataTemplateDestructionRecord> ipfixRecord(new IpfixDataTemplateDestructionRecord);
ipfixRecord->sourceID = srcId;
ipfixRecord->dataTemplateInfo = dataTemplateInfo;
push(ipfixRecord);
msg(MSG_DEBUG,"IpfixDbReader destroyed template");
return 0;
}
/**
* get all tableNames in database that matches with the wildcard "h\_%"
**/
int IpfixDbReader::getTables()
{
DbData* dbData = dbReader->dbData;
int i = 0;
const char* wild = "h\\_%";
MYSQL_RES* dbResult = NULL;
MYSQL_ROW dbRow = NULL;
dbResult = mysql_list_tables(conn, wild);
if(dbResult == 0) {
msg(MSG_FATAL,"There are no flow tables in database %s", dbName);
return 1;
}
if((int)mysql_num_rows(dbResult) > MAX_TABLES) {
msg(MSG_ERROR,"There are too many flow tables in the database. Only the first MAX_TABLES=%i tables can be read.", MAX_TABLES);
}
while(( dbRow = mysql_fetch_row(dbResult)) && i < MAX_TABLES) {
char *table = (char*)malloc(sizeof(char) * TABLE_WIDTH);
strcpy(table,dbRow[0]);
dbData->tableNames[i] = table;
dbData->tableCount++;
i++;
}
mysql_free_result(dbResult);
return 0;
}
IpfixDbReader::columnDB* IpfixDbReader::getColumnByName(const char* name)
{
static IpfixDbReader::columnDB tabs[] = {
{"dstIP", IPFIX_TYPEID_destinationIPv4Address,4},
{"srcIP", IPFIX_TYPEID_sourceIPv4Address, 4},
{"srcPort", IPFIX_TYPEID_sourceTransportPort, 2},
{"dstPort", IPFIX_TYPEID_destinationTransportPort, 2},
{"proto",IPFIX_TYPEID_protocolIdentifier , 1},
{"dstTos", IPFIX_TYPEID_classOfServiceIPv4, 1},
{"bytes", IPFIX_TYPEID_octetDeltaCount, 8},
{"pkts", IPFIX_TYPEID_packetDeltaCount, 8},
{"firstSwitched", IPFIX_TYPEID_flowStartSeconds, 4},
{"lastSwitched", IPFIX_TYPEID_flowEndSeconds, 4},
{"END"}
};
int i;
for (i = 0; strcmp(tabs[i].cname, "END"); ++i) {
if (!strcmp(tabs[i].cname, name)) {
return &tabs[i];
}
}
return NULL;
}
/**
* Get the names of columns
*/
int IpfixDbReader::getColumns(int table_index)
{
DbData* dbData = dbReader->dbData;
MYSQL_RES* dbResult = NULL;
MYSQL_ROW dbRow = NULL;
char showcolStr[STARTLEN] = "SHOW COLUMNS FROM ";
/* get column names from table table_index */
strncat(showcolStr, dbData->tableNames[table_index],strlen(dbData->tableNames[table_index])+1);
if(mysql_query(conn, showcolStr) != 0) {
msg(MSG_ERROR,"Show columns on table %s failed. Error: %s",
mysql_error(conn));
return 1;
}
dbResult = mysql_store_result(conn);
if(dbResult == 0) {
msg(MSG_FATAL,"There are no Columns in the table");
return 1;
}
// TODO: don't we have to free the result of mysql_fetch_row?????
dbData->colCount = 0;
while((dbRow = mysql_fetch_row(dbResult))) {
if(strcmp(dbRow[0],"exporterID") != 0) {
if(dbData->colCount > MAX_COL) {
msg(MSG_ERROR,"Too many columns in table");
mysql_free_result(dbResult);
return 1;
}
dbData->columns[dbData->colCount] = getColumnByName(dbRow[0]);
msg(MSG_VDEBUG, "Column name: %s", dbData->columns[dbData->colCount]->cname);
dbData->colCount++;
}
}
mysql_free_result(dbResult);
return 0;
}
int IpfixDbReader::connectToDb(
const char* hostName, const char* dbName,
const char* userName, const char* password,
unsigned int port)
{
/** get the mysl init handle*/
conn = mysql_init(0);
if(conn == 0) {
msg(MSG_FATAL,"Get MySQL connect handle failed. Error: %s",
mysql_error(conn));
return 1;
} else {
msg(MSG_DEBUG,"mysql init successfull");
}
/**Initialize structure members IpfixDbWriter*/
this->hostName = hostName;
this->dbName = dbName;
this->userName = userName;
this->password = password;
this->portNum = port;
this->socketName = 0;
this->flags = 0;
/**Initialize structure members DbData*/
dbReader->dbData->colCount = 0;
dbReader->dbData->tableCount = 0;
/**Connect to Database*/
if (!mysql_real_connect(conn,
hostName,
userName,password,
0, portNum, socketName,
flags)) {
msg(MSG_FATAL,"Connection to database failed. Error: %s",
mysql_error(conn));
return 1;
}
return 0;
}
/***** Exported Functions ****************************************************/
/**
* Starts or resumes database
* @param ipfixDbReader handle obtained by calling @c createipfixDbReader()
*/
int IpfixDbReader::start() {
pthread_mutex_unlock(&mutex);
return 0;
}
/**
* Temporarily pauses database
* @param ipfixDbReader handle obtained by calling @c createipfixDbReader()
*/
int IpfixDbReader::stop() {
pthread_mutex_lock(&mutex);
return 0;
}
/**
* Frees memory used by an ipfixDbReader
* @param ipfixDbWriter handle obtained by calling @c createipfixDbReader()
*/
IpfixDbReader::~IpfixDbReader() {
mysql_close(conn);
if (!pthread_mutex_destroy(&mutex)) {
msg(MSG_ERROR, "Could not destroy mutex");
}
free(dbReader->dbData);
free(dbReader);
}
/**
* Creates a new ipfixDbReader. Do not forget to call @c startipfixDbReader() to begin reading from Database
* @return handle to use when calling @c destroyipfixDbRreader()
*/
IpfixDbReader::IpfixDbReader(const char* hostName, const char* dbName,
const char* userName, const char* password,
unsigned int port, uint16_t observationDomainId)
{
DbData* dbData;
if (pthread_mutex_init(&mutex, NULL)) {
msg(MSG_FATAL, "Could not init mutex");
goto out1;
}
if (pthread_mutex_lock(&mutex)) {
msg(MSG_FATAL, "Could not lock mutex");
goto out1;
}
dbReader = (DbReader*)malloc(sizeof(DbReader));
if (!dbReader) {
msg(MSG_ERROR, "Could not allocate DbReader");
goto out1;
}
dbData = (DbData*)malloc(sizeof(DbData));
if (!dbData) {
msg(MSG_ERROR, "Could not allocate dbData");
goto out2;
}
dbReader->dbData = dbData;
srcId.reset(new IpfixRecord::SourceID);
srcId->observationDomainId = observationDomainId;
srcId->exporterAddress.len = 0;
srcId->exporterPort = 0;
srcId->receiverPort = 0;
srcId->protocol = 0;
srcId->fileDescriptor = 0;
if (connectToDb(hostName, dbName, userName,
password, port)) {
goto out3;
}
msg(MSG_DEBUG,"Connected to database");
/** use database with db_name**/
if(mysql_select_db(conn, dbName) !=0) {
msg(MSG_FATAL,"Database %s not selectable", dbName);
goto out3;
} else {
msg(MSG_DEBUG,"Database %s selected", dbName);
}
/** get tableNames of the database*/
if(getTables() != 0) {
msg(MSG_ERROR,"Error in function getTables");
goto out3;
}
/**initialize columns**/
dbData->colCount = 0;
if (pthread_create(&thread, 0, readFromDB, this)) {
msg(MSG_FATAL, "Could not create dbRead thread");
goto out3;
}
return;
out3:
free(dbData);
out2:
free(dbReader);
out1:
THROWEXCEPTION("IpfixDbReader creation failed");
return;
}
#endif

105
concentrator/IpfixDbReader.hpp
View File

@ -1,105 +0,0 @@
/*
* IPFIX Database Reader/Writer
* Copyright (C) 2006 Jürgen Abberger
* Copyright (C) 2006 Lothar Braun <braunl@informatik.uni-tuebingen.de>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/* Some constants that are common to IpfixDbWriter and IpfixDbReader */
#ifdef DB_SUPPORT_ENABLED
#ifndef IPFIXDBREADER_H
#define IPFIXDBREADER_H
#include "IpfixDbCommon.hpp"
#include "IpfixParser.hpp"
#include "FlowSource.hpp"
#include "ipfix.hpp"
#include "ipfixlolib/ipfixlolib.h"
#include <netinet/in.h>
#include <time.h>
#include <pthread.h>
#include <boost/smart_ptr.hpp>
#include <mysql.h>
/**
* IpfixDbReader powered the communication to the database server
* also between the other structs
*/
class IpfixDbReader : public FlowSource {
public:
IpfixDbReader(const char* hostname, const char* dbName,
const char* username, const char* password,
unsigned int port, uint16_t observationDomainId);
~IpfixDbReader();
int start();
int stop();
boost::shared_ptr<IpfixRecord::SourceID> srcId;
protected:
static const int MAX_TABLES = 10; /**< count of tables that will be send */
static const int MAX_COL = 10; /**< max count of columns in the table */
typedef struct {
const char* cname; /**column name*/
uint16_t ipfixId; /**IPFIX_TYPEID*/
uint8_t length; /**IPFIX length*/
} columnDB;
typedef struct {
const char* tableNames[MAX_TABLES];
int tableCount;
IpfixDbReader::columnDB* columns[MAX_COL];
int colCount;
} DbData;
typedef struct {
IpfixDbReader::DbData* dbData;
} DbReader;
const char* hostName; /** Hostname*/
const char* dbName; /**Name of the database*/
const char* userName; /**Username (default: Standarduser) */
const char* password; /** Password (default: none) */
unsigned int portNum; /** Portnumber (use default) */
const char* socketName ; /** Socketname (use default) */
unsigned int flags; /** Connectionflags (none) */
MYSQL* conn; /** pointer to connection handle */
IpfixDbReader::DbReader* dbReader;
pthread_mutex_t mutex; /** start/stop mutex for db replaying process */
pthread_t thread;
int getTables();
int getColumns(int n);
static void* readFromDB(void* ipfixDbReader_);
int dbReaderSendNewTemplate(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo, int table_index);
int dbReaderSendTable(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo, int n);
int dbReaderDestroyTemplate(boost::shared_ptr<IpfixRecord::DataTemplateInfo> dataTemplateInfo);
int connectToDb(const char* hostName, const char* dbName, const char* username, const char* password, unsigned int port);
IpfixDbReader::columnDB* getColumnByName(const char* name);
};
#endif
#endif

994
concentrator/IpfixDbWriter.cpp
View File

@ -1,994 +0,0 @@
/*
* IPFIX Database Reader/Writer
* Copyright (C) 2006 Jürgen Abberger
* Copyright (C) 2006 Lothar Braun <braunl@informatik.uni-tuebingen.de>
* Copyright (C) 2007 Gerhard Muenz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/* Some constants that are common to IpfixDbWriter and IpfixDbReader */
#ifdef DB_SUPPORT_ENABLED
#include <stdexcept>
#include <string.h>
#include <stdlib.h>
#include "IpfixDbWriter.hpp"
#include "common/msg.h"
/***** Internal types ******************************************************/
/**
* Identify the depency between columns names and
* IPFIX_TYPEID working with a char pointer array
* in this array there is also standing the defaultvalue
* of the IPFIX_TYPEID and the datatype to store in database
*/
struct Column{
const char* cname; /** column name */
int ipfixId; /** IPFIX_TYPEID */
const char* dataType; /** which datatype to store in database */
int defaultValue; /** when no IPFIX_TYPEID is stored in the record,
* use defaultvalue to store in database
*/
};
/***** Global Variables ******************************************************/
/**
* is needed to determine "now" time and the time of flowstartsseconds
*/
struct tm* timeNow;
/**
* maximum length of one item in a SQL statement
*/
const uint16_t MAX_COL_LENGTH = 22;
/**
* struct to identify column names with IPFIX_TYPEID an the dataType to store in database
* ExporterID is no IPFIX_TYPEID, its user specified
* Attention: order of entries is important!
*/
const uint16_t ID_FIRSTSWITCHED_IDX = 8;
const uint16_t ID_LASTSWITCHED_IDX = 9;
struct Column identify [] = {
{"dstIP", IPFIX_TYPEID_destinationIPv4Address, "INTEGER(10) UNSIGNED",0},
{"srcIP", IPFIX_TYPEID_sourceIPv4Address, "INTEGER(10) UNSIGNED", 0},
{"srcPort", IPFIX_TYPEID_sourceTransportPort, "SMALLINT(5) UNSIGNED", 0},
{"dstPort", IPFIX_TYPEID_destinationTransportPort, "SMALLINT(5) UNSIGNED",0},
{"proto",IPFIX_TYPEID_protocolIdentifier , "TINYINT(3) UNSIGNED", 0},
{"dstTos", IPFIX_TYPEID_classOfServiceIPv4, "TINYINT(3) UNSIGNED", 0},
{"bytes", IPFIX_TYPEID_octetDeltaCount, "BIGINT(20) UNSIGNED", 0},
{"pkts", IPFIX_TYPEID_packetDeltaCount, "BIGINT(20) UNSIGNED", 0},
{"firstSwitched", IPFIX_TYPEID_flowStartSeconds, "INTEGER(10) UNSIGNED", 0}, // default value is invalid/not used for this entry
{"lastSwitched", IPFIX_TYPEID_flowEndSeconds, "INTEGER(10) UNSIGNED", 0}, // default value is invalid/not used for this entry
{"firstSwitchedMillis", IPFIX_TYPEID_flowStartMilliSeconds, "SMALLINT(5) UNSIGNED", 0},
{"lastSwitchedMillis", IPFIX_TYPEID_flowEndMilliSeconds, "SMALLINT(5) UNSIGNED", 0},
{"exporterID",EXPORTERID, "SMALLINT(5) UNSIGNED", 0},
{ 0 } // last entry must be 0
} ;
/***** Internal Functions ****************************************************/
char* getTableNamDependTime(char* tablename,uint64_t flowstartsec);
uint64_t getTableStartTime(uint64_t flowstartsec);
uint64_t getTableEndTime(uint64_t StartTime);
uint64_t getdata(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data);
uint64_t getIPFIXValue(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data);
uint32_t getdefaultIPFIXdata(int ipfixtype);
uint32_t getipv4address(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data);
/**
* (re)connect to database
*/
int IpfixDbWriter::connectToDB()
{
dbError = true;
// close (in the case that it was already connected)
mysql_close(conn);
/** get the mysl init handle*/
conn = mysql_init(0);
if(conn == 0) {
msg(MSG_FATAL,"IpfixDbWriter: Get MySQL connect handle failed. Error: %s",
mysql_error(conn));
return -1;
} else {
msg(MSG_DEBUG,"IpfixDbWriter got MySQL init handler");
}
/**Connect to Database*/
if (!mysql_real_connect(conn,
hostName, userName,
password, 0, portNum,
socketName, flags)) {
msg(MSG_FATAL,"IpfixDbWriter: Connection to database failed. Error: %s",
mysql_error(conn));
return -1;
} else {
msg(MSG_DEBUG,"IpfixDbWriter succesfully connected to database");
}
/** create Database*/
if(createDB() !=0)
return -1;
/**create table exporter*/
if(createExporterTable() !=0)
return -1;
dbError = false;
return 0;
}
/**
* create the database given by the name dbnam->dbn
*/
int IpfixDbWriter::createDB()
{
/**Is there a already a database with the same name - drop it*/
/* gerhard: let's keep the database, we do not want to lose data
char dropDb[STARTLEN];
strcpy(dropDb, "DROP DATABASE IF EXISTS ");
strncat(dropDb, dbName,strlen(dbName)+1);
msg(MSG_ERROR, "%s", dropDb);
if(mysql_query(conn, dropDb) != 0 ) {
msg(MSG_FATAL,"Drop of exists database failed. Error: %s",
mysql_error(conn));
return 1;
} */
/** make query string to create database**/
char createDbStr[STARTLEN] ;
strcpy(createDbStr,"CREATE DATABASE IF NOT EXISTS ");
strncat(createDbStr,dbName,strlen(dbName));
/**create database*/
if(mysql_query(conn, createDbStr) != 0 ) {
msg(MSG_FATAL,"IpfixDbWriter: Creation of database %s failed. Error: %s",
dbName, mysql_error(conn));
return 1;
} else {
msg(MSG_INFO,"Database %s created",dbName);
}
/** use database with dbName**/
if(mysql_select_db(conn, dbName) !=0) {
msg(MSG_FATAL,"IpfixDbWriter: Database %s not selectable. Error: %s",
dbName, mysql_error(conn));
return 1;
} else {
msg(MSG_DEBUG,"Database %s selected", dbName);
}
return 0;
}
int IpfixDbWriter::createExporterTable()
{
/**is there already a table with the same name - drop it */
/* gerhard: let's keep the database, we do not want to lose data
char dropExporterTab[STARTLEN];
strcpy(dropExporterTab,"DROP TABLE IF EXISTS exporter");
if(mysql_query(conn, dropExporterTab) != 0) {
msg(MSG_FATAL,"Drop of exists exporter table failed. Error: %s",
mysql_error(conn));
return 1;
}
*/
/** create table exporter*/
// TODO: make this less ugly
char createExporterTab[STARTLEN+(3 * COL_WIDTH)];
strcpy(createExporterTab,"CREATE TABLE IF NOT EXISTS exporter (id SMALLINT(5) NOT NULL AUTO_INCREMENT,sourceID INTEGER(10) UNSIGNED DEFAULT NULL,srcIP INTEGER(10) UNSIGNED DEFAULT NULL,PRIMARY KEY(id))");
if(mysql_query(conn,createExporterTab) != 0) {
msg(MSG_FATAL,"IpfixDbWriter: Creation of table Exporter failed. Error: %s",
mysql_error(conn));
return 1;
} else {
msg(MSG_DEBUG,"Exporter table created");
}
return 0;
}
/**
* Create a table in the database
*/
int IpfixDbWriter::createDBTable(const char* tablename)
{
int i;
char createTableStr[STARTLEN+(numberOfColumns * COL_WIDTH)];
strcpy(createTableStr , "CREATE TABLE IF NOT EXISTS ");
strncat(createTableStr,tablename,strlen(tablename)+1);
strncat(createTableStr," (",(2*sizeof(char))+1);
/**collect the names for columns and the dataTypes for the table in a string*/
for(i=0; i < numberOfColumns; i++) {
strncat(createTableStr,identify[i].cname,strlen(identify[i].cname)+1);
strncat(createTableStr," ",sizeof(char)+1);
strncat(createTableStr,identify[i].dataType,strlen(identify[i].dataType)+1);
if( i != numberOfColumns-1) {
strncat(createTableStr,",",sizeof(char)+1);
}
}
strncat(createTableStr,")",sizeof(char)+1);
/**Is there a already a table with the same name - drop it*/
/* gerhard: oh no, do not drop any flow tables during operation
char dropTable[STARTLEN];
strcpy(dropTable,"DROP TABLE IF EXISTS ");
strncat(dropTable, tablename,strlen(tablename)+1);
if(mysql_query(conn, dropTable) != 0) {
msg(MSG_FATAL,"Drop of exists %s table failed. Error: %s",tablename,
mysql_error(conn));
return 1;
}
*/
/** create table*/
if(mysql_query(conn,createTableStr) != 0) {
msg(MSG_FATAL,"IpfixDbWriter: Creation of table failed. Error: %s",
mysql_error(conn));
dbError = true;
return 1;
} else {
msg(MSG_INFO, "Table %s created ",tablename);
}
return 0;
}
/**
* function receive the DataRecord or DataDataRecord when callback is started
*/
int IpfixDbWriter::onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data)
{
DPRINTF("Processing data record\n");
if(dbError)
if(connectToDB() == -1)
return -1;
/** check if statement buffer is not full*/
if(statements.statemBuffer[statements.maxStatements-1][0] != '\0') {
THROWEXCEPTION("IpfixDbWriter: Statement buffer is full, this should never happen.");
}
/** sourceid null ? use default*/
/* overwrite sourceid if defined */
if(srcId.observationDomainId != 0 || sourceID == NULL) {
sourceID = &srcId;
}
/** if statement counter lower as max count, insert record in statement buffer*/
if(statements.statemReceived < statements.maxStatements) {
/** make an sql insert statement from the record data */
statements.statemBuffer[statements.statemReceived] = getInsertStatement(
statements.statemBuffer[statements.statemReceived],
sourceID, dataTemplateInfo, length, data, statements.lockTables, statements.maxLocks);
/* check if we got a statement */
if(statements.statemBuffer[statements.statemReceived][0] == '\0') {
msg(MSG_ERROR,"IpfixDbWriter: Could not generate statement from record.");
} else {
DPRINTF("Insert statement: %s\n", statements.statemBuffer[statements.statemReceived]);
/** statemBuffer is filled -> insert in table*/
if(statements.statemReceived == statements.maxStatements-1) {
msg(MSG_INFO, "Writing buffered records to database");
writeToDb();
} else {
statements.statemReceived++;
msg(MSG_DEBUG, "Buffering record. Need %i more records before writing to database.", statements.maxStatements - statements.statemReceived);
}
}
}
// try reconnect to DB if error occurred
return 0;
}
/**
* function receive the when callback is started
*/
int IpfixDbWriter::onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo, uint16_t length, IpfixRecord::Data* data)
{
IpfixRecord::DataTemplateInfo dataTemplateInfo;
dataTemplateInfo.templateId = 0;
dataTemplateInfo.preceding = 0;
dataTemplateInfo.freePointers = false; // don't free the given pointers, as they are taken from a different structure
dataTemplateInfo.fieldCount = templateInfo->fieldCount; /**< number of regular fields */
dataTemplateInfo.fieldInfo = templateInfo->fieldInfo; /**< array of FieldInfos describing each of these fields */
dataTemplateInfo.dataCount = 0; /**< number of fixed-value fields */
dataTemplateInfo.dataInfo = NULL; /**< array of FieldInfos describing each of these fields */
dataTemplateInfo.data = NULL; /**< data start pointer for fixed-value fields */
dataTemplateInfo.userData = templateInfo->userData; /**< pointer to a field that can be used by higher-level modules */
DPRINTF("receiveRec calls receiveDataRec\n");
return onDataDataRecord(sourceID, &dataTemplateInfo, length, data);
}
/**
* don't do anything when a template was received
*/
int IpfixDbWriter::onTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo)
{
return 0;
}
/**
* don't do anything
*/
int IpfixDbWriter::onOptionsTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo)
{
return 0;
}
/**
* don't do anything
*/
int IpfixDbWriter::onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo)
{
return 0;
}
/**
* don't do anything
*/
int IpfixDbWriter::onOptionsRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo, uint16_t length, IpfixRecord::Data* data)
{
return 0;
}
/**
* adds an entry for an sql statement
*/
void IpfixDbWriter::addColumnEntry(char* sql, const char* insert, bool quoted, bool lastcolumn)
{
if (quoted) strcat(sql, "'");
strncat(sql, insert, MAX_COL_LENGTH);
if (quoted) strcat(sql, "'");
if (!lastcolumn) strcat(sql, ", ");
else strcat(sql, ") ");
}
/**
* adds an entry for an sql statement
*/
void IpfixDbWriter::addColumnEntry(char* sql, uint64_t insert, bool quoted, bool lastcolumn)
{
char strdata[30];
sprintf(strdata, "%Lu", insert);
addColumnEntry(sql, strdata, quoted, lastcolumn);
}
/**
* loop over the IpfixRecord::DataTemplateInfo (fieldinfo,datainfo) to get the IPFIX values to store in database
* The result is written into statemStr which must have sufficient space!
*/
char* IpfixDbWriter::getInsertStatement(char* statemStr, IpfixRecord::SourceID* sourceID,
IpfixRecord::DataTemplateInfo* dataTemplateInfo,uint16_t length, IpfixRecord::Data* data, char** locks, int maxlocks)
{
int j, k;
uint64_t intdata = 0;
uint32_t flowstartsec = 0;
/**begin query string for insert statement*/
strcpy(statemStr,"INSERT INTO ");
/**make string for the column names*/
char ColNames[numberOfColumns * INS_WIDTH];
strcpy(ColNames," (");
/**make string for the values given by the IPFIX_TYPEID stored in the record*/
char ColValues[numberOfColumns * INS_WIDTH];
strcpy(ColValues," VALUES (");
/**loop over the columname and loop over the IPFIX_TYPEID of the record
to get the corresponding data to store and make insert statement*/
for( j=0; identify[j].cname != 0; j++) {
bool notfound = true;
if (identify[j].ipfixId == EXPORTERID) {
/**lookup exporter buffer to get exporterID from sourcID and expIp**/
uint32_t expID = getExporterID(sourceID);
intdata = expID;
notfound = false;
} else {
// try to gather data required for the field
if(dataTemplateInfo->fieldCount > 0) {
// look inside the ipfix data packet
for(k=0; k < dataTemplateInfo->fieldCount; k++) {
if(dataTemplateInfo->fieldInfo[k].type.id == identify[j].ipfixId) {
notfound = false;
intdata = getdata(dataTemplateInfo->fieldInfo[k].type,(data+dataTemplateInfo->fieldInfo[k].offset));
DPRINTF("IpfixDbWriter::getRecData: really saw ipfix id %d in packet with intdata %llX, type %d, length %d and offset %X", identify[j].ipfixId, intdata, dataTemplateInfo->fieldInfo[k].type.id, dataTemplateInfo->fieldInfo[k].type.length, dataTemplateInfo->fieldInfo[k].offset);
}
}
}
if( dataTemplateInfo->dataCount > 0 && notfound) {
// look in static data fields of template for data
for(k=0; k < dataTemplateInfo->dataCount; k++) {
if(dataTemplateInfo->dataInfo[k].type.id == identify[j].ipfixId) {
notfound = false;
intdata = getdata(dataTemplateInfo->dataInfo[k].type,(dataTemplateInfo->data+dataTemplateInfo->dataInfo[k].offset));
}
}
}
if(notfound) {
// for some Ids, we have an alternative
switch (identify[j].ipfixId) {
case IPFIX_TYPEID_flowStartSeconds:
// look for alternative (flowStartMilliSeconds/1000)
if(dataTemplateInfo->fieldCount > 0) {
for(k=0; k < dataTemplateInfo->fieldCount; k++) {
if(dataTemplateInfo->fieldInfo[k].type.id == IPFIX_TYPEID_flowStartMilliSeconds) {
intdata = getdata(dataTemplateInfo->fieldInfo[k].type,(data+dataTemplateInfo->fieldInfo[k].offset)) / 1000;
notfound = false;
break;
}
}
}
case IPFIX_TYPEID_flowEndSeconds:
// look for alternative (flowEndMilliSeconds/1000)
if(dataTemplateInfo->fieldCount > 0) {
for(k=0; k < dataTemplateInfo->fieldCount; k++) {
if(dataTemplateInfo->fieldInfo[k].type.id == IPFIX_TYPEID_flowEndMilliSeconds) {
intdata = getdata(dataTemplateInfo->fieldInfo[k].type,(data+dataTemplateInfo->fieldInfo[k].offset)) / 1000;
notfound = false;
break;
}
}
}
}
// if still not found, get default value
if(notfound)
intdata = getdefaultIPFIXdata(identify[j].ipfixId);
}
// we need extra treatment for timing related fields
switch (identify[j].ipfixId) {
case IPFIX_TYPEID_flowStartSeconds:
// save time for table access
flowstartsec = intdata;
break;
case IPFIX_TYPEID_flowStartMilliSeconds:
// in the database the millisecond entry is counted from last second
intdata %= 1000;
break;
case IPFIX_TYPEID_flowEndMilliSeconds:
// in the database the millisecond entry is counted from last second
intdata %= 1000;
break;
}
}
DPRINTF("saw ipfix id %d in packet with intdata %llX", identify[j].ipfixId, intdata);
addColumnEntry(ColNames, identify[j].cname, false, j==numberOfColumns-1);
addColumnEntry(ColValues, intdata, true, j==numberOfColumns-1);
}
/**make whole query string for the insert statement*/
char tablename[TABLE_WIDTH] ;
DPRINTF("flowstartsec: %d", flowstartsec);
const char* tablen = getTableName(flowstartsec);
if(tablen == NULL) {
strcpy(statemStr,"\0");
return statemStr;
}
strcpy(tablename, tablen);
/** Insert statement = INSERT INTO + tablename + Columnsname + Values of record*/
strcat(statemStr, tablename);
strcat(statemStr, ColNames);
strcat(statemStr, ColValues);
/* insert table name into locks if necessary */
for(j=0; j < maxlocks; j++) {
if(locks[j][0] == '\0') {
/* empty slot, i.e. no more table names. insert the current one */
strcpy(locks[j], tablename);
break; }
else if(strncmp(tablename, locks[j], TABLE_WIDTH) == 0)
/* found tablename */
break;
}
if (flowstartsec == 0) {
msg(MSG_ERROR, "IpfixDbWriter: Failed to get timing data from record. Will be saved in default table: %s", statemStr);
}
return statemStr;
}
/**
* Function writes the content of the statemBuffer to database
* statemBuffer consist of single insert statements
*/
int IpfixDbWriter::writeToDb()
{
int i ;
char LockTables[STARTLEN + (TABLE_WIDTH * statements.maxLocks * 2)] ;
char UnLockTable[STARTLEN] = "UNLOCK TABLES";
strcpy(LockTables,"LOCK TABLES ");
/**Lock all tables to store the insert statements*/
for(i=0; i < statements.maxLocks; i++) {
if(statements.lockTables[i][0] != '\0') {
strncat(LockTables, statements.lockTables[i], strlen(statements.lockTables[i])+1);
strncat(LockTables," WRITE", 6);
// delete table name
statements.lockTables[i][0] = '\0';
}
if((i < statements.maxLocks -1) && (statements.lockTables[i+1][0] != '\0'))
strncat(LockTables,",", 1);
}
if(mysql_query(conn, LockTables) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Lock of table failed, dropping %d records. Error: %s",
statements.statemReceived, mysql_error(conn));
goto dbwriteerror;
}
/**Write the insert statement to database*/
for(i=0; i != statements.maxStatements; i++) {
if(statements.statemBuffer[i][0] != '\0') {
if(mysql_query(conn, statements.statemBuffer[i]) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Insert of records failed. Error: %s",
mysql_error(conn));
goto dbwriteerror;
} else {
DPRINTF("Record inserted\n");
}
statements.statemBuffer[i][0] = '\0';
}
}
statements.statemReceived = 0;
if(mysql_query(conn, UnLockTable) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Unlock of tables failed",
mysql_error(conn));
goto dbwriteerror;
}
msg(MSG_DEBUG,"Write to database is complete");
return 0;
dbwriteerror:
dbError = true;
// drop records and free buffer
for(i=0; i != statements.maxStatements; i++) {
statements.statemBuffer[i][0] = '\0';
}
statements.statemReceived = 0;
return 1;
}
/**
* Returns the tablename of a record according flowstartsec
*/
const char* IpfixDbWriter::getTableName(uint64_t flowstartsec)
{
int i;
#ifdef DEBUG
DPRINTF("Content of table cache :\n");
for(i = 0; i < MAX_TABLE; i++) {
DPRINTF("TableStartTime : %Lu TableEndTime : %Lu TableName : %s\n",
cache.tableBuffer[i].startTableTime, cache.tableBuffer[i].endTableTime,
cache.tableBuffer[i].TableName);
}
#endif
/** Is flowstartsec in intervall of tablecreationtime in cache ?*/
for(i = 0; i < MAX_TABLE; i++) {
/**Is flowstartsec between the range of tablestarttime and tableendtime? */
if(cache.tableBuffer[i].startTableTime <= flowstartsec &&
flowstartsec < cache.tableBuffer[i].endTableTime) {
DPRINTF("Table: %s is in table cache\n", cache.tableBuffer[i].TableName);
return cache.tableBuffer[i].TableName;
}
}
/**Tablename is not in table cache*/
char tabNam[TABLE_WIDTH];
getTableNamDependTime(tabNam, flowstartsec);
uint64_t startTime = getTableStartTime(flowstartsec);
uint64_t endTime = getTableEndTime(startTime);
cache.tableBuffer[cache.countBuffTable].startTableTime = startTime;
cache.tableBuffer[cache.countBuffTable].endTableTime = endTime;
strcpy(cache.tableBuffer[cache.countBuffTable].TableName, tabNam);
/** createTable when not in buffer*/
if(createDBTable(cache.tableBuffer[cache.countBuffTable].TableName) != 0) {
DPRINTF("Struct bufentry clean up after failure\n");
cache.tableBuffer[cache.countBuffTable].startTableTime = 0;
cache.tableBuffer[cache.countBuffTable].endTableTime = 0;
cache.tableBuffer[cache.countBuffTable].TableName[0] = '\0';
return NULL;
}
/** If end of tablebuffer reached ? Begin from the start (keep recently used) */
if(cache.countBuffTable < MAX_TABLE-1){
cache.countBuffTable++;
return cache.tableBuffer[cache.countBuffTable-1].TableName;
} else {
cache.countBuffTable = 0;
return cache.tableBuffer[MAX_TABLE-1].TableName;
}
}
/**
* The tablename according to the time of the records when the flow is started
* The result is given by "h_YYYYMMDD_HH_0 || 1"
* 0, when the recordtime of min is 0 <= min < 30, otherwise 1
*/
char* getTableNamDependTime(char* tablename, uint64_t flowstartsec)
{
char strtmp[TABLE_WIDTH];
/** according to flowstartsec make the tablename*/
time_t t = flowstartsec;
/**time in Coordinated Universal Time - UTC, it was formerly Greenwich Mean Time - GMT*/
/** for use local time, change expression gmtime() to localtime()*/
timeNow = gmtime(&t);
strcpy(tablename,"h_");
sprintf(strtmp,"%u",timeNow->tm_year+1900);
strncat(tablename,strtmp,strlen(strtmp)+1);
sprintf(strtmp,"%02u",timeNow->tm_mon+1);
strncat(tablename,strtmp,strlen(strtmp)+1);
sprintf(strtmp,"%02u",timeNow->tm_mday);
strncat(tablename,strtmp,strlen(strtmp)+1);
strncat(tablename,"_",sizeof(char)+1);
sprintf(strtmp,"%02u",timeNow->tm_hour);
strncat(tablename,strtmp,strlen(strtmp)+1);
strncat(tablename,"_",sizeof(char)+1);
sprintf(strtmp,"%u",timeNow->tm_min<30?0:1);
strncat(tablename,strtmp,strlen(strtmp)+1);
return tablename;
}
/**
* Calculates the time of the tables according flowstartsec
* It determines in which table the record must be store
*/
uint64_t getTableStartTime(uint64_t flowstartsec)
{
uint64_t startTime;
time_t t = flowstartsec;
timeNow = localtime(&t);
if(timeNow->tm_min < 30) {
timeNow->tm_min = 0;
timeNow->tm_sec = 0;
startTime = mktime(timeNow);
return startTime;
} else {
timeNow->tm_min = 30;
timeNow->tm_sec = 0;
startTime = mktime(timeNow);
return startTime;
}
return 0;
}
/**
* Tableendtime is the time that past since tablestarttime plus the time for the duration time
* for tables to store
* 1800 sec is equal for 30 min tables
*/
uint64_t getTableEndTime(uint64_t startTime)
{
uint64_t endTime = startTime + 1800;
return endTime;
}
/**
* Returns the exporterID
* For every different sourcID and expIp a unique ExporterID will be generated from the database
* First lookup for the ExporterID in the exporterBuffer according sourceID and expIp, is there nothing
* lookup in the ExporterTable, is there also nothing insert sourceID and expIp an return the generated
* ExporterID
*/
int IpfixDbWriter::getExporterID(IpfixRecord::SourceID* sourceID)
{
int i;
MYSQL_RES* dbResult;
MYSQL_ROW dbRow;
int exporterID = 0;
char statementStr[EXPORTER_WIDTH];
uint32_t expIp = 0;
if(sourceID->exporterAddress.len == 4)
expIp = ntohl(*(uint32_t*)(sourceID->exporterAddress.ip));
#ifdef DEBUG
DPRINTF("Content of exporterBuffer\n");
for(i = 0; i < MAX_EXP_TABLE; i++) {
DPRINTF("exporterID:%d observationDomainID:%u expIp:%u\n",
cache.exporterBuffer[i].Id, cache.exporterBuffer[i].observationDomainId,
cache.exporterBuffer[i].expIp);
}
#endif
/** Is the exporterID already in exporterBuffer? */
for(i = 0; i < MAX_EXP_TABLE; i++) {
if(cache.exporterBuffer[i].observationDomainId == sourceID->observationDomainId &&
cache.exporterBuffer[i].expIp== expIp &&
cache.exporterBuffer[i].Id > 0) {
DPRINTF("Exporter sourceID/IP with ID %d is in the exporterBuffer\n",
cache.exporterBuffer[i].Id);
return cache.exporterBuffer[i].Id;
}
}
// it is not: try to get it from the database
sprintf(statementStr, "SELECT id FROM exporter WHERE sourceID=%u AND srcIp=%u", sourceID->observationDomainId, expIp);
if(mysql_query(conn, statementStr) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Select on exporter table failed. Error: %s",
mysql_error(conn));
return 0;// If a failure occurs, return exporterID = 0
}
dbResult = mysql_store_result(conn);
/** is the exporterID in the exporter table ?*/
if(( dbRow = mysql_fetch_row(dbResult))) {
exporterID = atoi(dbRow[0]);
mysql_free_result(dbResult);
DPRINTF("ExporterID %d is in exporter table\n",exporterID);
/**Write new exporter in the exporterBuffer*/
cache.exporterBuffer[cache.countExpTable].Id = exporterID;
cache.exporterBuffer[cache.countExpTable].observationDomainId = sourceID->observationDomainId;
cache.exporterBuffer[cache.countExpTable].expIp = expIp;
}
else
{
mysql_free_result(dbResult);
/**ExporterID is not in exporter table - insert expID and expIp and return the exporterID*/
char LockExporter[STARTLEN] = "LOCK TABLES exporter WRITE";
char UnLockExporter[STARTLEN] = "UNLOCK TABLES";
sprintf(statementStr, "INSERT INTO exporter (ID,sourceID,srcIP) VALUES ('NULL','%u','%u')",
sourceID->observationDomainId, expIp);
if(mysql_query(conn, LockExporter) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Lock of exporter table failed. Error: %s",
mysql_error(conn));
return 0;
}
if(mysql_query(conn, statementStr) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: Insert in exporter table failed. Error: %s",
conn);
/**Unlock the table when a failure occur*/
if(mysql_query(conn, UnLockExporter) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: UnLock of exporter table failed. Error: %s",
mysql_error(conn));
return 0;
}
return 0;
}
exporterID = mysql_insert_id(conn);
msg(MSG_INFO,"ExporterID %d inserted in exporter table", exporterID);
/**Write new exporter in the exporterBuffer*/
cache.exporterBuffer[cache.countExpTable].Id = exporterID;
cache.exporterBuffer[cache.countExpTable].observationDomainId = sourceID->observationDomainId;
cache.exporterBuffer[cache.countExpTable].expIp = expIp;
if(mysql_query(conn, UnLockExporter) != 0) {
msg(MSG_ERROR,"IpfixDbWriter: UnLock of exporter table failed. Error: %s",
mysql_error(conn));
return 0;
}
}
if(cache.countExpTable < MAX_EXP_TABLE-1) {
cache.countExpTable++;
} else {
cache.countExpTable = 0;
}
return exporterID;
}
/**
* Get data of the record is given by the IPFIX_TYPEID
*/
uint64_t getdata(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data)
{
if(type.id == IPFIX_TYPEID_sourceIPv4Address || type.id == IPFIX_TYPEID_destinationIPv4Address)
return getipv4address(type, data);
else
return getIPFIXValue(type, data);
}
/**
* determine the ipv4address of the data record
*/
uint32_t getipv4address( IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data)
{
if (type.length > 5) {
DPRINTF("IPv4 Address with length %d unparseable\n", type.length);
return 0;
}
if ((type.length == 5) && ( type.id == IPFIX_TYPEID_sourceIPv4Address || IPFIX_TYPEID_destinationIPv4Address )) /*&& (imask != 0)*/ {
DPRINTF("imask drop from ipaddress\n");
type.length = 4;
}
if ((type.length < 5) &&( type.id == IPFIX_TYPEID_sourceIPv4Address || type.id == IPFIX_TYPEID_destinationIPv4Address)) /*&& (imask == 0)*/ {
return getIPFIXValue(type, data);
}
return 0;
}
/**
* get the IPFIX value
*/
uint64_t getIPFIXValue(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data)
{
switch (type.length) {
case 1:
return (*(uint8_t*)data);
case 2:
return ntohs(*(uint16_t*)data);
case 4:
return ntohl(*(uint32_t*)data);
case 8:
return ntohll(*(uint64_t*)data);
default:
printf("Uint with length %d unparseable\n", type.length);
return 0;
}
}
/**
* if there no IPFIX_TYPEID in the given data record
* get the default value to store in the database columns
*/
uint32_t getdefaultIPFIXdata(int ipfixtype_id)
{
int i;
for( i=0; identify[i].cname != 0; i++) {
if(ipfixtype_id == identify[i].ipfixId) {
return identify[i].defaultValue;
}
}
return 0;
}
/***** Exported Functions ****************************************************/
/**
* Creates a new ipfixDbWriter. Do not forget to call @c startipfixDbWriter() to begin writing to Database
* @return handle to use when calling @c destroyipfixDbWriter()
*/
IpfixDbWriter::IpfixDbWriter(const char* host, const char* db,
const char* user, const char* pw,
unsigned int port, uint16_t observationDomainId,
int maxStatements)
{
setSinkOwner("IpfixWriter");
/**Initialize structure members IpfixDbWriter*/
hostName = host;
dbName = db;
userName = user;
password = pw;
portNum = port;
socketName = 0;
flags = 0;
srcId.exporterAddress.len = 0;
srcId.observationDomainId = observationDomainId;
srcId.exporterPort = 0;
srcId.receiverPort = 0;
srcId.protocol = 0;
srcId.fileDescriptor = 0;
/**Initialize table cache*/
cache.countBuffTable = 0;
cache.countExpTable = 0;
int i ;
for(i = 0; i < MAX_TABLE; i++) {
cache.tableBuffer[i].startTableTime = 0;
cache.tableBuffer[i].endTableTime = 0;
cache.tableBuffer[i].TableName[0] = '\0';
}
for(i = 0; i < MAX_EXP_TABLE; i++) {
cache.exporterBuffer[i].Id = 0;
cache.exporterBuffer[i].observationDomainId = 0;
cache.exporterBuffer[i].expIp = 0;
}
/**count columns*/
numberOfColumns = 0;
for(i=0; identify[i].cname!=0; i++)
numberOfColumns++;
/**Initialize structure members Statement*/
statements.statemBuffer = (char**)malloc(sizeof(char**)*maxStatements);
statements.maxStatements = maxStatements;
statements.statemReceived = 0;
for( i = 0; i != statements.maxStatements; i++) {
statements.statemBuffer[i] = (char*) malloc((STARTLEN+(numberOfColumns * INS_WIDTH)) * sizeof(char));
statements.statemBuffer[i][0] = '\0';
}
statements.lockTables = (char**)malloc(sizeof(char**)*maxStatements);
statements.maxLocks = maxStatements; // worst case: every entry in another table
for( i = 0; i != statements.maxLocks; i++) {
statements.lockTables[i] = (char*) malloc(TABLE_WIDTH * sizeof(char));
statements.lockTables[i][0] = '\0';
}
connectToDB();
return;
//out:
// THROWEXCEPTION("IpfixDbWriter creation failed");
// return;
}
/**
* Frees memory used by an ipfixDbWriter
* @param ipfixDbWriter handle obtained by calling @c createipfixDbWriter()
*/
IpfixDbWriter::~IpfixDbWriter()
{
int i;
writeToDb();
mysql_close(conn);
for(i=0; i<statements.statemReceived; i++)
free(statements.statemBuffer[i]);
free(statements.statemBuffer);
free(statements.lockTables);
}
/**
* Starts or resumes database
* @param ipfixDbWriter handle obtained by calling @c createipfixDbWriter()
*/
int IpfixDbWriter::start() {
/* unimplemented, we can't be paused - TODO: or should we? */
return 0;
}
/**
* Temporarily pauses database
* @param ipfixDbWriter handle obtained by calling @c createipfixDbWriter()
*/
int IpfixDbWriter::stop() {
/* unimplemented, we can't be paused - TODO: or should we? */
return 0;
}
#endif

144
concentrator/IpfixDbWriter.hpp
View File

@ -1,144 +0,0 @@
/*
* IPFIX Database Reader/Writer
* Copyright (C) 2006 Jürgen Abberger
* Copyright (C) 2006 Lothar Braun <braunl@informatik.uni-tuebingen.de>
* Copyright (C) 2007 Gerhard Muenz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/* Some constants that are common to IpfixDbWriter and IpfixDbReader */
#ifdef DB_SUPPORT_ENABLED
#ifndef IPFIXDBWRITER_H
#define IPFIXDBWRITER_H
#include "FlowSink.hpp"
#include "IpfixDbCommon.hpp"
#include "IpfixParser.hpp"
#include "ipfix.hpp"
#include "ipfixlolib/ipfixlolib.h"
#include <mysql.h>
#include <netinet/in.h>
#include <time.h>
#define EXPORTERID 0
/**
* IpfixDbWriter powered the communication to the database server
* also between the other structs
*/
class IpfixDbWriter : public FlowSink {
public:
IpfixDbWriter(const char* host, const char* db,
const char* user, const char* pw,
unsigned int port, uint16_t observationDomainId,
int maxStatements);
~IpfixDbWriter();
int start();
int stop();
int onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo, uint16_t length, IpfixRecord::Data* data);
int onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data);
int onTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo);
int onOptionsTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo);
int onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo);
int onOptionsRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo, uint16_t length, IpfixRecord::Data* data);
IpfixRecord::SourceID srcId; /**Exporter default SourceID */
protected:
static const int MAX_TABLE = 3; /**< count of buffered tablenames */
static const int MAX_EXP_TABLE = 3; /**< Count of buffered exporters. Increase this value if you use more exporters in parallel */
/**
* Struct stores for each BufEntry TableBuffer[maxTable]
* start-, endtime and tablename for the different tables
*/
typedef struct {
uint64_t startTableTime;
uint64_t endTableTime;
char TableName[TABLE_WIDTH];
} BufEntry;
/**
* Store for each expTable ExporterBuffer[maxExpTable]
* exporterID,srcID and expIP for the different exporters
*/
typedef struct {
int Id; /** Id entry of sourcID and expIP in the ExporterTable */
uint32_t observationDomainId; /** observationDomainId of the exporter monitor */
uint32_t expIp; /** IP of the exporter */
} ExpTable;
/**
* Cache which stores recently used existing half-hour tables and exporter table entries to
* reduce/avoid unnecessary mysql lookups
*/
typedef struct {
int countBuffTable; /**counter of buffered table names*/
IpfixDbWriter::BufEntry tableBuffer[MAX_TABLE]; /**buffer to store struct BufEntry*/
int countExpTable; /**counter of buffered exporter*/
IpfixDbWriter::ExpTable exporterBuffer[MAX_EXP_TABLE]; /**buffer to store struct expTable*/
} TableCache;
TableCache cache;
/**
* Buffer for insert statements
*/
typedef struct {
int statemReceived; /**counter of insert into statements*/
char** statemBuffer; /**buffer of char pointers to store the insert statements*/
int maxStatements;
char** lockTables; /**tables to look*/
int maxLocks;
} StatementBuffer;
StatementBuffer statements;
int numberOfColumns; /**number of columns, used to calculate length of sql statements*/
const char* hostName; /** Hostname*/
const char* dbName; /**Name of the database*/
const char* userName; /**Username (default: Standarduser) */
const char* password ; /** Password (default: none) */
unsigned int portNum; /** Portnumber (use default) */
const char* socketName; /** Socketname (use default) */
unsigned int flags; /** Connectionflags (none) */
MYSQL* conn; /** pointer to connection handle */
bool dbError; /* True if a DB error occured, initiates reconnect to DB server */
int connectToDB();
int createDB();
int createExporterTable();
int createDBTable(const char* tablename);
char* getInsertStatement(char* statemStr, IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data, char** locks, int maxlocks);
int writeToDb();
int getExporterID(IpfixRecord::SourceID* sourceID);
const char* getTableName(uint64_t flowstartsec);
private:
void addColumnEntry(char* sql, const char* insert, bool quoted, bool lastcolumn);
void addColumnEntry(char* sql, uint64_t insert, bool quoted, bool lastcolumn);
};
#endif
#endif

45
concentrator/IpfixPacketProcessor.cpp
View File

@ -1,45 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
// FIXME: Basic support for NetflowV9 packets, templates and flow records is provided. Will break when fed field types with type ID >= 0x8000.
#include <stdexcept>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
/* for ntohll et al */
#include "ipfixlolib/ipfixlolib.h"
#include "IpfixReceiver.hpp"
#include "TemplateBuffer.hpp"
#include "ipfix.hpp"
#include "common/msg.h"
#include "IpfixPacketProcessor.hpp"

433
concentrator/IpfixPrinter.cpp
View File

@ -1,433 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "IpfixPrinter.hpp"
/**
* print functions which have formerly been in IpfixParser.cpp
*/
static void printIPv4(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data) {
int octet1 = 0;
int octet2 = 0;
int octet3 = 0;
int octet4 = 0;
int imask = 0;
if (type.length >= 1) octet1 = data[0];
if (type.length >= 2) octet2 = data[1];
if (type.length >= 3) octet3 = data[2];
if (type.length >= 4) octet4 = data[3];
if (type.length >= 5) imask = data[4];
if (type.length > 5) {
DPRINTF("IPv4 Address with length %d unparseable\n", type.length);
return;
}
if ((type.length == 5) /*&& (imask != 0)*/) {
printf("%d.%d.%d.%d/%d", octet1, octet2, octet3, octet4, 32-imask);
} else {
printf("%d.%d.%d.%d", octet1, octet2, octet3, octet4);
}
}
static void printPort(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data) {
if (type.length == 0) {
printf("zero-length Port");
return;
}
if (type.length == 2) {
int port = ((uint16_t)data[0] << 8)+data[1];
printf("%d", port);
return;
}
if ((type.length >= 4) && ((type.length % 4) == 0)) {
int i;
for (i = 0; i < type.length; i+=4) {
int starti = ((uint16_t)data[i+0] << 8)+data[i+1];
int endi = ((uint16_t)data[i+2] << 8)+data[i+3];
if (i > 0) printf(",");
if (starti != endi) {
printf("%d:%d", starti, endi);
} else {
printf("%d", starti);
}
}
return;
}
printf("Port with length %d unparseable", type.length);
}
void printProtocol(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data) {
if (type.length != 1) {
printf("Protocol with length %d unparseable", type.length);
return;
}
switch (data[0]) {
case IPFIX_protocolIdentifier_ICMP:
printf("ICMP");
return;
case IPFIX_protocolIdentifier_TCP:
printf("TCP");
return;
case IPFIX_protocolIdentifier_UDP:
printf("UDP");
return;
case IPFIX_protocolIdentifier_SCTP:
printf("SCTP");
return;
case IPFIX_protocolIdentifier_RAW:
printf("RAW");
return;
default:
printf("unknownProtocol");
return;
}
}
static void printUint(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data) {
switch (type.length) {
case 1:
printf("%hhu",*(uint8_t*)data);
return;
case 2:
printf("%hu",ntohs(*(uint16_t*)data));
return;
case 4:
printf("%u",ntohl(*(uint32_t*)data));
return;
case 8:
printf("%Lu",ntohll(*(uint64_t*)data));
return;
default:
for(uint16_t i = 0; i < type.length; i++) {
printf("%02hhX",*(uint8_t*)(data+i));
}
printf(" (%u bytes)", type.length);
//msg(MSG_ERROR, "Uint with length %d unparseable", type.length);
return;
}
}
/**
* Prints a string representation of IpfixRecord::Data to stdout.
*/
void printFieldData(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* pattern) {
char* s;
switch (type.id) {
case IPFIX_TYPEID_protocolIdentifier:
printf("protocolIdentifier: ");
printProtocol(type, pattern);
break;
case IPFIX_TYPEID_sourceIPv4Address:
printf("sourceIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_destinationIPv4Address:
printf("destinationIPv4Address: ");
printIPv4(type, pattern);
break;
case IPFIX_TYPEID_sourceTransportPort:
printf("sourceTransportPort: ");
printPort(type, pattern);
break;
case IPFIX_TYPEID_destinationTransportPort:
printf("destinationTransportPort: ");
printPort(type, pattern);
break;
default:
s = typeid2string(type.id);
if (s != NULL) {
printf("%s: ", s);
printUint(type, pattern);
} else {
DPRINTF("Field with ID %d unparseable\n", type.id);
}
break;
}
}
/**
* Creates a new IpfixPrinter. Do not forget to call @c startIpfixPrinter() to begin printing
* @return handle to use when calling @c destroyIpfixPrinter()
*/
IpfixPrinter::IpfixPrinter() {
lastTemplate = 0;
setSinkOwner("IpfixPrinter");
}
/**
* Frees memory used by an IpfixPrinter
*/
IpfixPrinter::~IpfixPrinter() {
}
/**
* Starts or resumes printing messages
*/
void IpfixPrinter::start() {
/* unimplemented, we can't be paused - TODO: or should we? */
}
/**
* Temporarily pauses printing messages
*/
void IpfixPrinter::stop() {
/* unimplemented, we can't be paused - TODO: or should we? */
}
/**
* Prints a Template
* @param sourceID SourceID of the exporting process
* @param templateInfo Pointer to a structure defining the Template used
*/
int IpfixPrinter::onTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- Template (id=%u) from ", templateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
printf(" `---\n\n");
return 0;
}
/**
* Prints a Template that was announced to be destroyed
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
int IpfixPrinter::onTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("Destroyed a Template (id=%u) from ", templateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
return 0;
}
/**
* Prints a DataRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
int IpfixPrinter::onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo, uint16_t length, IpfixRecord::Data* data) {
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- DataRecord (Template id=%u from ", templateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(") )\n");
printf(" `- variable data\n");
for (i = 0; i < templateInfo->fieldCount; i++) {
printf(" ' `- ");
printFieldData(templateInfo->fieldInfo[i].type, (data + templateInfo->fieldInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
return 0;
}
/**
* Prints a OptionsTemplate
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
int IpfixPrinter::onOptionsTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- OptionsTemplate (id=%u) from ", optionsTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
printf(" `---\n\n");
return 0;
}
/**
* Prints a DataTemplate that was announced to be destroyed
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
int IpfixPrinter::onOptionsTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("Destroyed an OptionsTemplate (id=%u) from ", optionsTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
return 0;
}
/**
* Prints an OptionsRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
int IpfixPrinter::onOptionsRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo, uint16_t length, IpfixRecord::Data* data) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- OptionsDataRecord (Template id=%u from ", optionsTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(") )\n");
printf(" `---\n\n");
return 0;
}
/**
* Prints a DataTemplate
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
int IpfixPrinter::onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo) {
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- DataTemplate (id=%u) from ", dataTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
printf(" `- fixed data\n");
for (i = 0; i < dataTemplateInfo->dataCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->dataInfo[i].type, (dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
return 0;
}
/**
* Prints a DataTemplate that was announced to be destroyed
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
*/
int IpfixPrinter::onDataTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo) {
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("Destroyed a DataTemplate (id=%u) from ", dataTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(")\n");
return 0;
}
/**
* Prints a DataDataRecord
* @param sourceID SourceID of the exporting process
* @param dataTemplateInfo Pointer to a structure defining the DataTemplate used
* @param length Length of the data block supplied
* @param data Pointer to a data block containing all variable fields
*/
int IpfixPrinter::onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data) {
int i;
/* we need a FieldInfo for printIPv4 */
IpfixRecord::FieldInfo::Type tmpInfo = {0, 4, false, 0}; // length=4 for IPv4 address
printf("\n-+--- DataDataRecord (Template id=%u from ", dataTemplateInfo->templateId);
if(sourceID->exporterAddress.len == 4)
printIPv4(tmpInfo, &sourceID->exporterAddress.ip[0]);
else
printf("non-IPv4 address");
printf(":%d (", sourceID->exporterPort);
tmpInfo.length = 1; // length=1 for protocol identifier
printProtocol(tmpInfo, &sourceID->protocol);
printf(") )\n");
printf(" `- fixed data\n");
for (i = 0; i < dataTemplateInfo->dataCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->dataInfo[i].type, (dataTemplateInfo->data + dataTemplateInfo->dataInfo[i].offset));
printf("\n");
}
printf(" `- variable data\n");
for (i = 0; i < dataTemplateInfo->fieldCount; i++) {
printf(" ' `- ");
printFieldData(dataTemplateInfo->fieldInfo[i].type, (data + dataTemplateInfo->fieldInfo[i].offset));
printf("\n");
}
printf(" `---\n\n");
return 0;
}

58
concentrator/IpfixPrinter.hpp
View File

@ -1,58 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef PRINTIPFIX_H
#define PRINTIPFIX_H
#include "FlowSink.hpp"
/**
* IPFIX Printer module.
*
* Prints received flows to stdout
*/
class IpfixPrinter : public FlowSink {
public:
IpfixPrinter();
~IpfixPrinter();
void start();
void stop();
int onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo);
int onDataDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo, uint16_t length, IpfixRecord::Data* data);
int onDataTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo);
int onOptionsTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo);
int onOptionsRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo, uint16_t length, IpfixRecord::Data* data);
int onOptionsTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::OptionsTemplateInfo* optionsTemplateInfo);
int onTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo);
int onDataRecord(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo, uint16_t length, IpfixRecord::Data* data);
int onTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::TemplateInfo* templateInfo);
protected:
void* lastTemplate;
};
void printProtocol(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* data);
void printFieldData(IpfixRecord::FieldInfo::Type type, IpfixRecord::Data* pattern);
#endif

87
concentrator/IpfixSender.hpp
View File

@ -1,87 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef SNDIPFIX_H
#define SNDIPFIX_H
#include "IpfixParser.hpp"
#include "ipfixlolib/ipfixlolib.h"
#include <vector>
/**
* IPFIX Exporter interface.
*
* Interface for feeding generated Templates and Data Records to "ipfixlolib"
*/
class IpfixSender : public FlowSink {
public:
IpfixSender(uint16_t observationDomainId, const char* ip = 0, uint16_t port = 0, ipfix_transport_protocol proto = UDP);
virtual ~IpfixSender();
void start();
void stop();
int addCollector(const char *ip, uint16_t port, ipfix_transport_protocol proto);
int onDataTemplate(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo);
int onDataTemplateDestruction(IpfixRecord::SourceID* sourceID, IpfixRecord::DataTemplateInfo* dataTemplateInfo);
int onDataDataRecord(boost::shared_ptr<IpfixDataDataRecord> rec);
int onIdle();
virtual void flowSinkProcess();
void stats();
// Set up time after that Templates are going to be resent
bool setTemplateTransmissionTimer(uint32_t timer){
ipfix_set_template_transmission_timer(ipfixExporter, timer);
return true;
}
// Set up SCTP packet lifetime
bool setSctpLifetime(uint32_t time){
ipfix_set_sctp_lifetime(ipfixExporter, time);
return true;
}
// Set up SCTP reconnect timer
bool setSctpReconnectTimeout(uint32_t time){
ipfix_set_sctp_reconnect_timer(ipfixExporter, time);
return true;
}
protected:
ipfix_exporter* ipfixExporter; /**< underlying ipfix_exporter structure. */
uint16_t lastTemplateId; /**< Template ID of last created Template */
uint32_t sentRecords; /**< Statistics: Total number of records sent since last statistics were polled */
private:
int startDataSet(uint16_t templateId);
int endAndSendDataSet();
std::vector<boost::shared_ptr<IpfixRecord> > recordsToRelease;
uint16_t ringbufferPos; /**< Pointer to next free slot in @c conversionRingbuffer. */
uint8_t conversionRingbuffer[65536]; /**< Ringbuffer used to store converted imasks between @c ipfix_put_data_field() and @c ipfix_send() */
uint16_t recordsInDataSet; /**< The number of records in the current data set */
uint16_t currentTemplateId; /**< Template ID of the unfinished data set */
};
#endif

21
concentrator/Makefile.am
View File

@ -1,21 +0,0 @@
noinst_LIBRARIES=libconcentrator.a
libconcentrator_a_SOURCES=IpfixAggregator.cpp IpfixAggregator.hpp crc16.hpp Hashtable.cpp \
Hashtable.hpp ipfix.cpp ipfix.hpp \
IpfixReceiver.cpp IpfixReceiver.hpp \
IpfixReceiverUdpIpV4.cpp IpfixReceiverUdpIpV4.hpp \
IpfixRawdirReader.cpp IpfixRawdirReader.hpp \
FlowSource.hpp FlowSource.cpp \
FlowSink.hpp FlowSink.cpp \
IpfixRecord.hpp IpfixRecord.cpp \
IpfixPrinter.cpp IpfixPrinter.hpp \
IpfixParser.cpp IpfixParser.hpp \
IpfixPacketProcessor.cpp IpfixPacketProcessor.hpp \
IpfixCollector.cpp IpfixCollector.hpp \
Rules.cpp Rules.hpp Rule.cpp Rule.hpp \
IpfixSender.cpp IpfixSender.hpp \
IpfixRawdirWriter.cpp IpfixRawdirWriter.hpp \
TemplateBuffer.cpp TemplateBuffer.hpp \
IpfixDbReader.hpp IpfixDbReader.cpp IpfixDbWriter.hpp IpfixDbWriter.cpp
AM_CXXFLAGS=-I$(top_srcdir) $(MYSQL_CFLAGS) -Wall -Werror

85
concentrator/crc16.hpp
View File

@ -1,85 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef CRC16_H
#define CRC16_H
#include <stdint.h>
/* CRC16 table calculated by Mark G. Mendel. From xmodem.h, public domain */
static const uint16_t table[] = {
0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7,
0x8108, 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF,
0x1231, 0x0210, 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6,
0x9339, 0x8318, 0xB37B, 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE,
0x2462, 0x3443, 0x0420, 0x1401, 0x64E6, 0x74C7, 0x44A4, 0x5485,
0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 0xF5CF, 0xC5AC, 0xD58D,
0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 0x5695, 0x46B4,
0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 0xC7BC,
0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823,
0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B,
0x5AF5, 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12,
0xDBFD, 0xCBDC, 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A,
0x6CA6, 0x7C87, 0x4CE4, 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41,
0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 0xAD2A, 0xBD0B, 0x8D68, 0x9D49,
0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 0x2E32, 0x1E51, 0x0E70,
0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 0x9F59, 0x8F78,
0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 0xE16F,
0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067,
0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E,
0x02B1, 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256,
0xB5EA, 0xA5CB, 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D,
0x34E2, 0x24C3, 0x14A0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
0xA7DB, 0xB7FA, 0x8799, 0x97B8, 0xE75F, 0xF77E, 0xC71D, 0xD73C,
0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 0x7676, 0x4615, 0x5634,
0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 0xB98A, 0xA9AB,
0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 0x28A3,
0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A,
0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92,
0xFD2E, 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9,
0x7C26, 0x6C07, 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1,
0xEF1F, 0xFF3E, 0xCF5D, 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8,
0x6E17, 0x7E36, 0x4E55, 0x5E74, 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0
};
/**
* CRC16 hash function.
* Operates on an arbitrary-length bytestream.
* @param seed value of a generated CRC16 for cumulative generation of a new CRC16
* @param length number of bytes in the data stream
* @param data stream for which the CRC16 will be generated
* @return the CRC16 value
*/
inline uint16_t crc16(uint16_t seed, uint16_t length, const char* data)
{
uint16_t i = seed;
while (length--) {
uint8_t byte = *(char*)data++;
uint8_t index = byte ^ (i >> 8);
uint16_t entry = table[index];
i = (i << 8) ^ entry;
}
return i;
}
#endif

7
concentrator/doc/index.html
View File

@ -1,7 +0,0 @@
<html>
<head>
</head>
<body>
<a href="html/index.html">doxygen HTML documentation</a>
</body>
</html>

85
concentrator/doc/testAggregator.cpp
View File

@ -1,85 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/** \file
* Separate Program to test the Aggregator module
* Dumps received flows to stdout
*/
#include <netinet/in.h>
#include <unistd.h>
#include <signal.h>
#include "common.hpp"
#include "IpfixReceiver.hpp"
#include "IpfixAggregator.hpp"
#include "IpfixSender.hpp"
#include "IpfixPrinter.hpp"
int mayRun;
void sigint(int) {
mayRun = 0;
}
int main(int argc, char *argv[]) {
mayRun = 1;
signal(SIGINT, sigint);
debug("starting exporter");
IpfixSender ipfixSender(0xDEADBEEF, "127.0.0.1", 1501);
ipfixSender.start();
debug("starting printer");
IpfixPrinter ipfixPrinter;
ipfixPrinter.start();
debug("starting aggregator");
IpfixAggregator ipfixAggregator("aggregation_rules.conf", 5, 15);
ipfixAggregator.addFlowSink(&ipfixSender);
ipfixAggregator.addFlowSink(&ipfixPrinter);
ipfixAggregator.start();
debug("starting collector");
IpfixReceiver ipfixReceiver(1500);
ipfixReceiver.addFlowSink(&ipfixAggregator);
ipfixReceiver.start();
debug("Listening on Port 1500. Hit Ctrl+C to quit");
while (mayRun) {
ipfixAggregator.poll();
sleep(1);
}
debug("Stopping threads and tidying up.");
debug("stopping collector");
ipfixReceiver.stop();
debug("stopping aggregator");
ipfixAggregator.stop();
debug("stopping printer");
ipfixPrinter.stop();
debug("stopping exporter");
ipfixSender.stop();
return 0;
}

1
concentrator/doc/testAggregator.hpp
View File

@ -1 +0,0 @@
/* dummy file, needed */

75
concentrator/doc/testCollector.cpp
View File

@ -1,75 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/** \file
* Separate Program to test the collector
* Dumps received flows to stdout
*/
#include <netinet/in.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#include "IpfixReceiver.hpp"
#include "IpfixPrinter.hpp"
#include "common.hpp"
#define DEFAULT_LISTEN_PORT 1500
void sigint(int) {
}
int main(int argc, char *argv[]) {
int lport = DEFAULT_LISTEN_PORT;
signal(SIGINT, sigint);
if(argv[1]) {
lport=atoi(argv[1]);
}
IpfixPrinter ipfixPrinter;
ipfixPrinter.start();
IpfixReceiver ipfixReceiver(lport);
if (argc > 2) {
debugf("Adding %s to list of authorized hosts", argv[2]);
ipfixReceiver.addAuthorizedHost(argv[2]);
}
ipfixReceiver.addFlowSink(&ipfixPrinter);
ipfixReceiver.start();
debugf("Listening on %d. Hit Ctrl+C to quit", lport);
pause();
debug("Stopping threads and tidying up.");
debug("stopping collector");
ipfixReceiver.stop();
debug("stopping printer");
ipfixPrinter.stop();
return 0;
}

1
concentrator/doc/testCollector.hpp
View File

@ -1 +0,0 @@
/* dummy file, needed */

78
concentrator/doc/testProxy.cpp
View File

@ -1,78 +0,0 @@
/*
* IPFIX Concentrator Module Library
* Copyright (C) 2004 Christoph Sommer <http://www.deltadevelopment.de/users/christoph/ipfix/>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/** \file
* Separate Program to test collector, printer and sender
* Dumps received flows to stdout
*/
#include <netinet/in.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#include "IpfixReceiver.hpp"
#include "IpfixPrinter.hpp"
#include "IpfixSender.hpp"
#include "common.hpp"
#define DEFAULT_LISTEN_PORT 1500
#define DEFAULT_TALK_IP "127.0.0.1"
#define DEFAULT_TALK_PORT 1501
#define DEFAULT_SOURCE_ID 4711
void sigint(int) {
}
int main(int argc, char* argv[]) {
int lport = DEFAULT_LISTEN_PORT;
char* tip = DEFAULT_TALK_IP;
int tport = DEFAULT_TALK_PORT;
signal(SIGINT, sigint);
if (argc > 1) lport=atoi(argv[1]);
if (argc > 2) tip=argv[2];
if (argc > 3) tport=atoi(argv[3]);
IpfixReceiver ipfixReceiver(lport);
IpfixPrinter ipfixPrinter;
IpfixSender ipfixSender(DEFAULT_SOURCE_ID, tip, tport);
ipfixReceiver.addFlowSink(&ipfixSender);
ipfixReceiver.addFlowSink(&ipfixPrinter);
ipfixSender.start();
ipfixPrinter.start();
ipfixReceiver.start();
debugf("0.0.0.0:%d => %s:%d", lport, tip, tport);
debug("Forwarding all Templates and Data Records. Press Ctrl+C to quit.");
pause();
debug("Stopping threads and tidying up.");
ipfixReceiver.stop();
ipfixPrinter.stop();
ipfixSender.stop();
return 0;
}

1
concentrator/doc/testProxy.hpp
View File

@ -1 +0,0 @@
/* dummy file, needed */

142
configs/autofocus_eval.xml Normal file
View File

@ -0,0 +1,142 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>1</checkinterval>
</sensorManager>
<observer id="1">
<!--<interface>lo</interface>-->
<filename>/dumps/aussenanbindung.dump</filename>
<pcap_filter>ip</pcap_filter>
<offlineAutoExit>1</offlineAutoExit>
<offlineSpeed>1</offlineSpeed>
<captureLength>128</captureLength>
<next>3</next>
</observer>
<packetQueue id="3">
<maxSize>1000</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>7</next>
</packetAggregator>
<ipfixAggregator id="7">
<rule>
<templateId>998</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>2</next>
</ipfixAggregator>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>8</next>
</ipfixQueue>
<AutoFocus id="8">
<analyzerid>AutoFocus</analyzerid>
<idmeftemplate>idmef/templates/AutoFocus_template.xml</idmeftemplate>
<hashbits>20</hashbits>
<timetreeinterval>600</timetreeinterval>
<nummaxresults>20</nummaxresults>
<minSubbits>25</minSubbits>
<numtrees>2</numtrees>
<next>9</next>
</AutoFocus>
<idmefExporter id="9">
<sendurl>http://localhost</sendurl>
<destdir>idmef_work</destdir>
</idmefExporter>
</ipfixConfig>

138
configs/autofocus_vermont.xml Normal file
View File

@ -0,0 +1,138 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>1</checkinterval>
</sensorManager>
<observer id="1">
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
<next>3</next>
</observer>
<packetQueue id="3">
<maxSize>1000</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>7</next>
</packetAggregator>
<ipfixAggregator id="7">
<rule>
<templateId>998</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>2</next>
</ipfixAggregator>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>8</next>
</ipfixQueue>
<AutoFocus id="8">
<analyzerid>AutoFocus</analyzerid>
<reportfile>af_reports.txt</reportfile>
<hashbits>20</hashbits>
<timetreeinterval>600</timetreeinterval>
<nummaxresults>20</nummaxresults>
<minSubbits>25</minSubbits>
<numtrees>2</numtrees>
<next>9</next>
</AutoFocus>
<idmefExporter id="9">
<sendurl>http://localhost</sendurl>
<destdir>idmef_work</destdir>
</idmefExporter>
</ipfixConfig>

72
configs/connectionfilter.xml
View File

@ -1,72 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
<connectionFilter>
<exportBytes>100</exportBytes>
<timeout>3</timeout>
<filterSize>1000</filterSize>
<hashFunctions>3</hashFunctions>
</connectionFilter>
</packetSelection>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>ipPayloadPacketSection</ieName>
<ieLength>65535</ieLength>
</reportedIE>
<reportedIE>
<ieName>protocolIdentifier</ieName>
</reportedIE>
</packetReporting>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

29
configs/connfilter.xml Normal file
View File

@ -0,0 +1,29 @@
<ipfixConfig>
<observer id="1">
<filename>sourcefile.pcap</filename>
<pcap_filter>ip</pcap_filter>
<captureLength>65535</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>100</maxSize>
<next>3</next>
</packetQueue>
<filter id="3">
<connectionBased>
<timeout>3</timeout>
<bytes>1000</bytes>
<filterSize>1000</filterSize>
<hashFunctions>3</hashFunctions>
<exportControlPackets>false</exportStateControlPackets>
</connectionBased>
<next>4</next>
</filter>
<pcapExporter id="4">
<filename>connfilter.pcap</filename>
<snaplen>65535</snaplen>
</pcapExporter>
</ipfixConfig>

62
configs/dbanon.xml Normal file
View File

@ -0,0 +1,62 @@
<ipfixConfig>
<ipfixDbReader id="1">
<host>10.159.5.10</host>
<port>3306</port>
<dbname>test</dbname>
<username>netadmin</username>
<password>nastyAdm1n</password>
<fullspeed>true</fullspeed>
<timeshift>false</timeshift>
<next>2</next>
</ipfixDbReader>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>6</next>
</ipfixQueue>
<anonRecord id="3">
<anonField>
<anonIE>
<ieName>sourceIPv4Address</ieName>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<anonField>
<anonIE>
<ieName>destinationIPv4Address</ieName>
<ieLength>4</ieLength>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<next>6</next>
</anonRecord>
<ipfixPrinter id="7">
</ipfixPrinter>
<ipfixDbWriter id="6">
<host>10.159.5.10</host>
<port>3306</port>
<dbname>test2</dbname>
<username>netadmin</username>
<password>nastyAdm1n</password>
<columns>
<name>dstIP</name>
<name>srcIP</name>
<name>srcPort</name>
<name>dstPort</name>
<name>proto</name>
<name>dstTos</name>
<name>bytes</name>
<name>pkts</name>
<name>firstSwitched</name>
<name>lastSwitched</name>
<name>firstSwitchedMillis</name>
<name>lastSwitchedMillis</name>
<name>exporterID</name>
</columns>
</ipfixDbWriter>
</ipfixConfig>

106
configs/dbwriter.xml Normal file
View File

@ -0,0 +1,106 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>20</checkinterval>
</sensorManager>
<ipfixCollector id="1">
<listener>
<ipAddress>0.0.0.0</ipAddress>
<transportProtocol>UDP</transportProtocol>
<port>1500</port>
</listener>
<next>2</next>
</ipfixCollector>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>3</next>
</ipfixQueue>
<ipfixAggregator id="3">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
<next>5</next>
</ipfixAggregator>
<ipfixDbWriter id="4">
<host>127.0.0.1</host>
<port>3306</port>
<dbname>flows_vermont</dbname>
<username>nastyWriter</username>
<password>write@ccess</password>
<bufferrecords>5</bufferrecords>
<columns>
<name>dstIP</name>
<name>srcIP</name>
<name>srcPort</name>
<name>dstPort</name>
<name>proto</name>
<name>dstTos</name>
<name>bytes</name>
<name>pkts</name>
<name>firstSwitched</name>
<name>lastSwitched</name>
<name>firstSwitchedMillis</name>
<name>lastSwitchedMillis</name>
<name>exporterID</name>
</columns>
</ipfixDbWriter>
<ipfixPrinter id="5">
</ipfixPrinter>
</ipfixConfig>

146
configs/example.xml Normal file
View File

@ -0,0 +1,146 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>2</checkinterval>
</sensorManager>
<observer id="1">
<interface>eth0</interface>
<pcap_filter>ip</pcap_filter>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">1</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixAggregator id="4">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>7</next>
<next>8</next>
</ipfixAggregator>
<ipfixExporter id="7">
<!--
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout>10</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
-->
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</ipfixExporter>
<trwPortscanDetector id="8">
<analyzerid>trwportscandetector</analyzerid>
<idmeftemplate>idmef/templates/trwportscan_template.xml</idmeftemplate>
<next>9</next>
</trwPortscanDetector>
<idmefExporter id="9">
<sendurl>http://localhost</sendurl>
</idmefExporter>
</ipfixConfig>

72
configs/hash_faui7d7.xml Normal file
View File

@ -0,0 +1,72 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>1</checkinterval>
<append>1</append>
</sensorManager>
<observer id="1">
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
<next>3</next>
</observer>
<packetQueue id="3">
<maxSize>1000</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">30</inactiveTimeout>
<activeTimeout unit="sec">600</activeTimeout>
</expiration>
<hashtableBits>16</hashtableBits>
<pollInterval unit="sec">30</pollInterval>
<next>7</next>
</packetAggregator>
<AutoFocus id="7">
<analyzerid>AutoFocus</analyzerid>
<reportfile>af_reports.txt</reportfile>
<hashbits>20</hashbits>
<timetreeinterval>600</timetreeinterval>
<nummaxresults>20</nummaxresults>
<minSubbits>25</minSubbits>
<numtrees>2</numtrees>
</AutoFocus>
</ipfixConfig>

30
configs/idmef_templates/datafilter_template.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IDMEF-Message PUBLIC "-//IETF//DTD RFC XXXX IDMEF v1.0//EN" "idmef-message.dtd">
<IDMEF-Message>
<Alert messageid="%MESSAGE_ID%">
<Analyzer model="vermont data filter" analyzerid="%ANALYZER_ID%">
<Node category="hosts">
<name>%ANALYZER_HOST%</name>
<Address category="ipv4-addr">
<address>%ANALYZER_IP%</address>
</Address>
</Node>
</Analyzer>
<CreateTime ntpstamp="%NTP_TIME%">%CREATE_TIME%</CreateTime>
<Source>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%SOURCE_ADDRESS%</address>
</Address>
</Node>
</Source>
<Target>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%TARGET_ADDRESS%</address>
</Address>
</Node>
</Target>
<Classification text="%FILTER_TYPE% match" ident="%FILTER_ID%"/>
</Alert>
</IDMEF-Message>

24
configs/idmef_templates/rbsdetector_template.xml Normal file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IDMEF-Message PUBLIC "-//IETF//DTD RFC XXXX IDMEF v1.0//EN" "idmef-message.dtd">
<IDMEF-Message>
<Alert messageid="%MESSAGE_ID%">
<Analyzer model="vermont RBS WormDetector" analyzerid="%ANALYZER_ID%">
<Node category="hosts">
<name>%ANALYZER_HOST%</name>
<Address category="ipv4-addr">
<address>%ANALYZER_IP%</address>
</Address>
</Node>
</Analyzer>
<CreateTime ntpstamp="%NTP_TIME%">%CREATE_TIME%</CreateTime>
<Source>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%SOURCE_ADDRESS%</address>
<hosts>%HOSTS%</hosts>
</Address>
</Node>
</Source>
<Classification text="Worm" ident="%FAN_OUT% outgoing connections in %TOTALTIME% seconds"/>
</Alert>
</IDMEF-Message>

30
configs/idmef_templates/trwportscan_example.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IDMEF-Message PUBLIC "-//IETF//DTD RFC XXXX IDMEF v1.0//EN" "idmef-message.dtd">
<IDMEF-Message>
<Alert messageid="000046D2BAFF342469200003A040001">
<Analyzer model="Vermont portscan detector" analyzerid="vermont@vermont.rrze">
<Node category="hosts">
<name>vermont.rrze.uni-erlangen.de</name>
<Address category="ipv4-addr">
<address>131.188.2.46</address>
</Address>
</Node>
</Analyzer>
<CreateTime ntpstamp="0xca7d397f.0x0">2007-08-27-T11:52:31Z</CreateTime>
<Source>
<Node category="hosts">
<Address category="ipv4-addr">
<address>1.2.3.4</address>
</Address>
</Node>
</Source>
<Target>
<Node category="hosts">
<Address category="ipv4-addr">
<address>255.255.255.0</address>
</Address>
</Node>
</Target>
<Classification text="portscan" ident="23 succ. conns., 25 failed conns., destination: 255.255.255.0/2.3.4.5"/>
</Alert>
</IDMEF-Message>

30
configs/idmef_templates/trwportscan_template.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IDMEF-Message PUBLIC "-//IETF//DTD RFC XXXX IDMEF v1.0//EN" "idmef-message.dtd">
<IDMEF-Message>
<Alert messageid="%MESSAGE_ID%">
<Analyzer model="vermont TRW portscan detector" analyzerid="%ANALYZER_ID%">
<Node category="hosts">
<name>%ANALYZER_HOST%</name>
<Address category="ipv4-addr">
<address>%ANALYZER_IP%</address>
</Address>
</Node>
</Analyzer>
<CreateTime ntpstamp="%NTP_TIME%">%CREATE_TIME%</CreateTime>
<Source>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%SOURCE_ADDRESS%</address>
</Address>
</Node>
</Source>
<Target>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%TARGET_ADDRESS%</address>
</Address>
</Node>
</Target>
<Classification text="portscan" ident="%SUCC_CONNS% succ. conns., %FAILED_CONNS% failed conns."/>
</Alert>
</IDMEF-Message>

130
configs/ipfix-export.xml Normal file
View File

@ -0,0 +1,130 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>2</checkinterval>
</sensorManager>
<observer id="1">
<interface>eth0</interface>
<pcap_filter>ip</pcap_filter>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>999</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCode</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
<match>ICMP</match>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<rule>
<templateId>997</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixQueue id="4">
<entries>1000</entries>
<next>8</next>
</ipfixQueue>
<ipfixExporter id="8">
<observationDomainId>99</observationDomainId>
<collector>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>132</transportProtocol>
</collector>
</ipfixExporter>
</ipfixConfig>

138
configs/offlineprinter.xml Normal file
View File

@ -0,0 +1,138 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>2</checkinterval>
</sensorManager>
<observer id="1">
<!--<interface>lo</interface>-->
<filename>test.dump</filename>
<pcap_filter>ip</pcap_filter>
<offlineAutoExit>1</offlineAutoExit>
<offlineSpeed>0</offlineSpeed>
<captureLength>166</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>frontPayload</ieName>
<ieLength>100</ieLength>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">1</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixAggregator id="4">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>frontPayload</ieName>
<ieLength>100</ieLength>
</nonFlowKey>
<nonFlowKey>
<ieName>revFrontPayload</ieName>
<ieLength>100</ieLength>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">2</inactiveTimeout>
<activeTimeout unit="sec">2</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>5</next>
</ipfixAggregator>
<ipfixPayloadWriter id="5">
<destPath>payload_work</destPath>
<filenamePrefix>test</filenamePrefix>
<connNumber>50</connNumber>
</ipfixPayloadWriter>
</ipfixConfig>

151
configs/p2pdetector.xml Normal file
View File

@ -0,0 +1,151 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<sensorManager id="99">
<outputfile>sensor_output.xml</outputfile>
<checkinterval>5</checkinterval>
</sensorManager>
<observer id="1">
<filename>DUMP</filename>
<pcap_filter>ip</pcap_filter>
<offlineAutoExit>1</offlineAutoExit>
<offlineSpeed>1</offlineSpeed>
<captureLength>128</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>1000</maxSize>
<next>3</next>
</packetQueue>
<packetAggregator id="3">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>maxPacketGap</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixAggregator id="4">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>maxPacketGap</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revMaxPacketGap</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">70</inactiveTimeout>
<activeTimeout unit="sec">310</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>5</next>
</ipfixAggregator>
<p2pDetector id="5">
<analyzerid>P2PDetector</analyzerid>
<interval>300</interval>
<subnet>192.168.1.0/24</subnet>
<udpRateThreshold>0.013</udpRateThreshold>
<udpHostRateThreshold>0.0007</udpHostRateThreshold>
<tcpRateThreshold>0.082</tcpRateThreshold>
<coexistentTCPConsThreshold>2.9</coexistentTCPConsThreshold>
<rateLongTCPConsThreshold>0.018</rateLongTCPConsThreshold>
<tcpVarianceThreshold>0.068</tcpVarianceThreshold>
<failedConsPercentThreshold>4.8</failedConsPercentThreshold>
<tcpFailedRateThreshold>0.01</tcpFailedRateThreshold>
<tcpFailedVarianceThreshold>0.3</tcpFailedVarianceThreshold>
<next>6</next>
</p2pDetector>
<idmefExporter id="6">
<sendurl>http://localhost</sendurl>
<destdir>idmef-msg</destdir>
</idmefExporter>
</ipfixConfig>

55
configs/packet_anonym.xml Normal file
View File

@ -0,0 +1,55 @@
<ipfixConfig>
<observer id="1">
<interface>nfe0</interface>
<pcap_filter>ip</pcap_filter>
<captureLength>128</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>3</next>
</packetQueue>
<filter id="3">
<anonFilter>
<anonField>
<anonIE>
<ieName>sourceIPv4Address</ieName>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<anonField>
<anonIE>
<ieName>destinationIPv4Address</ieName>
<ieLength>4</ieLength>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
</anonFilter>
<next>6</next>
</filter>
<psampExporter id="6">
<ipfixPacketRestrictions>
<maxPacketSize>200</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
</packetReporting>
<collector>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</psampExporter>
</ipfixConfig>

23
configs/payloaddrop.xml Normal file
View File

@ -0,0 +1,23 @@
<ipfixConfig>
<observer id="1">
<interface>nfe0</interface>
<pcap_filter>ip</pcap_filter>
<captureLength>128</captureLength>
<next>2</next>
</observer>
<filter id="2">
<payloadFilter/>
<next>3</next>
</filter>
<packetQueue id="3">
<maxSize>10</maxSize>
<next>4</next>
</packetQueue>
<pcapExporter id="4">
<filename>vermont.pcap</filename>
<snaplen>128</snaplen>
</pcapExporter>
</ipfixConfig>

18
configs/pcapexport.xml Normal file
View File

@ -0,0 +1,18 @@
<ipfixConfig>
<observer id="1">
<interface>nfe0</interface>
<pcap_filter>ip</pcap_filter>
<captureLength>128</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>3</next>
</packetQueue>
<pcapExporter id="3">
<filename>vermont.pcap</filename>
<snaplen>128</snaplen>
</pcapExporter>
</ipfixConfig>

141
configs/rbsworm_vermont.xml Normal file
View File

@ -0,0 +1,141 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>1</checkinterval>
</sensorManager>
<observer id="1">
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
<next>3</next>
</observer>
<packetQueue id="3">
<maxSize>1000</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">60</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>7</next>
</packetAggregator>
<ipfixAggregator id="7">
<rule>
<templateId>998</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">10</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>2</next>
</ipfixAggregator>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>8</next>
</ipfixQueue>
<rbsWormDetector id="8">
<analyzerid>rbswormdetector</analyzerid>
<idmeftemplate>idmef/templates/rbsdetector_template.xml</idmeftemplate>
<hashbits>20</hashbits>
<subnet>131.188.0.0/16</subnet>
<timeexpirepending>1800</timeexpirepending>
<timeexpireworm>1800</timeexpireworm>
<timeexpirebenign>601</timeexpirebenign>
<timeadaptinterval>600</timeadaptinterval>
<timecleanupinterval>300</timecleanupinterval>
<lambdaratio>4</lambdaratio>
<next>9</next>
</rbsWormDetector>
<idmefExporter id="9">
<sendurl>http://localhost</sendurl>
<destdir>idmef_work</destdir>
</idmefExporter>
</ipfixConfig>

37
configs/record_anonym.xml Normal file
View File

@ -0,0 +1,37 @@
<ipfixConfig>
<ipfixCollector id="1">
<listener>
<transportProtocol>SCTP</transportProtocol>
</listener>
<next>2</next>
</ipfixCollector>
<ipfixQueue id="2">
<maxSize>1000</maxSize>
<next>3</next>
<next>6</next>
</ipfixQueue>
<anonRecord id="3">
<anonField>
<anonIE>
<ieName>sourceIPv4Address</ieName>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<anonField>
<anonIE>
<ieName>destinationIPv4Address</ieName>
<ieLength>4</ieLength>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<copyMode>true</copyMode>
<next>6</next>
</anonRecord>
<ipfixPrinter id="6">
</ipfixPrinter>
</ipfixConfig>

129
configs/simple.xml Normal file
View File

@ -0,0 +1,129 @@
<ipfixConfig>
<sensorManager id="99">
<checkinterval>2</checkinterval>
</sensorManager>
<observer id="1">
<interface>eth0</interface>
<pcap_filter>ip</pcap_filter>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>10</maxSize>
<next>6</next>
</packetQueue>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">1</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixAggregator id="4">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>7</next>
</ipfixAggregator>
<ipfixQueue id="7">
<entries>1000</entries>
<next>8</next>
</ipfixQueue>
<ipfixExporter id="8">
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</ipfixExporter>
</ipfixConfig>

70
configs/stateconnectionfilter.xml
View File

@ -1,70 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
<stateConnectionFilter>
<exportBytes>100</exportBytes>
<timeout>3</timeout>
</stateConnectionFilter>
</packetSelection>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>ipPayloadPacketSection</ieName>
<ieLength>65535</ieLength>
</reportedIE>
<reportedIE>
<ieName>protocolIdentifier</ieName>
</reportedIE>
</packetReporting>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

28
configs/statefilter.xml Normal file
View File

@ -0,0 +1,28 @@
<ipfixConfig>
<observer id="1">
<filename>sourcefile.pcap</filename>
<pcap_filter>ip</pcap_filter>
<captureLength>65535</captureLength>
<offlineSpeed>-1</offlineSpeed>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>100</maxSize>
<next>3</next>
</packetQueue>
<filter id="3">
<stateConnectionBased>
<timeout>3</timeout>
<bytes>1000</bytes>
<exportControlPackets>false</exportStateControlPackets>
</stateConnectionBased>
<next>4</next>
</filter>
<pcapExporter id="4">
<filename>statefilter.pcap</filename>
<snaplen>65535</snaplen>
</pcapExporter>
</ipfixConfig>

81
configs/test1.xml
View File

@ -1,81 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
<countBased>
<interval>10</interval>
<spacing>20</spacing>
</countBased>
<filterMatch>
<infoElementId>
<ieName>destinationIPv4Address</ieName>
<match>10.1.0.0/16</match>
</infoElementId>
<infoElementId>
<ieName>destinationTransportPort</ieName>
<match>80,443</match>
</infoElementId>
</filterMatch>
<randOutOfN>
<population>10</population>
<sample>5</sample>
</randOutOfN>
</packetSelection>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>protocolIdentifier</ieName>
</reportedIE>
</packetReporting>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

39
configs/test10.xml
View File

@ -1,39 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<dbReader id="1">
<dbName>test</dbName>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</dbReader>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<!--<port>1500</port>-->
<port>4711</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

147
configs/test11.xml
View File

@ -1,147 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<dbReader id="1">
<dbName>flows</dbName>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</dbReader>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>tcpControlBits</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>ICMP</match>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCodeIpV4</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</collector>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4712</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

93
configs/test2.xml
View File

@ -1,93 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<observationPoint id="2">
<observationDomainId>4712</observationDomainId>
<type>pcap</type>
<parameters>
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
<countBased>
<interval>10</interval>
<spacing>20</spacing>
</countBased>
<filterMatch>
<infoElementId>
<ieName>destinationIPv4Address</ieName>
<match>10.1.0.0/16</match>
</infoElementId>
<infoElementId>
<ieName>destinationTransportPort</ieName>
<match>80,443</match>
</infoElementId>
</filterMatch>
<randOutOfN>
<population>10</population>
<sample>5</sample>
</randOutOfN>
</packetSelection>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>protocolIdentifier</ieName>
</reportedIE>
</packetReporting>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

88
configs/test3.xml
View File

@ -1,88 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
<countBased>
<interval>10</interval>
<spacing>20</spacing>
</countBased>
<filterMatch>
<infoElementId>
<ieName>destinationIPv4Address</ieName>
<match>10.1.0.0/16</match>
</infoElementId>
<infoElementId>
<ieName>destinationTransportPort</ieName>
<match>80,443</match>
</infoElementId>
</filterMatch>
<randOutOfN>
<population>10</population>
<sample>5</sample>
</randOutOfN>
</packetSelection>
<next>
<meteringProcessId>2</meteringProcessId>
</next>
</meteringProcess>
<meteringProcess id="2">
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>protocolIdentifier</ieName>
</reportedIE>
</packetReporting>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

111
configs/test4.xml
View File

@ -1,111 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<rule>
<templateId>999</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
<match>TCP</match>
</flowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout>10</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont>
</ipfixConfig>

85
configs/test5.xml
View File

@ -1,85 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<collectingProcess id="1">
<observationDomainId>12345</observationDomainId>
<listener>
<ipAddressType>4</ipAddressType>
<ipAddress>10.2.0.99</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</listener>
<udpTemplateLifetime unit="sec">15</udpTemplateLifetime>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</collectingProcess>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
</rule>
<rule>
<templateId>999</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout>10</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont>
</ipfixConfig>

97
configs/test6.xml
View File

@ -1,97 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<collectingProcess id="1">
<observationDomainId>12345</observationDomainId>
<listener>
<ipAddressType>4</ipAddressType>
<ipAddress>10.2.0.99</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</listener>
<udpTemplateLifetime unit="sec">15</udpTemplateLifetime>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</collectingProcess>
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
</rule>
<rule>
<templateId>999</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
<modifier>mask/16</modifier>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout>10</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
<vermont>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont>
</ipfixConfig>

132
configs/test7.xml
View File

@ -1,132 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>tcpControlBits</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>ICMP</match>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCodeIpV4</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
</flowMetering>
<next>
<dbWriterId>1</dbWriterId>
</next>
</meteringProcess>
<dbWriter id="1">
<dbName>flows</dbName>
<bufferRecords>10</bufferRecords>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

57
configs/test8.xml
View File

@ -1,57 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<collectingProcess id="1">
<observationDomainId>12345</observationDomainId>
<listener>
<ipAddressType>4</ipAddressType>
<ipAddress>10.2.0.99</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</listener>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</collectingProcess>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
</flowMetering>
<next>
<dbWriterId>1</dbWriterId>
</next>
</meteringProcess>
<dbWriter id="1">
<dbName>flows</dbName>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

30
configs/test9.xml
View File

@ -1,30 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<collectingProcess id="1">
<observationDomainId>12345</observationDomainId>
<listener>
<ipAddressType>4</ipAddressType>
<ipAddress>10.2.0.99</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</listener>
<next>
<dbWriterId>1</dbWriterId>
</next>
</collectingProcess>
<dbWriter id="1">
<dbName>flows</dbName>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

92
configure vendored
View File

@ -1,92 +0,0 @@
#!/bin/sh
#
# VERMONT build scripts for CMake
# Copyright (C) 2007 Christoph Sommer <christoph.sommer@informatik.uni-erlangen.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
echo
echo Warning: This project uses CMake, not Automake.
echo Warning: You are executing a wrapper script with limited functionality.
echo Warning: Run \"ccmake .\" to see the full set of options offered.
echo
rm -f CMakeCache.txt
CMAKE_PARAMETERS=
while [ $# -gt 0 ]
do
case "$1" in
--help)
echo
echo "Supported Parameters:"
echo " --with-debug"
echo " --with-ip-header-offset X"
echo " --without-mysql"
echo " --without-sctp"
echo " --without-netflowv9"
echo " --without-tests"
echo
exit 0
shift
;;
--with-debug)
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DDEBUG=ON"
shift
;;
--with-ip-header-offset)
shift
if [ $# -eq 0 ]
then
echo "no offset given."
exit 1
fi
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DIP_HEADER_OFFSET=$1"
shift
;;
--without-mysql)
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DSUPPORT_MYSQL=OFF"
shift
;;
--without-netflowv9)
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DSUPPORT_NETFLOWV9=OFF"
shift
;;
--without-tests)
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DWITH_TESTS=OFF"
shift
;;
--without-sctp)
CMAKE_PARAMETERS="$CMAKE_PARAMETERS -DSUPPORT_SCTP=OFF"
shift
;;
*)
echo "Unknown parameter: $1"
exit 1
shift
;;
esac
done
cmake $CMAKE_PARAMETERS . || exit 1
echo
echo Warning: This project uses CMake, not Automake
echo Warning: You are executing a wrapper script with limited functionality.
echo Warning: Run \"ccmake .\" to see the full set of options offered.
echo

138
dboffline.xml
View File

@ -1,138 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<filename>mydoomp.pcap</filename>
<pcap_filter>ip</pcap_filter>
<replace_timestamps>true</replace_timestamps>
<speed_multiplier>2</speed_multiplier>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>tcpControlBits</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>ICMP</match>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCodeIpV4</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<dbWriterId>1</dbWriterId>
</next>
</meteringProcess>
<dbWriter id="1">
<dbName>flows</dbName>
<bufferRecords>10</bufferRecords>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

117
dbreader_configuration.cc
View File

@ -1,117 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#ifdef DB_SUPPORT_ENABLED
#include "dbreader_configuration.h"
#include "exporter_configuration.h"
#include "metering_configuration.h"
#include "flowmetering_configuration.h"
#include "common/msg.h"
DbReaderConfiguration::DbReaderConfiguration(xmlDocPtr document, xmlNodePtr startPoint)
: Configuration(document, startPoint), running(false), ipfixDbReader(0), portNumber(0), observationDomainId(0)
{
xmlChar* idString = xmlGetProp(startPoint, (const xmlChar*)"id");
if (NULL == idString) {
THROWEXCEPTION("Got dbreader without unique id!");
}
id = configTypes::dbreader + (const char*)idString;
xmlFree(idString);
}
DbReaderConfiguration::~DbReaderConfiguration()
{
if (ipfixDbReader) {
stopSystem();
delete ipfixDbReader;
}
}
void DbReaderConfiguration::configure()
{
msg(MSG_INFO, "DbReaderConfiguration: Start reading dbreader section");
xmlNodePtr i = start->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "hostName")) {
hostName = getContent(i);
} else if (tagMatches(i, "userName")) {
userName = getContent(i);
} else if (tagMatches(i, "dbName")) {
dbName = getContent(i);
} else if (tagMatches(i, "password")) {
password = getContent(i);
} else if (tagMatches(i, "port")) {
portNumber = atoi(getContent(i).c_str());
} else if (tagMatches(i, "observationDomainId")) {
observationDomainId = atoi(getContent(i).c_str());
} else if (tagMatches(i, "next")) {
fillNextVector(i);
}
i = i->next;
}
msg(MSG_INFO, "DbReaderConfiguration: Successfully parsed dbreader section");
setUp();
}
void DbReaderConfiguration::setUp()
{
ipfixDbReader = new IpfixDbReader(hostName.c_str(), dbName.c_str(),
userName.c_str(), password.c_str(),
portNumber, observationDomainId);
if (!ipfixDbReader) {
THROWEXCEPTION("DbReaderConfiguration: Could not create IpfixDbReader!");
}
}
void DbReaderConfiguration::connect(Configuration* c)
{
ExporterConfiguration* exporter = dynamic_cast<ExporterConfiguration*>(c);
if (exporter) {
exporter->createIpfixSender(ipfixDbReader->srcId->observationDomainId);
IpfixSender* ipfixSender = exporter->getIpfixSender();
msg(MSG_INFO, "DbReaderConfiguration: Adding ipfixSender-callbacks to dbReader");
ipfixDbReader->addFlowSink(ipfixSender);
msg(MSG_INFO, "DbReaderConfiguration: Successfully set up connection between dbReader and Exporter");
return;
}
MeteringConfiguration* metering = dynamic_cast<MeteringConfiguration*>(c);
if (metering) {
FlowMeteringConfiguration* fm = metering->getFlowMeteringConfiguration();
if (!fm) {
THROWEXCEPTION("DBReaderConfiguration: Cannot connect to an metering process that does not do flowmetering");
}
msg(MSG_INFO, "DBReaderConfiguration: Adding dbreader-callbacks to aggregator");
IpfixAggregator* aggregator = fm->getIpfixAggregator();
ipfixDbReader->addFlowSink(aggregator);
msg(MSG_INFO, "DbReaderConfiguration: Successfully set up connection between dbReader and metering process");
return;
}
THROWEXCEPTION("Cannot connect %s to dbReader!", c->getId().c_str());
}
void DbReaderConfiguration::startSystem()
{
if (running) return;
msg(MSG_INFO, "DbReaderConfiguration: Starting dbReader...");
ipfixDbReader->start();
msg(MSG_INFO, "DbReaderConfiguration: Successfully started dbReader");
running = true;
}
void DbReaderConfiguration::stopSystem()
{
if (!running) return;
msg(MSG_INFO, "DbReaderConfiguration: Stopping dbReader...");
ipfixDbReader->stop();
msg(MSG_INFO, "DbReaderConfiguration: Successfully stopped dbReader");
running = false;
}
#endif

45
dbreader_configuration.h
View File

@ -1,45 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#ifdef DB_SUPPORT_ENABLED
#ifndef _DBREADER_CONFIGURATION_H_
#define _DBREADER_CONFIGURATION_H_
#include "ipfix_configuration.h"
#include <concentrator/IpfixDbReader.hpp>
class DbReaderConfiguration : public Configuration {
public:
DbReaderConfiguration(xmlDocPtr document, xmlNodePtr startPoint);
~DbReaderConfiguration();
virtual void configure();
virtual void connect(Configuration*);
virtual void startSystem();
virtual void stopSystem();
protected:
void setUp();
bool running; /**< true between calls to startSystem() and stopSystem() */
private:
IpfixDbReader* ipfixDbReader;
std::string hostName;
std::string dbName;
std::string userName;
std::string password;
unsigned int portNumber;
uint16_t observationDomainId;
};
#endif
#endif

39
dbreadertest.xml
View File

@ -1,39 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<dbReader id="1">
<dbName>darpa</dbName>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</dbReader>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
<!--<port>4711</port>-->
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

147
dbreadertest2.xml
View File

@ -1,147 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<dbReader id="1">
<dbName>flows</dbName>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</dbReader>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>tcpControlBits</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>ICMP</match>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCodeIpV4</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout unit="sec">5</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</collector>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4712</port>
</collector>
</exportingProcess>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

105
dbwriter_configuration.cc
View File

@ -1,105 +0,0 @@
/*
released under GPL v2
(C) Lothar Braun <mail@lobraun.de>
*/
#ifdef DB_SUPPORT_ENABLED
#include "dbwriter_configuration.h"
#include "common/msg.h"
DbWriterConfiguration::DbWriterConfiguration(xmlDocPtr document, xmlNodePtr startPoint)
: Configuration(document, startPoint), running(false), dbWriter(NULL), portNumber(0), observationDomainId(0), bufferRecords(10)
{
xmlChar* idString = xmlGetProp(startPoint, (const xmlChar*)"id");
if (NULL == idString) {
THROWEXCEPTION("Got dbwriter without unique id!");
}
id = configTypes::dbwriter + (const char*)idString;
xmlFree(idString);
}
DbWriterConfiguration::~DbWriterConfiguration()
{
if (dbWriter) {
stopSystem();
delete dbWriter;
}
}
void DbWriterConfiguration::setObservationDomainId(uint16_t observationDomainId)
{
this->observationDomainId = observationDomainId;
if (dbWriter) {
dbWriter->srcId.observationDomainId = observationDomainId;
}
}
void DbWriterConfiguration::configure()
{
msg(MSG_INFO, "DbWriterConfiguration: Start reading dbwriter section");
xmlNodePtr i = start->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "hostName")) {
hostName = getContent(i);
} else if (tagMatches(i, "userName")) {
userName = getContent(i);
} else if (tagMatches(i, "dbName")) {
dbName = getContent(i);
} else if (tagMatches(i, "password")) {
password = getContent(i);
} else if (tagMatches(i, "port")) {
portNumber = atoi(getContent(i).c_str());
} else if (tagMatches(i, "bufferRecords")) {
if(atoi(getContent(i).c_str()) > 0)
bufferRecords = atoi(getContent(i).c_str());
else
msg(MSG_ERROR, "DbWriterConfiguration: bufferRecords is not a positive number. Ignored.");
}
i = i->next;
}
setUp();
msg(MSG_INFO, "DbWriterConfiguration: Successfully parsed dbwriter section");
}
void DbWriterConfiguration::setUp()
{
if (dbName == "") {
THROWEXCEPTION("DBWriterConfigurations: No database name given!");
}
dbWriter = new IpfixDbWriter(hostName.c_str(), dbName.c_str(),
userName.c_str(), password.c_str(),
portNumber, observationDomainId, bufferRecords);
if (!dbWriter) {
THROWEXCEPTION("DbWriterConfiguration: Could not create IpfixDbWriter");
}
}
void DbWriterConfiguration::connect(Configuration*)
{
THROWEXCEPTION("DbWriter is an end target and cannot be connected to something!");
}
void DbWriterConfiguration::startSystem()
{
if (running) return;
msg(MSG_INFO, "DbWriterConfiguration: Starting dbWriter");
dbWriter->start();
dbWriter->runSink();
msg(MSG_INFO, "DbWriterConfiguration: Successfully started dbWriter");
running = true;
}
void DbWriterConfiguration::stopSystem()
{
if (!running) return;
msg(MSG_INFO, "DbWriterConfiguration: Stopping dbWriter");
dbWriter->terminateSink();
dbWriter->stop();
msg(MSG_INFO, "DbWriterConfiguration: Successfully stopped dbWriter");
running = false;
}
#endif

54
dbwriter_configuration.h
View File

@ -1,54 +0,0 @@
/*
released under GPL v2
(C) Lothar Braun <mail@lobraun.de>
*/
#ifdef DB_SUPPORT_ENABLED
#ifndef _DBWRITER_CONFIGURATION_H_
#define _DBWRITER_CONFIGURATION_H_
#include "ipfix_configuration.h"
#include <concentrator/IpfixDbWriter.hpp>
#include <string>
class DbWriterConfiguration : public Configuration {
public:
DbWriterConfiguration(xmlDocPtr document, xmlNodePtr startPoint);
~DbWriterConfiguration();
virtual void configure();
virtual void connect(Configuration*);
virtual void startSystem();
virtual void stopSystem();
void setObservationDomainId(uint16_t observationDomainId);
IpfixDbWriter* getDbWriter() { return dbWriter; }
protected:
void setUp();
bool running; /**< true between calls to startSystem() and stopSystem() */
private:
IpfixDbWriter* dbWriter;
std::string hostName;
std::string dbName;
std::string userName;
std::string password;
unsigned int portNumber;
uint16_t observationDomainId;
int bufferRecords;
};
#endif
#endif

136
dbwritertest.xml
View File

@ -1,136 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>lo</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<flowMetering>
<rule>
<templateId>1234</templateId>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>TCP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>tcpControlBits</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetdeltacount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>UDP</match>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<rule>
<flowKey>
<ieName>protocolIdentifier</ieName>
<modifier>discard</modifier>
<match>ICMP</match>
</flowKey>
<flowKey>
<ieName>sourceIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIpV4Address</ieName>
</flowKey>
<flowKey>
<ieName>icmpTypeCodeIpV4</ieName>
</flowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<dbWriterId>1</dbWriterId>
</next>
</meteringProcess>
<dbWriter id="1">
<dbName>flows</dbName>
<bufferRecords>10</bufferRecords>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

30
dbwritertest2.xml
View File

@ -1,30 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<collectingProcess id="1">
<observationDomainId>12345</observationDomainId>
<listener>
<ipAddressType>4</ipAddressType>
<ipAddress>10.2.0.99</ipAddress>
<transportProtocol>17</transportProtocol>
<port>4711</port>
</listener>
<next>
<dbWriterId>1</dbWriterId>
</next>
</collectingProcess>
<dbWriter id="1">
<dbName>flows</dbName>
</dbWriter>
<vermont_main>
<poll_interval unit="msec">500</poll_interval>
<log_file>log.stat</log_file>
<log_interval unit="msec">300000</log_interval>
</vermont_main>
</ipfixConfig>

6
docs/config/README Normal file
View File

@ -0,0 +1,6 @@
module_configuration.txt contains Vermont's module configuration in the Creole Markup language (mixed a bit with Dokuwiki's features for displaying code).
When this file is changed in vermont-dynamic-config (later directly in trunk), please also update the module configuration page in the wiki on vermont.berlios.de.
Tobias Limmer, 10.3.2009

773
docs/config/module_configuration.txt Normal file
View File

@ -0,0 +1,773 @@
= Vermont Module Configuration =
== FrontPayloadSigMatcher ==
Matches flow records that contain payload (IPFIX_ETYPE_frontPayload) to rule files in specified directory, that contain signature tokens with priority and a threshold value that specifies the number of tokens to match until the whole signature matches. The module then reports matches on the command line.
Attention: this code is alpha. The signature directory *must only* contain signature files. If other files are present, the matcher will break.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<frontPayloadSigMatcher id="9">
<signaturedir>./signatures</signaturedir>
</frontPayloadSigMatcher>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|signaturedir | none |Directory that contains signature rule files. |
**Example signature file**
<code>
#Signature of the pcap: f5fb928cef4a24a5a18ddb305b1d2127
#Trainingvalues: FP = 0.00000, TP = 1.00000
#Bayes minimum Occurrence = 0.7
BAYESSIGNATURE
SIGNATUREID
f5fb928cef4a24a5a18ddb305b1d2127
CLASSMEMBERS
f5fb928cef4a24a5a18ddb305b1d2127
TOKEN
220 ProFTPD 1.2.9 Server (ProFTPD) [1.1.63]%0d%0a331 Password required for asaasa510.%0d%0a230 User asaasa510 logged in.%0d%0a200 Type set to I%0d%0a215 UNIX Type: L8%0d%0a500 Illegal PORT command%0d%0a
SUPPORT
0.50000
TOKEN
SER asaasa510%0d%0aPASS 3330881%0d%0aTYPE I%0d%0aSYST%0d%0aPORT 10,0,
SUPPORT
0.50000
THRESHOLD
1.0
</code>
== IDMEFExporter ==
Exports incoming IDMEF messages to the external perl script idmefsender.pl which sends it over the network to a specified URL.
Input type: IdmefMessage
Output type: none
**Example configuration:**
<code xml>
<idmefExporter id="9">
<sendurl>http://localhost</sendurl>
<destdir>idmef_work</destdir>
</idmefExporter>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|sendurl | none |Destination URL where IDMEF messages must sent to. |
|destdir | idmef_work |Directory, where IDMEF messages are temporary stored. There they are picked up by the external perl script ''idmefsender.pl'' in directory ''/tools''. |
== IpfixAggregator ==
Aggregates incoming IPFIX flows according to specified parameters. Configuration is similar to module PacketAggregator.
Input type: IpfixRecord
Output type: IpfixRecord
**Example configuration:**
<code xml>
<ipfixAggregator id="6">
<rule>
<templateId>998</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">1</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|rule | none |Specifies a rule according to which is aggregated. More than one rule may be specified per aggregator. |
|biflowAggregation | 0 |Specifies if biflow aggregation is to be performed (0=no biflow, 1=biflow). Only valid in IpfixAggregator. To accomodate biflow information elements, Vermont-specific enterprise type ids were specified: revFlowStartMilliSeconds, revFlowEndMilliSeconds, revFlowStartSeconds, revFlowEndSeconds, revOctetDeltaCount, revPacketDeltaCount and revTcpControlBits. |
|templateId | none |Template ID (mandadory!). |
|flowKey | |Flow key information element - flows are aggregated according to those keys. |
|nonFlowKey | none |Non-flow key information element - those IEs are aggregated. |
|ieName | none |name of the IE. |
|modifier | none |Optional field modifier for flow key IEs ("discard", "mask/X"). |
|match | 0 |Optional flow key filter for protocol identifier ("TCP", "UDP", "ICMP", or IANA number), IP addresses ("A.B.C.D/M"), port numbers (separated by ",", port range "A:B"), TCP control bits ("FIN", "SYN", "RST", "PSH", "ACK", "URG", separated by ","). |
|inactiveTimeout | 0 |Expiration timeout for idle/inactive flows. |
|activeTimeout | 0 |Periodic expiration timeout for long-lasting flows (typically larger than inactiveTimeout). |
|pollInterval | 0 |Length of interval when flows should be exported to next module. |
|hashtableBits | 17 |Length of hashtable used for aggregation in bits. The resulting hashtable will have a size of ''2^hashtableBits''. |
== IpfixCollector ==
Receives IPFIX records from the network and imports them into Vermont. Protocols UDP and SCTP are supported at the moment.
Input type: IdmefMessage
Output type: none
**Example configuration:**
<code xml>
<ipfixCollector>
<listener>
<ipAddress>0.0.0.0</ipAddress>
<transportProtocol>UDP</transportProtocol>
<port>4739</port>
</listener>
</ipfixCollector>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|listener | none |Specifies a port where to listen for IPFIX flows. |
|ipAddress | none |IP address of interface on which collector receives IPFIX packets. If not given, collector receives at all interfaces. |
|transportProtocol | none |Must be set to `UDP' or `SCTP'. |
|port | 4739 |Port where Vermont listenes for incoming IPFIX flows. |
== IpfixExporter ==
Exports internal IPFIX records to the network using protocol UDP or SCTP.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<ipfixExporter id="7">
<templateRefreshInterval>10</templateRefreshInterval>
<maxRecordRate>5000</maxRecordRate>
<sctpDataLifetime unit="msec">10000</sctpDataLifetime>
<sctpReconnectInterval unit="sec">30</sctpReconnectInterval>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</ipfixExporter>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|observationDomainId | 0 |Observation Domain ID of the exporter. |
|templateRefreshInteval | 20s |Interval for periodic sending of templates. |
|templateRefreshRate | 10000 |Interval for periodic sending of templates in records. |
|ipAddressType | 4 |Currently, only IPv4 is supported. |
|ipAddress | none |IP address of the collector the packets are sent to. |
|transportProtocol | none |Currently, only UDP (17) is supported. |
|port | 4739 |Port number of the collector. |
|maxRecordRate | 5000 |Maximum number of flow records per second sent to collector. |
|sctpDataLifetime | 10000ms |Time how long SCTP considers a packet valid and tries to retransmit it. |
|sctpReconnectInterval | 30s |Time that Exporter waits to reestablish a lost connection. |
== IpfixPrinter ==
Prints incoming Ipfix flows to stdout for debugging purposes.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<ipfixPrinter id="8">
<lineOutput>1</lineOutput>
</ipfixPrinter>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|lineOutput | 0 |Specifies if a special one-line-per-flow output should be used if value equals 1. |
== IpfixDbReader ==
Imports IPFIX flows from a MYSQL database table.
Input type: none
Output type: IpfixRecord
**Example configuration:**
<code xml>
<ipfixDbReader id="10">
<host>127.0.0.1</host>
<port>3306</port>
<dbname>flows</dbname>
<username>vermont</username>
<password>v_password</password>
<timeshift>true</timeshift>
<next>12</next>
</ipfixDbReader>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|host | none |Host of MySQL database. |
|port | 3306 |Port number of database. |
|dbname | none |Database name. |
|username | none |Username for database access. |
|password | none |Password for database access. |
|timeshift | false |Shift time stamps to current time. |
|fullspeed | false |If true, tables are read at full speed. Timeshifts are disabled. Otherwise, records are read from table approximately at the same speed as they were originally exported. |
|observationDomainId | 0 |Observation Domain Id assigned to the records. |
== IpfixDbWriter ==
Exports IPFIX flows to a database table in a MySQL database.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<ipfixDbWriter id="10">
<host>127.0.0.1</host>
<port>3306</port>
<dbname>flows</dbname>
<username>vermont</username>
<password>v_password</password>
<bufferrecords>30</bufferrecords>
<columns>
<name>firstSwitched</name>
<name>bytes</name>
</columns>
</ipfixDbWriter>
</code>
Parameters:
| **Element name** | **Default value** | **Description** |
|host | none |Host of MySQL database. |
|port | 3306 |Port number of database. |
|dbname | none |Database name. |
|username | none |Username for database access. |
|password | none |Password for database access. |
|bufferrecords | 30 |Amount of flow records to buffer until they are written to the database. |
|observationDomainId | none |Observation Domain Id overriding the value to the records. |
|name | none |Column name (see IpfixDbCommon.hpp, currently one of "srcIP", "dstIP", "srcPort", "dstPort", "proto", "dstTos", "bytes", "pkts", "firstSwitched", "lastSwitched", "firstSwitchedMillis", "lastSwitchedMillis", "exporterID", "tcpControlBits", "revbytes", "revpkts", "revFirstSwitched", "revLastSwitched", "revFirstSwitchedMillis", "revLastSwitchedMillis", "revTcpControlBits", "maxPacketGap") |
== IpfixDbWriterPg ==
Exports IPFIX flows to a database table in a PostgreSQL database.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<ipfixDbWriter id="10">
<host>127.0.0.1</host>
<port>3306</port>
<dbname>flows</dbname>
<username>vermont</username>
<password>v_password</password>
<bufferrecords>30</bufferrecords>
</ipfixDbWriter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|host | none |Host of MySQL database. |
|port | 3306 |Port number of database. |
|dbname | none |Database name. |
|username | none |Username for database access. |
|password | none |Password for database access. |
|bufferrecords | 30 |Amount of flow records to buffer until they are written to the database. To achieve high performance, a value from 1000 to 10000 is recommended. |
== IpfixPayloadWriter ==
Writes IPFIX records including front payload into files. Only the first N (to be set in parameters) flows in chronological order are regarded. It is expected, that incoming flows are biflows and include front payload. For each biflow, three files are generated: .info contains header information of the flow, two .payload files contain front payload in both directions.
Input type: IpfixRecord
Output type: none
**Example configuration:**
<code xml>
<ipfixPayloadWriter id="5">
<destPath>payload_work</destPath>
<filenamePrefix>vfp</filenamePrefix>
<connNumber>10</connNumber>
<ignoreEmptyPayload>1</ignoreEmptyPayload>
</ipfixPayloadWriter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|destPath | none |Relative path where output files are stored. |
|filenamePrefix | none |Prefix for generated filenames. |
|connNumber | none |Amount of connections that are recorded. If this parameter is set to 0, no sorting will be performed and all incoming flows will be directly written to filesystem. |
|ignoreEmptyPayload | false |Set to true if all connections/biflows with empty payload shoud be ignored. |
|ignoreIncompleteTCP | false |Set to true if all TCP biflows without SYN flags in both directions should be ignored. |
|password | none |Password for database access. |
|bufferrecords | 30 |Amount of flow records to buffer until they are written to the database. |
|startIndex | 0 |Start index of first flow written to disk. Useful if already partially written dump on disk needs to be completed. |
== IpfixQueue ==
Caches IPFIX records in a queue until next module is ready to process them.
Input type: IpfixRecord
Output type: IpfixRecord
**Example configuration:**
<code xml>
<ipfixQueue id="3">
<maxSize>10</maxSize>
<next>6</next>
</ipfixQueue>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
| maxSize | 1 | Maximum number of items in queue. If queue is full, no new packets are accepted and preceding modules are paused. |
== IpfixSampler ==
Samples IPFIX records using a simple sampler based on modulo.
Input type: IpfixRecord
Output type: IpfixRecord
**Example configuration:**
<code xml>
<ipfixSampler id="3">
<flowRate>0.1</flowRate>
<next>6</next>
</ipfixSampler>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
| flowRate | 1 | Ratio of flows that should pass sampler. When set to 0.1, 10% of all flows pass the module. Attention: internally, after calculating the inverse, this value is converted to an integer for the modulo operation. So values close to 1 may not be reflected properly by the sampler. Values above 1 are not allowed. |
== Observer ==
Captures raw packets using the PCAP interface.
Input type: none
Output type: Packet
**Example configuration:**
<code xml>
<observer id="1">
<interface>eth1</interface>
<pcap_filter>ip</pcap_filter>
<next>2</next>
</observer>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
| interface | none |Interface PCAP listens to. Do not use in combination with parameter filename. |
| captureLength | 128 |Sets the capture length of each packet. Packets bigger than that size are truncated. ATTENTION: if payload is analyzed in later modules, this parameter needs to be large enough! |
| filename | none |Must be specified if Vermont needs to read from file and contains its filename. Do not use in combination with parameter interface. |
| pcap_filter | none |Filter specification which is passed to PCAP (usually `ip' to only capture IP packets). |
| replaceTimestamps | false |If true, PCAP packet timestamps are replaced with current time. This parameter only applies to PCAP file reading. |
| offlineSpeed | 1.0 |Only applies to PCAP file reading. Sets the speed multiplier for offline PCAP file reading. A negative value means read as fast as you can. |
| offlineAutoExit | true |Only applies to PCAP file reading. Sets if Vermont should be shut down automatically after reading all PCAP file data. |
| maxPackets | 0 | Specifies a maximum number of packets to be processed by the Observer. After this number is reached, the Observer stops reading packets and may trigger the shutdown, if parameter 'offlineAutoExit' was specified. If this parameter is set to 0, the Observer may read an infinite amount of packets.
== PacketFilter ==
Forwards packets which match specified filter configuration and drops non-matching packets.
Input type: Packet
Output type: Packet
**Example configuration:**
<code xml>
<filter id="2">
<countBased>
<interval>4</interval>
<spacing>2</spacing>
<countBased>
<timeBased>
<interval>100</interval>
<spacing>50</spacing>
</timeBased>
<stringBased>
<is>bla</is>
<isnot>blub</isnot>
<is type="HEX">0xFF024F</is>
</stringBased>
<regexBased>
<matchPattern>is\s*not</matchPattern>
</regexBased>
<next>3</next>
</filter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
| countBased | none |Creates a count-based filter. Spacing defines the number of packets accepted at the beginning of the period, interval specifies the length of the period |
| timeBased | none |Creates a time-based filter. Spacing defines the number of milliseconds during which time all incoming packets are accepted at the beginning of the period, interval specifies the length of the period in milliseconds. |
| interval | none |Belongs to either countBased or timeBased filter. Specifies length of period. |
| spacing | none |Belongs to either countBased or timeBased filter. Specifies amount of time or number of packets accepted. |
| stringBased | none |Creates a string-based filter which scans for specified strings inside the packet payload. If more than one search element is specified, only packets will be forwarded which match *all* specifications. |
| is | none |Accepts packets which contain included ASCII string. If attribute "type" is set to "HEX", the tag's content MUST include a hexstring which specifies the binary data to be searched for. |
| isnot | none |Drops packets which contain included ASCII string. If attribute "type" is set to "HEX", the tag's content MUST include a hexstring which specifies the binary data to be searched for. |
| regexBased | none |Creates a regex-based filter which scans for specified regexes inside the packet payload. If more than one regex is specified, only packets will be forwarded which match *all* specifications. |
| matchPattern | none |Specifies a regular expression used by the regex-based filter. |
| stateConnectionBased | none |Creates a filter which searches for TCP connections and matches all packets that contain the first N payload bytes. It uses a determinstic algorithm that will consume all the memory necessary to store all seen TCP connections. |
| connectionBased | none |Same as stateConnectionBased filter, but uses a different algorithm for TCP connection tracking. The algorithm is probabilistic and uses a fixed amount of memory to store the TCP connections. |
| timeout | 3 |Belongs to either stateConnectionBased or connectionBased filter. Specifies the time in seconds a seen TCP connection request is valid, before it will time out. |
| bytes | 100 |Belongs to either stateConnectionBased or connectionBased filter. Specifies how much Payload should be exported in bytes. |
| hashFunctions | 3 |Belongs to connectionBased filter. Specifies the number of hash functions that are used to index the bloom filters. |
| filterSize | 1000 |Belongs to connectionBased filter. Specifies the size of the bloom filters that are used by the connection based filter. |
| exportControlPackets | true |Controls wether TCP control packets (SYN/FIN/RST) are exported by stateConnectionBased and connectionBased filter. |
| anonFilter | none |Specifies a filter that performs anonymization on captured network packets. Contains one or more anonFields. This tag can have several subtags. The subtags are the same ones that can be used in the RecordAnonymizer module |
| payloadFilter | none |Payload is dropped, when this filter is specified. |
== PacketQueue ==
Caches packets in a queue until next module is ready to process them.
Input type: Packet
Output type: Packet
**Example configuration:**
<code xml>
<packetQueue id="3">
<maxSize>10</maxSize>
<next>6</next>
</packetQueue>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|maxSize | 0 |Maximum number of items in queue. If queue is full, no new packets are accepted and preceding modules are paused. |
== PacketAggregator ==
Aggregates incoming raw packets to flows according to specified parameters.
Input type: Packet
Output type: IpfixRecord
**Example configuration:**
<code xml>
<packetAggregator id="6">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndMilliSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">1</inactiveTimeout>
<activeTimeout unit="sec">1</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|templateId | none |Template ID (mandadory!). |
|flowKey | |Flow key information element - flows are aggregated according to those keys. |
|nonFlowKey | none |Non-flow key information element - those IEs are aggregated. |
|ieName | none |name of the IE. |
|modifier | none |Optional field modifier for flow key IEs ("discard", "mask/X"). |
|match | 0 |Optional flow key filter for protocol identifier ("TCP", "UDP", "ICMP", or IANA number), IP addresses ("A.B.C.D/M"), port numbers (separated by ",", port range "A:B"), TCP control bits ("FIN", "SYN", "RST", "PSH", "ACK", "URG", separated by ","). |
|inactiveTimeout | 0 |Expiration timeout for idle/inactive flows. |
|activeTimeout | 0 |Periodic expiration timeout for long-lasting flows (typically larger than inactiveTimeout). |
|pollInterval | 0 |Length of interval when flows should be exported to next module. |
|hashtableBits | 17 |Length of hashtable used for aggregation in bits. The resulting hashtable will have a size of 2^{hashtableBits}. |
== PacketIDMEFReporter ==
For each incoming packet an IDMEF message is generated. An extract of the packet payload called snapshot may be included in the IDMEF message.
Input type: Packet
Output type: IdmefMessage
**Example configuration:**
<code xml>
<packetIDMEFReporter>
<snapshotoffset>12</snapshotoffset>
<snapshotlength>20</snapshotlength>
<analyzerid>idmefreporter</analyzerid>
<idmeftemplate>idmef/templates/idmefreporter_template.xml</idmeftemplate>
</packetIDMEFReporter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|snapshotoffset | 0 |Byte offset from start of packet payload. |
|snapshotlength | 0 |Byte length of snapshot. If it exceeds packet length, snapshot will be truncated. |
|analyzerid | none |Analyzer ID that will be included in IDMEF message. |
|idmeftemplate | none |Path to template file for IDMEF message. |
== PCAPExporter ==
Exports incoming packets into a file in PCAP format.
Input type: Packet
Output type: none
**Example configuration:**
<code xml>
<pcapExporter>
<filename>output.pcap</filename>
</psampExporter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|filename | none |Name of the output pcap file. |
|linkType | EN10MB |Data link type of the output file. Names are DLT_ names form the pcap man page with the DLT_ removed (see `man pcap') |
|snaplen | PCAP_MAX_ |Snaplen for the pcap file |
| | CAPTURE_LENGTH | |
== PSAMPExporter ==
Exports incoming packets as PSAMP records over the network.
Input type: Packet
Output type: none
**Example configuration:**
<code xml>
<psampExporter id="1">
<observationDomainId>123</observationDomainId>
<ipfixPacketRestrictions>
<maxPacketSize>200</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<packetReporting>
<templateId>888</templateId>
<reportedIE>
<ieName>sourceIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>destinationIPv4Address</ieName>
</reportedIE>
<reportedIE>
<ieName>ipPayloadPacketSection</ieName>
<ieLength>65535</ieLength>
</reportedIE>
</packetReporting>
<collector>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>UDP</transportProtocol>
<port>4739</port>
</collector>
</psampExporter>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|observationDomainId | 0 |Observation Domain ID of the exporter. |
|ipfixPacketRestrictions | none |Restrictions for IPFIX packets. |
|maxPacketSize | none |Maximum size of IPFIX packets. |
|maxExportDelay | none |Maximum delay until IPFIX packet is sent to destination. |
|packetReporting | none |Specifies elements to be exported for one template. |
|templateId | 0 |Specifies template ID. |
|reportedIE | none |Specifies one information element to be reported. |
|ieName | none |IPFIX type id of element to be exported. |
|ieLength | none |Optional specification of element length (usually only used by "ipPayloadPacketSection". |
|collector | none |Contains specification of one destination for PSAMP records. |
|idAddress | none |IP address of destination. |
|transportProtocol | none |Transport protocol to be used. Currently only "UDP" is supported. |
|port | 4739 |Port of destination. |
|templateRefreshRate | 5000 |Number of records, until template is resent. |
|templateRefreshInterval | 30s |Time, until template is resent. |
== RecordAnonymizer ==
This module is capable of anonymizing arbitary fields within IPFIX-Records using different anonymization methods.
Input type: IpfixRecord
Output type: IpfixRecord
**Example configuration:**
<code xml>
<anonRecord id="3">
<anonField>
<anonIE>
<ieName>sourceIPv4Address</ieName>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<anonField>
<anonIE>
<ieName>destinationIPv4Address</ieName>
<ieLength>4</ieLength>
</anonIE>
<anonMethod>CryptoPan</anonMethod>
<anonParam>insert key here</anonParam>
</anonField>
<copyMode>false</copyMode>
<next>6</next>
</anonRecord>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|anonField | none |Specifies one field and an anonymization method for that field. Contains one anonIE, one anonMethod and an optional anonParam tag. |
|anonIE | none |Specifies the information element that needs to be anonymized. Belongs to anonField. |
|ieName | none |Specifies the name of the field that needs to be anonymized. Belongs to anonIE. |
|anonMethod | none |Specifies the anonymization method that is used to anonymize a given header field. Belongs to anonField. Possible values are: BytewiseHashHmacSha1, BytewiseHashSha1, ConstOverwrite, ContinuousChar, HashHmacSha1, HashSha1, Randomize, Shuffle, Whitenoise, CryptoPan |
|anonParam | none |Specifies an optional parameter to the anonymization method. Different methods need different params. ByteWiseHashHmacSha1, HashHmacSha1 need an variable sized key. ConstOverwrite needs one character as parameter. CryptoPan needs an 32 bytes long parameter (16 bytes key, 16 bytes pad). For CryptoPan and ConstOverwrite, keys can be specified as normal text, or as hexadecimal string starting with '0x'. |
|copyMode | false |If true, the Record Anonymizer creates a copy of the incoming record and leaves the original record unchanged. Copy mode should be turned on if the original records are processed by other moduls as well. |
== SensorManager ==
Module which controls all sensors ("`Messfühler"') inside Vermont. It does not have any in- or output types and must not be connected to any other module. It is recommended to set its ID to 99 to express its special role. If this module is specified in the configuration, available sensors are activated and polled regularly. It may only be specified once.
Input type: none
Output type: none
**Example configuration:**
<code xml>
<sensorManager id="99">
<checkinterval>2</checkinterval>
<outputfile>sensor_output.xml</outputfile>
</sensorManager>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|checkinterval | 2 |Interval in seconds, when all sensors are polled and the output file is written to. |
|outputfile | ''sensor_output.xml'' |Path to file, where sensor data is stored. |
|append | 0 |Set to 1 if output file should be appended to, and not overwritten. |
== TRWPortscanDetector ==
Detects horizontal portscans in incoming IPFIX flows. Attention: IPFIX flows must be aggregated to biflows. To achieve best results, flows should contain the following IEs:
* sourceIPv4Address
* destinationIPv4Address
* sourceTransportPort
* destinationTransportPort
* protocolIdentifier
* flowStartMilliSeconds
* flowEndMilliSeconds
* revFlowStartMilliSeconds
* revFlowEndMilliSeconds
* octetDeltaCount
* revOctetDeltaCount
* packetDeltaCount
* revPacketDeltaCount
* tcpControlBits
* revTcpControlBits
Input type: IpfixRecord
Output type: IdmefMessage
**Example configuration:**
<code xml>
<trwPortscanDetector id="8">
<analyzerid>trwportscandetector</analyzerid>
<idmeftemplate>idmef/templates/trwportscan_template.xml</idmeftemplate>
<hashbits>20</hashbits>
<timeexpirepending>86400</timeexpirepending>
<timeexpirescanner>1800</timeexpirescanner>
<timeexpirebenign>1800</timeexpirebenign>
<timecleanupinterval>10</timecleanupinterval>
<next>9</next>
</trwPortscanDetector>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|analyzerid | none |Analyzer ID which is inserted into the generated IDMEF message. |
|idmeftemplate | none |Path to IDMEF template which is used to generate the IDMEF message. |
|hashbits | 20 |Amount of bits used for hashtable to contain watched IP addresses. |
|timeexpirepending | 86400 |Seconds, until non-classified inactive IP addresses are purged from table. |
|timeexpirescanner | 1800 |Seconds, until as portscanner classified IP addresses are purged from table. |
|timeexpirebenign | 1800 |Seconds, until as benign classified IP addresses are purged from table. |
|timecleanupinterval | 10 |Interval length in seconds, when IP address table is scanned for entries to be purged. |
== P2PDetector ==
Detects Peer-to-Peer Clients in a subnet. Attention: IPFIX flows must be aggregated to biflows.
Input type: IpfixRecord
Output type: IdmefMessage
**Example configuration:**
<code xml>
<p2pDetector id="5">
<analyzerid>P2PDetector</analyzerid>
<interval>300</interval>
<subnet>192.168.1.0/24</subnet>
<udpRateThreshold>0.013</udpRateThreshold>
<udpHostRateThreshold>0.0007</udpHostRateThreshold>
<tcpRateThreshold>0.082</tcpRateThreshold>
<coexistentTCPConsThreshold>2.9</coexistentTCPConsThreshold>
<rateLongTCPConsThreshold>0.018</rateLongTCPConsThreshold>
<tcpVarianceThreshold>0.068</tcpVarianceThreshold>
<failedConsPercentThreshold>4.8</failedConsPercentThreshold>
<tcpFailedRateThreshold>0.01</tcpFailedRateThreshold>
<tcpFailedVarianceThreshold>0.3</tcpFailedVarianceThreshold>
<next>6</next>
</p2pDetector>
</code>
**Parameters:**
| **Element name** | **Default value** | **Description** |
|analyzerid | none |Analyzer ID which is inserted into the generated IDMEF message. |
|interval | 300 |Interval in seconds for repeated computing of the criteria |
|subnet | 0.0.0.0 |Subnet to be researched |
|udpRateThreshold | 0.013 |Threshold for udp rate. Calculated criteria must be above this value to be detected as a peer |
|udpHostRateThreshold | 0.0007 |Threshold for udp host rate. Calculated criteria must be above this value to be detected as a peer |
|tcpRateThreshold | 0.082 |Threshold for tcp rate. Calculated criteria must be above this value to be detected as a peer |
|coexistentTCPConsThreshold | 2.9 |Threshold for coexistent TCP connections. Calculated criteria must be above this value to be detected as a peer |
|rateLongTCPConsThreshold | 0.018 |Threshold for rate of long TCP conncetions. Calculated criteria must be above this value to be detected as a peer |
|tcpVarianceThreshold | 0.068 |Threshold for variance of new TCP connections. Calculated criteria must be below this value to be detected as a peer |
|failedConsPercentThreshold | 4.8 |Threshold for percentage of failed TCP connections. Calculated criteria must be above this value to be detected as a peer |
|tcpFailedRateThreshold | 0.01 |Threshold for rate of failed TCP connections. Calculated criteria must be above this value to be detected as a peer |
|tcpFailedVarianceThreshold | 0.3 |Threshold for variance of failed TCP connections. Calculated criteria must be below this value to be detected as a peer |

0
ipfixlolib/doc/Makefile → docs/ipfixlolib/Makefile
View File

0
ipfixlolib/doc/example_code.c → docs/ipfixlolib/example_code.c
View File

0
ipfixlolib/doc/ipfix.html → docs/ipfixlolib/ipfix.html
View File

258
exporter_configuration.cc
View File

@ -1,258 +0,0 @@
#include "exporter_configuration.h"
#include "metering_configuration.h"
#include <sampler/ExporterSink.h>
ExporterConfiguration::ExporterConfiguration(xmlDocPtr document, xmlNodePtr startPoint)
: Configuration(document, startPoint), maxPacketSize(0), exportDelay(0), templateRefreshTime(0), templateRefreshRate(0), dataLifetime(0),
reconnectTimeout(0),
exporterSink(0), ipfixSender(0)
{
xmlChar* idString = xmlGetProp(startPoint, (const xmlChar*)"id");
if (NULL == idString) {
THROWEXCEPTION("Got exporter without unique id!");
}
id = configTypes::exporter + (const char*)idString;
xmlFree(idString);
}
ExporterConfiguration::~ExporterConfiguration()
{
for (unsigned i = 0; i != collectors.size(); ++i) {
delete collectors[i];
}
delete exporterSink;
if (ipfixSender) {
ipfixSender->stop();
delete ipfixSender;
}
}
void ExporterConfiguration::configure()
{
msg(MSG_INFO, "ExporterConfiguration: Start reading exportingProcess section");
xmlNodePtr i = start->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "ipfixPacketRestrictions")) {
readPacketRestrictions(i);
} else if (tagMatches(i, "udpTemplateManagement")) {
readUdpTemplateManagement(i);
} else if (tagMatches(i, "sctpManagement")) {
readSctpManagement(i);
} else if (tagMatches(i, "collector")) {
readCollector(i);
}
i = i->next;
}
msg(MSG_INFO, "ExporterConfiguration: Successfully parsed exportingProcess section");
}
void ExporterConfiguration::readPacketRestrictions(xmlNodePtr p)
{
xmlNodePtr i = p->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "maxPacketSize")) {
maxPacketSize = (uint16_t)atoi(getContent(i).c_str());
} else if (tagMatches(i, "maxExportDelay")) {
exportDelay = getTimeInMsecs(i);
}
i = i->next;
}
}
void ExporterConfiguration::readUdpTemplateManagement(xmlNodePtr p)
{
xmlNodePtr i = p->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "templateRefreshTimeout")) {
templateRefreshTime = getTimeInSecs(i);
} else if (tagMatches(i, "templateRefreshRate")) {
templateRefreshRate = (unsigned)atoi(getContent(i).c_str());
}
i = i->next;
}
}
void ExporterConfiguration::readSctpManagement(xmlNodePtr p)
{
xmlNodePtr i = p->xmlChildrenNode;
while (NULL != i) {
if (tagMatches(i, "dataLifetime")) {
dataLifetime = getTimeInMsecs(i);
}
if (tagMatches(i, "reconnectTimeout")) {
reconnectTimeout = getTimeInSecs(i);
}
i = i->next;
}
}
void ExporterConfiguration::readCollector(xmlNodePtr p)
{
xmlNodePtr i = p->xmlChildrenNode;
Collector* c = new Collector();
c->port = 4739; // standard port for IPFIX
while (NULL != i) {
if (tagMatches(i, "ipAddressType")) {
// we only have ipv4 at the moment
// so nothing is implemented yet for ipv6
c->ipAddressType = 4;
} else if (tagMatches(i, "ipAddress")) {
c->ipAddress = getContent(i);
} else if (tagMatches(i, "transportProtocol")) {
if ((getContent(i) == "17") || (getContent(i) == "UDP")) {
c->protocolType = UDP;
#ifdef SUPPORT_SCTP
}else if ((getContent(i) == "132") || (getContent(i) == "SCTP")){
c->protocolType = SCTP;
#endif
#ifdef IPFIXLOLIB_RAWDIR_SUPPORT
}else if (getContent(i) == "RAWDIR"){
c->protocolType = RAWDIR;
#endif
/*
}else if ((getContent(i) == "6") || (getContent(i) == "TCP")){
c->protocolType = TCP;
*/
}else{
THROWEXCEPTION("Unsupported protocol %s. Vermont only supports UDP (17) and SCTP (132). For using SCTP make sure you did not turn it off in ./configure", getContent(i).c_str());
}
} else if (tagMatches(i, "port")) {
c->port = (uint16_t)atoi(getContent(i).c_str());
}
i = i->next;
}
collectors.push_back(c);
}
void ExporterConfiguration::setUp()
{
}
void ExporterConfiguration::createExporterSink(Template* t, uint16_t observationDomainId, uint16_t recordLength)
{
msg(MSG_INFO, "ExporterConfiguration: Creating exporter sink");
exporterSink = new ExporterSink(t, observationDomainId);
if(recordLength || maxPacketSize)
{
// IPFIX packet header: 16 bytes, set header: 4 bytes
int recordsPerPacket = (maxPacketSize - 16 - 4) / recordLength;
if(recordsPerPacket <= 0) recordsPerPacket = 1;
msg(MSG_INFO, "ExporterConfiguration: Set maximum records per packet to %d", recordsPerPacket);
exporterSink->setMaxRecords(recordsPerPacket);
}
if(exportDelay)
{
msg(MSG_INFO, "ExporterConfiguration: Set maximum export timeout to %d", exportDelay);
exporterSink->setExportTimeout(exportDelay);
}
if(templateRefreshRate)
{
msg(MSG_ERROR, "ExporterConfiguration: Configuration of templateRefreshRate not yet supported..");
}
if(templateRefreshTime > 0){
exporterSink->setTemplateTransmissionTimer(templateRefreshTime);
msg(MSG_DEBUG, "ExporterConfiguration: templateRefreshTime set to %d",templateRefreshTime );
}
if(dataLifetime > 0){
exporterSink->setSctpLifetime(dataLifetime);
msg(MSG_DEBUG, "ExporterConfiguration: SCTP dataLifetime set to %d",dataLifetime );
}
if(reconnectTimeout > -1){
exporterSink->setSctpReconnectTimeout(reconnectTimeout);
msg(MSG_DEBUG, "ExporterConfiguration: SCTP reconnectTimeout set to %d",reconnectTimeout );
}
for (unsigned i = 0; i != collectors.size(); ++i) {
msg(MSG_DEBUG, "ExporterConfiguration: adding collector %s:%d to ExporterSink",
collectors[i]->ipAddress.c_str(),
collectors[i]->port);
exporterSink->addCollector(collectors[i]->ipAddress.c_str(),
collectors[i]->port,
collectors[i]->protocolType);
}
}
void ExporterConfiguration::createIpfixSender(uint16_t observationDomainId)
{
if (collectors.empty()) {
msg(MSG_INFO, "ExporterConfiguration: Aggregator won't export it's result to any collector");
return;
}
msg(MSG_DEBUG, "ExporterConfiguration: Creating IpfixSender");
ipfixSender = new IpfixSender(observationDomainId,
collectors[0]->ipAddress.c_str(),
collectors[0]->port,
collectors[0]->protocolType);
if (!ipfixSender) {
THROWEXCEPTION("Could not create IpfixSender!");
}
if(maxPacketSize || exportDelay)
{
msg(MSG_ERROR, "ExporterConfiguration: maxPacketSize and/or exportDelay not yet supported by IpfixSender. Ignored.");
}
if(templateRefreshRate)
{
msg(MSG_ERROR, "ExporterConfiguration: Configuration of templateRefreshRate not yet supported..");
}
if(templateRefreshTime > 0){
ipfixSender->setTemplateTransmissionTimer(templateRefreshTime);
msg(MSG_DEBUG, "ExporterConfiguration: templateRefreshTime set to %d",templateRefreshTime );
}
if(dataLifetime > 0){
ipfixSender->setSctpLifetime(dataLifetime);
msg(MSG_DEBUG, "ExporterConfiguration: SCTP dataLifetime set to %d",dataLifetime );
}
if(reconnectTimeout > -1){
ipfixSender->setSctpReconnectTimeout(reconnectTimeout);
msg(MSG_DEBUG, "ExporterConfiguration: SCTP reconnectTimeout set to %d",reconnectTimeout );
}
for (unsigned i = 1; i != collectors.size(); ++i) {
if (ipfixSender->addCollector(collectors[i]->ipAddress.c_str(), collectors[i]->port,
collectors[i]->protocolType)) {
msg(MSG_ERROR, "ExporterConfiguration: error adding collector %s:%d to IpfixSender",
collectors[i]->ipAddress.c_str(), collectors[i]->port);
}
}
// we need to start IpfixSender right here, because ipfixAggregator
// needs a running IpfixSender before it can be created
// TODO: FIX THIS!
ipfixSender->start();
}
void ExporterConfiguration::connect(Configuration*)
{
THROWEXCEPTION("Exporter is an end target and cannot be connected to something!");
}
void ExporterConfiguration::startSystem()
{
if (exporterSink) {
msg(MSG_DEBUG, "ExporterConfiguration: Starting ExporterSink for Sampler");
exporterSink->runSink();
} else if (ipfixSender) {
msg(MSG_DEBUG, "ExporterConfiguration: Running IpfixSenders.");
// ipfixSender already runs (see createIpfixSender())
ipfixSender->runSink();
} else {
THROWEXCEPTION("Can neither start an ExporterSink, nor an IpfixSender -> something is broken!");
}
}
void ExporterConfiguration::stopSystem()
{
if (exporterSink) {
msg(MSG_DEBUG, "ExporterConfiguration: Stopping ExporterSink for Sampler");
exporterSink->terminateSink();
} else if (ipfixSender) {
msg(MSG_DEBUG, "ExporterConfiguration: Terminating IpfixSenders.");
ipfixSender->terminateSink();
} else {
THROWEXCEPTION("Can neither stop an ExporterSink, nor an IpfixSender -> something is broken!");
}
}

61
exporter_configuration.h
View File

@ -1,61 +0,0 @@
#ifndef _EXPORTER_CONFIGURATION_H_
#define _EXPORTER_CONFIGURATION_H_
#include "ipfix_configuration.h"
#include "ipfixlolib/ipfixlolib.h"
#include <concentrator/IpfixSender.hpp>
#include <vector>
class ExporterSink;
class Template;
class ExporterConfiguration : public Configuration {
public:
ExporterConfiguration(xmlDocPtr document, xmlNodePtr startPoint);
~ExporterConfiguration();
virtual void configure();
virtual void connect(Configuration*);
virtual void startSystem();
virtual void stopSystem();
void createExporterSink(Template* t, uint16_t observationDomainId, uint16_t recordLength);
ExporterSink* getExporterSink() const { return exporterSink; }
void createIpfixSender(uint16_t observationDomainId);
IpfixSender* getIpfixSender() { return ipfixSender; }
protected:
void setUp();
private:
struct Collector {
std::string ipAddress;
unsigned ipAddressType;
ipfix_transport_protocol protocolType;
uint16_t port;
};
void readPacketRestrictions(xmlNodePtr p);
void readUdpTemplateManagement(xmlNodePtr p);
void readSctpManagement(xmlNodePtr p);
void readCollector(xmlNodePtr i);
uint16_t maxPacketSize;
unsigned exportDelay;
unsigned templateRefreshTime;
unsigned templateRefreshRate;
unsigned dataLifetime;
int reconnectTimeout;
std::vector<Collector*> collectors;
ExporterSink* exporterSink;
IpfixSender* ipfixSender;
};
#endif

219
flowmetering_configuration.cc
View File

@ -1,219 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#include "flowmetering_configuration.h"
#include "common/msg.h"
FlowMeteringConfiguration::FlowMeteringConfiguration(xmlDocPtr doc, xmlNodePtr start)
: Configuration(doc, start), ipfixAggregator(0), running(false)
{
}
FlowMeteringConfiguration::~FlowMeteringConfiguration()
{
if (ipfixAggregator) {
stopSystem();
delete ipfixAggregator;
}
}
void FlowMeteringConfiguration::configure()
{
msg(MSG_INFO, "FlowMeteringConfiguration: Start reading flowMetering section");
xmlNodePtr i = start->xmlChildrenNode;
// if (!observationIdSet) {
// THROWEXCEPTION("MeteringConfiguration: Observation id for aggregator isn't set yet. But we need one right now!");
// }
unsigned minBufferTime = 0;
unsigned maxBufferTime = 0;
Rules* rules = new Rules;
while (NULL != i) {
if (tagMatches(i, "rule")) {
Rule* r = readRule(i);
if (r->fieldCount > 0) {
rules->rule[rules->count++] = r;
}
} else if (tagMatches(i, "expiration")) {
xmlNodePtr j = i->xmlChildrenNode;
while (NULL != j) {
if (tagMatches(j, "activeTimeout")) {
maxBufferTime = getTimeInSecs(j);
} else if (tagMatches(j, "inactiveTimeout")) {
minBufferTime = getTimeInSecs(j);
}
j = j->next;
}
}
i = i->next;
}
ipfixAggregator = new IpfixAggregator(rules, minBufferTime, maxBufferTime);
if (!ipfixAggregator) {
THROWEXCEPTION("MeteringConfiguration: Could not create aggreagtor");
}
msg(MSG_INFO, "FlowMeteringConfiguration: Successfully parsed flowMetering section");
}
void FlowMeteringConfiguration::setUp()
{
// nothing to perform before connect()
}
Rule* FlowMeteringConfiguration::readRule(xmlNodePtr p) {
// nonflowkey -> aggregate
// flowkey -> keep
xmlNodePtr i = p->xmlChildrenNode;
Rule* rule = new Rule();
while (NULL != i) {
if (tagMatches(i, "templateId")) {
rule->id = atoi(getContent(i).c_str());
} else if (tagMatches(i, "flowKey")) {
try {
InfoElementId ie(i, *this);
Rule::Field* ruleField = new Rule::Field();
if (ie.getModifier().empty() || (ie.getModifier() == "keep")) {
ruleField->modifier = Rule::Field::KEEP;
} else if (ie.getModifier() == "discard") {
ruleField->modifier = Rule::Field::DISCARD;
} else {
ruleField->modifier = (Rule::Field::Modifier)((int)Rule::Field::MASK_START + atoi(ie.getModifier().c_str() + 5));
}
if (ie.getIeName() != "") {
if (0 == (ruleField->type.id = string2typeid(ie.getIeName().c_str()))) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad field type \"%s\"", ie.getIeName().c_str());
throw std::exception();
}
} else {
ruleField->type.id = atoi(ie.getIeId().c_str());
}
if (ie.getIeLength() != "") {
ruleField->type.length = atoi(ie.getIeLength().c_str());
} else {
if (0 == (ruleField->type.length = string2typelength(ie.getIeName().c_str()))) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad field type \"%s\", l.%s", ie.getIeName().c_str(), ie.getIeLength().c_str());
throw std::exception();
}
}
if ((ruleField->type.id == IPFIX_TYPEID_sourceIPv4Address) || (ruleField->type.id == IPFIX_TYPEID_destinationIPv4Address)) {
ruleField->type.length++; // for additional mask field
}
if (!ie.getMatch().empty()) {
/* TODO: we need to
copy the string
because
parseProtoPattern
and
parseIPv4Pattern
violate the
original string
*/
char* tmp = new char[ie.getMatch().length() + 1];
strcpy(tmp, ie.getMatch().c_str());
ruleField->pattern = NULL;
switch (ruleField->type.id) {
case IPFIX_TYPEID_protocolIdentifier:
if (parseProtoPattern(tmp, &ruleField->pattern, &ruleField->type.length) != 0) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad protocol pattern \"%s\"", tmp);
throw std::exception();
}
break;
case IPFIX_TYPEID_sourceIPv4Address:
case IPFIX_TYPEID_destinationIPv4Address:
if (parseIPv4Pattern(tmp, &ruleField->pattern, &ruleField->type.length) != 0) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad IPv4 pattern \"%s\"", tmp);
throw std::exception();
}
break;
case IPFIX_TYPEID_sourceTransportPort:
case IPFIX_TYPEID_udpSourcePort:
case IPFIX_TYPEID_tcpSourcePort:
case IPFIX_TYPEID_destinationTransportPort:
case IPFIX_TYPEID_udpDestinationPort:
case IPFIX_TYPEID_tcpDestinationPort:
if (parsePortPattern(tmp, &ruleField->pattern, &ruleField->type.length) != 0) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad PortRanges pattern \"%s\"", tmp);
throw std::exception();
}
break;
case IPFIX_TYPEID_tcpControlBits:
if (parseTcpFlags(tmp, &ruleField->pattern, &ruleField->type.length) != 0) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad TCP flags pattern \"%s\"", tmp);
throw std::exception();
}
break;
default:
msg(MSG_ERROR, "FlowMeteringConfiguration: Fields of type \"%s\" cannot be matched against a pattern %s", "", tmp);
throw std::exception();
break;
}
}
rule->field[rule->fieldCount++] = ruleField;
} catch (std::exception e) {}
} else if (tagMatches(i, "nonFlowKey")) {
InfoElementId ie(i, *this);
Rule::Field* ruleField = new Rule::Field();
ruleField->modifier = Rule::Field::AGGREGATE;
if (ie.getIeName() != "") {
if (0 == (ruleField->type.id = string2typeid(ie.getIeName().c_str()))) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad field type \"%s\"", ie.getIeName().c_str());
throw std::exception();
}
} else {
ruleField->type.id = atoi(ie.getIeId().c_str());
}
if (ie.getIeLength() != "") {
ruleField->type.length = atoi(ie.getIeLength().c_str());
} else {
if (0 == (ruleField->type.length = string2typelength(ie.getIeName().c_str()))) {
msg(MSG_ERROR, "FlowMeteringConfiguration: Bad field type \"%s\", l.%s", ie.getIeName().c_str(), ie.getIeLength().c_str());
throw std::exception();
}
}
if ((ruleField->type.id == IPFIX_TYPEID_sourceIPv4Address) || (ruleField->type.id == IPFIX_TYPEID_destinationIPv4Address)) {
ruleField->type.length++; // for additional mask field
}
rule->field[rule->fieldCount++] = ruleField;
}
i = i->next;
}
msg(MSG_INFO, "FlowMeteringConfiguration: Got aggregation rule: ");
rule->print();
return rule;
}
void FlowMeteringConfiguration::connect(Configuration*)
{
}
void FlowMeteringConfiguration::startSystem()
{
if (running) return;
msg(MSG_DEBUG, "FlowMeteringConfiguration: Starting aggregator.");
ipfixAggregator->start();
ipfixAggregator->runSink();
running = true;
}
void FlowMeteringConfiguration::stopSystem()
{
if (!running) return;
msg(MSG_DEBUG, "FlowMeteringConfiguration: Stopping aggregator");
ipfixAggregator->terminateSink();
ipfixAggregator->stop();
running = false;
}

40
flowmetering_configuration.h
View File

@ -1,40 +0,0 @@
/*
released under GPL v2
(C) by Lothar Braun <mail@lobraun.de>
*/
#ifndef FLOWMETERING_CONFIGURATION_H_
#define FLOWMETERING_CONFIGURATION_H_
#include "ipfix_configuration.h"
#include <concentrator/IpfixAggregator.hpp>
#include <concentrator/Rules.hpp>
class MeteringConfiguration;
class FlowMeteringConfiguration : public Configuration {
public:
FlowMeteringConfiguration(xmlDocPtr doc, xmlNodePtr start);
~FlowMeteringConfiguration();
virtual void configure();
virtual void setUp();
virtual void connect(Configuration*);
virtual void startSystem();
virtual void stopSystem();
IpfixAggregator* getIpfixAggregator() { return ipfixAggregator; }
protected:
Rule* readRule(xmlNodePtr i);
IpfixAggregator* ipfixAggregator;
bool running; /**< true between calls to startSystem() and stopSystem() */
friend class MeteringConfiguration;
};
#endif /* !FLOWMETERING_CONFIGURATION_H_ */

107
id2_only.xml
View File

@ -1,107 +0,0 @@
<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<observationPoint id="1">
<observationDomainId>4711</observationDomainId>
<type>pcap</type>
<parameters>
<interface>eth0</interface>
<pcap_filter>ip</pcap_filter>
</parameters>
<next>
<meteringProcessId>1</meteringProcessId>
</next>
</observationPoint>
<meteringProcess id="1">
<packetSelection>
</packetSelection>
<flowMetering>
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<rule>
<templateId>999</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>icmptypecodeipv4</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
</flowMetering>
<next>
<exportingProcessId>1</exportingProcessId>
</next>
</meteringProcess>
<exportingProcess id="1">
<ipfixPacketRestrictions>
<maxPacketSize>1500</maxPacketSize>
<maxExportDelay unit="msec">500</maxExportDelay>
</ipfixPacketRestrictions>
<udpTemplateManagement>
<templateRefreshTimeout>10</templateRefreshTimeout>
<templateRefreshRate>100</templateRefreshRate>
</udpTemplateManagement>
<collector>
<ipAddressType>4</ipAddressType>
<ipAddress>127.0.0.1</ipAddress>
<transportProtocol>17</transportProtocol>
<port>1500</port>
</collector>
</exportingProcess>
</ipfixConfig>

23
idmef/templates/p2pdetector_template.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE IDMEF-Message PUBLIC "-//IETF//DTD RFC XXXX IDMEF v1.0//EN" "idmef-message.dtd">
<IDMEF-Message>
<Alert messageid="%MESSAGE_ID%">
<Analyzer model="vermont P2P detector" analyzerid="%ANALYZER_ID%">
<Node category="hosts">
<name>%ANALYZER_HOST%</name>
<Address category="ipv4-addr">
<address>%ANALYZER_IP%</address>
</Address>
</Node>
</Analyzer>
<CreateTime ntpstamp="%NTP_TIME%">%CREATE_TIME%</CreateTime>
<Peer>
<Node category="hosts">
<Address category="ipv4-addr">
<address>%PEER_ADDRESS%</address>
</Address>
</Node>
</Peer>
<Classification text="p2pdetector" ident="udpRate: %UDP_RATE% (%TRUE1%), udpHostRate: %UDP_HOST_RATE% (%TRUE2%), tcpRate: %TCP_RATE% (%TRUE3%), coexistentTCPCons: %COEXISTENT_TCP_CONS% (%TRUE4%), rateLongTCPCons: %RATE_LONG_TCP_CONS% (%TRUE5%), tcpVariance: %TCP_VARIANCE% (%TRUE6%), failedConsPercent: %FAILED_CONS_PERCENT% (%TRUE7%), tcpFailedRate: %TCP_FAILED_RATE% (%TRUE8%), tcpFailedVariance: %TCP_FAILED_VARIANCE% (%TRUE9%)"/>
</Alert>
</IDMEF-Message>

381
ipfix-config-schema.xsd
View File

@ -1,381 +0,0 @@
<?xml version="1.0" encoding="UTF-8" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:ipfix-config"
xmlns="urn:ietf:params:xml:ns:ipfix-config"
elementFormDefault="qualified"
version="1.2">
<xsd:annotation>
<xsd:documentation xml:lang="en">
IPFIX Configuration Data Model Version 1.2
New in version 1.1:
- Raw Filter method for Packet Selection
- optional precedingRuleTemplateId for flowMeteringRule_type
- optional observationDomainId element for Collecting Process
- parameters complex element for Observation Point
New in version 1.2:
- configuration of database reader and writer
</xsd:documentation>
</xsd:annotation>
<!-- Generic Types -->
<xsd:complexType name="informationElement_type">
<xsd:sequence>
<xsd:element name="enterpriseNumber" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="ieName" type="xsd:string" minOccurs="0" />
<xsd:element name="ieId" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="ieLength" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="match" type="xsd:string" minOccurs="0" />
<xsd:element name="modifier" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Field modifier can be 'mask/X' or 'discard'.
See draft-dressler-ipfix-aggregation-02 for details.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="collector_type">
<xsd:sequence>
<xsd:element name="observationDomainId" type="xsd:unsignedInt" minOccurs="0" />
<xsd:element name="ipAddressType" type="xsd:unsignedInt">
<xsd:annotation>
<xsd:documentation xml:lang="en">
IANA protocol number (IPv4:4, IPv6: 41)
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="ipAddress" type="xsd:string" />
<xsd:element name="transportProtocol" type="xsd:unsignedInt">
<xsd:annotation>
<xsd:documentation xml:lang="en">
IANA protocol number (UDP:17, TCP:6, SCTP: 132)
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="port" type="xsd:unsignedInt" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="next_type">
<xsd:sequence>
<xsd:element name="meteringProcessId" type="xsd:unsignedInt"
minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="exportingProcessId" type="xsd:unsignedInt"
minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="dbWriterId" type="xsd:unsignedInt"
minOccurs="0" maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="time_type">
<xsd:simpleContent>
<xsd:extension base="xsd:unsignedInt">
<xsd:attribute name="unit" use="optional" default="sec">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="sec" />
<xsd:enumeration value="msec" />
<xsd:enumeration value="usec" />
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<!-- Observation Point -->
<xsd:complexType name="observationPoint_type">
<xsd:sequence>
<xsd:element name="observationDomainId" type="xsd:unsignedInt" />
<xsd:element name="type" type="xsd:string" />
<xsd:element name="parameters" type="parameters_type" minOccurs="0" />
<xsd:element name="next" type="next_type" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt" use="required" />
</xsd:complexType>
<xsd:complexType name="parameters_type">
<xsd:sequence>
<xsd:element name="interface" type="xsd:string" minOccurs="0" />
<xsd:element name="pcap_filter" type="xsd:string" minOccurs="0" />
<xsd:element name="capture_len" type="xsd:unsignedInt" minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<!-- Collecting Process -->
<xsd:complexType name="collectingProcess_type">
<xsd:sequence>
<xsd:element name="observationDomainId" type="xsd:unsignedInt" minOccurs="0"/>
<xsd:element name="listener" type="collector_type" minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="udpTemplateLifetime" type="time_type" minOccurs="0" />
<xsd:element name="next" type="next_type" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt" use="required" />
</xsd:complexType>
<!-- Metering Process -->
<xsd:complexType name="meteringProcess_type">
<xsd:sequence>
<xsd:element name="packetSelection"
type="packetSelection_type" minOccurs="0"
maxOccurs="unbounded" />
<xsd:element name="packetReporting"
type="packetReporting_type" minOccurs="0"
maxOccurs="unbounded" />
<xsd:element name="flowMetering" type="flowMetering_type"
minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="next" type="next_type" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt"
use="required" />
</xsd:complexType>
<!-- Metering Process: Packet Selection -->
<xsd:complexType name="packetSelection_type">
<xsd:annotation>
<xsd:documentation xml:lang="en">
See draft-ietf-psamp-mib-05.txt for details about the packet
selection parameters.
</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:element name="countBased" type="countBased_type" />
<xsd:element name="timeBased" type="timeBased_type" />
<xsd:element name="randOutOfN" type="randOutOfN_type" />
<xsd:element name="uniProb" type="uniProb_type" />
<xsd:element name="nonUniProb" type="nonUniProb_type" />
<xsd:element name="flowState" type="flowState_type" />
<xsd:element name="filterMatch" type="filterMatch_type" />
<xsd:element name="filterHash" type="filterHash_type" />
<xsd:element name="filterRState" type="filterRState_type" />
<xsd:element name="rawFilter" type="rawFilter_type" />
</xsd:choice>
</xsd:complexType>
<xsd:complexType name="rawFilter_type">
<xsd:sequence>
<xsd:element name="settings" type="xsd:string">
<xsd:annotation>
<xsd:documentation xml:lang="en">
This is a VERMONT specific filter.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="countBased_type">
<xsd:sequence>
<xsd:element name="interval" type="xsd:unsignedInt" />
<xsd:element name="spacing" type="xsd:unsignedInt" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="timeBased_type">
<xsd:sequence>
<xsd:element name="interval" type="xsd:unsignedInt" />
<xsd:element name="spacing" type="xsd:unsignedInt" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="randOutOfN_type">
<xsd:sequence>
<xsd:element name="population" type="xsd:unsignedInt" />
<xsd:element name="sample" type="xsd:unsignedInt" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="uniProb_type">
<xsd:sequence>
<xsd:element name="probability" type="xsd:unsignedInt">
<xsd:annotation>
<xsd:documentation xml:lang="en">
The given value must be divided by 4294967295
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="nonUniProb_type" mixed="true">
<xsd:sequence>
<xsd:element name="function" type="xsd:string" />
<xsd:element name="funcParam" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="flowState_type" mixed="true">
<xsd:sequence>
<xsd:element name="function" type="xsd:string" />
<xsd:element name="funcParam" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="filterMatch_type">
<xsd:sequence>
<xsd:element name="infoElementId"
type="informationElement_type" minOccurs="0"
maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="filterHash_type">
<xsd:sequence>
<xsd:element name="addrType" type="xsd:unsignedInt" />
<xsd:element name="headerBits" type="xsd:string" />
<xsd:element name="payloadBytes" type="xsd:unsignedInt" />
<xsd:element name="payloadBits" type="xsd:string" />
<xsd:element name="function" type="xsd:string" />
<xsd:element name="funcParam" type="xsd:string" />
<xsd:element name="inputBits" type="xsd:unsignedInt" />
<xsd:element name="outputBits" type="xsd:unsignedInt" />
<xsd:element name="outputMask" type="xsd:string" />
<xsd:element name="selection" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="filterRState_type">
<xsd:sequence>
<xsd:element name="function" type="xsd:string" />
<xsd:element name="negate" type="xsd:boolean" />
<xsd:element name="ifIndex" type="xsd:unsignedInt" />
<xsd:element name="startAS" type="xsd:unsignedInt" />
<xsd:element name="endAS" type="xsd:unsignedInt" />
<xsd:element name="vendorFunc" type="xsd:string" />
</xsd:sequence>
</xsd:complexType>
<!-- Metering Process: Packet Reporting -->
<xsd:complexType name="packetReporting_type">
<xsd:sequence minOccurs="0" maxOccurs="unbounded">
<xsd:element name="templateId" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="reportedIE" type="informationElement_type"
minOccurs="0" maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
<!-- Metering Process: Flow Metering -->
<xsd:complexType name="flowMetering_type">
<xsd:sequence>
<xsd:element name="rule" type="flowMeteringRule_type"
minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="expiration" type="flowExpiration_type"
minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="flowMeteringRule_type">
<xsd:sequence>
<xsd:element name="templateId" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="precedingRuleTemplateId" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="flowKey" type="informationElement_type"
minOccurs="0" maxOccurs="unbounded" />
<xsd:element name="nonFlowKey" type="informationElement_type"
minOccurs="0" maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="flowExpiration_type">
<xsd:sequence>
<xsd:element name="activeTimeout" type="time_type" />
<xsd:element name="inactiveTimeout" type="time_type" />
</xsd:sequence>
</xsd:complexType>
<!-- Exporting Process -->
<xsd:complexType name="exportingProcess_type">
<xsd:sequence>
<xsd:element name="ipfixPacketRestrictions"
type="ipfixPacketRestrictions_type" minOccurs="0" />
<xsd:element name="udpTemplateManagement"
type="udpTemplateManagement_type" minOccurs="0" />
<xsd:element name="collector" type="collector_type"
minOccurs="0" maxOccurs="unbounded" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt" use="required" />
</xsd:complexType>
<xsd:complexType name="ipfixPacketRestrictions_type">
<xsd:sequence>
<xsd:element name="maxPacketSize" type="xsd:unsignedInt"
minOccurs="0" />
<xsd:element name="maxExportDelay" type="time_type"
minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="udpTemplateManagement_type">
<xsd:sequence>
<xsd:element name="templateRefreshTimeout" type="time_type"
minOccurs="0" />
<xsd:element name="templateRefreshRate" type="xsd:unsignedInt"
minOccurs="0" />
</xsd:sequence>
</xsd:complexType>
<!-- Database Reader -->
<xsd:complexType name="dbReader_type">
<xsd:sequence>
<xsd:element name="observationDomainId" type="xsd:unsignedInt" minOccurs="0" />
<xsd:element name="hostName" type="xsd:string" minOccurs="0" />
<xsd:element name="port" type="xsd:unsignedInt" minOccurs="0" />
<xsd:element name="userName" type="xsd:string" minOccurs="0" />
<xsd:element name="password" type="xsd:string" minOccurs="0" />
<xsd:element name="dbName" type="xsd:string" minOccurs="0" />
<xsd:element name="next" type="next_type" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt" use="required" />
</xsd:complexType>
<!-- Database Writer -->
<xsd:complexType name="dbWriter_type">
<xsd:sequence>
<xsd:element name="hostName" type="xsd:string" minOccurs="0" />
<xsd:element name="port" type="xsd:unsignedInt" minOccurs="0" />
<xsd:element name="userName" type="xsd:string" minOccurs="0" />
<xsd:element name="password" type="xsd:string" minOccurs="0" />
<xsd:element name="dbName" type="xsd:string" minOccurs="0" />
<xsd:element name="bufferRecords" type="xsd:unsignedInt" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:unsignedInt" use="required" />
</xsd:complexType>
<!-- IPFIX Device Configuration -->
<xsd:element name="ipfixConfig">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="collectingProcess"
type="collectingProcess_type" minOccurs="0"
maxOccurs="unbounded" />
<xsd:element name="observationPoint"
type="observationPoint_type" minOccurs="0"
maxOccurs="unbounded" />
<xsd:element name="meteringProcess"
type="meteringProcess_type" minOccurs="0"
maxOccurs="unbounded" />
<xsd:element name="exportingProcess"
type="exportingProcess_type" minOccurs="0"
maxOccurs="unbounded" />
</xsd:sequence>
</xsd:complexType>
</xsd:element>
</xsd:schema>

260
ipfix_configuration.cc
View File

@ -1,260 +0,0 @@
#include "ipfix_configuration.h"
#include "observer_configuration.h"
#include "metering_configuration.h"
#include "collector_configuration.h"
#include "exporter_configuration.h"
#include "pcapexporter_configuration.h"
#include "flowmetering_configuration.h"
#include "vermontmain_configuration.h"
#include "dbwriter_configuration.h"
#include "dbreader_configuration.h"
#include <ctime>
std::string getContent(xmlDocPtr doc, xmlNodePtr p)
{
xmlChar* v = xmlNodeListGetString(doc, p->xmlChildrenNode, 1);
std::string ret = (const char*) v;
xmlFree(v);
return ret;
}
bool xmlCompare(const xmlNodePtr node, const std::string& tagName)
{
return !xmlStrcmp(node->name, (const xmlChar*)tagName.c_str());
}
/*********************************** Configuration *****************************/
std::string Configuration::getContent(xmlNodePtr p) const
{
return ::getContent(doc, p);
}
bool Configuration::tagMatches(const xmlNodePtr node, const std::string& tagName) const
{
return xmlCompare(node, tagName);
}
void Configuration::fillNextVector(xmlNodePtr p)
{
xmlNodePtr j = p->xmlChildrenNode;
while (NULL != j) {
if (tagMatches(j, "meteringProcessId")) {
nextVector.push_back(configTypes::metering +
getContent(j));
} else if (tagMatches(j, "exportingProcessId")) {
nextVector.push_back(configTypes::exporter +
getContent(j));
} else if (tagMatches(j, "dbWriterId")) {
nextVector.push_back(configTypes::dbwriter +
getContent(j));
} else if (tagMatches(j, "pcapExporterId")) {
nextVector.push_back(configTypes::pcapExporter + getContent(j));
}
j = j->next;
}
}
unsigned Configuration::getTimeInUsecs(xmlNodePtr i) const
{
unsigned ret = 0;
xmlChar* unit = xmlGetProp(i, (const xmlChar*)"unit");
if (!xmlStrcmp(unit, (const xmlChar*)"sec")) {
ret = (unsigned)atoi(getContent(i).c_str()) * 1000000;
} else if (!xmlStrcmp(unit, (const xmlChar*)"msec")) {
ret = (unsigned)atoi(getContent(i).c_str()) * 1000;
} else if (!xmlStrcmp(unit, (const xmlChar*)"usec")) {
ret = (unsigned)atoi(getContent(i).c_str());
}
xmlFree(unit);
return ret;
}
unsigned Configuration::getTimeInMsecs(xmlNodePtr i) const
{
return getTimeInUsecs(i) / 1000;
}
unsigned Configuration::getTimeInSecs(xmlNodePtr i) const
{
return getTimeInUsecs(i) / 1000000;
}
/****************************** IpfixConfiguration ***************************/
IpfixConfiguration::IpfixConfiguration(const std::string& configFile)
: stop(false), isAggregating(false)
{
document = xmlParseFile(configFile.c_str());
if (!document) {
THROWEXCEPTION("Could not parse %s", configFile.c_str());
}
current = xmlDocGetRootElement(document);
if (!current) {
THROWEXCEPTION("%s is an empty XML-Document!", configFile.c_str());
}
if (!xmlCompare(current, "ipfixConfig")) {
xmlFreeDoc(document);
THROWEXCEPTION("Root element does not match \"ipfixConfig\"."
" This is not a valid configuration file!");
}
current = current->xmlChildrenNode;
while (current != NULL) {
Configuration* conf = 0;
if (xmlCompare(current, "vermont_main")) {
conf = new VermontMainConfiguration(document, current);
} else if (xmlCompare(current, "observationPoint")) {
conf = new ObserverConfiguration(document, current);
} else if (xmlCompare(current, "meteringProcess")) {
conf = new MeteringConfiguration(document, current);
} else if (xmlCompare(current, "exportingProcess")) {
conf = new ExporterConfiguration(document, current);
} else if (xmlCompare(current, "pcapExporter")) {
conf = new PcapExporterConfiguration(document, current);
} else if (xmlCompare(current, "collectingProcess")) {
conf = new CollectorConfiguration(document, current);
} else if (xmlCompare(current, "dbWriter")) {
#ifdef DB_SUPPORT_ENABLED
conf = new DbWriterConfiguration(document, current);
#else
msg(MSG_ERROR, "IpfixConfiguration: Vermont was compiled without "
"support for dbWriter. Ignoring entry in config file!");
#endif
} else if (xmlCompare(current, "dbReader")) {
#ifdef DB_SUPPORT_ENABLED
conf = new DbReaderConfiguration(document, current);
#else
msg(MSG_ERROR, "IpfixConfiguration: Vermont was compiled without "
"support for dbReader. Ignoring entry in config file!");
#endif
}
if (conf) {
subsystems[conf->getId()] = conf;
}
current = current->next;
}
}
IpfixConfiguration::~IpfixConfiguration()
{
msg(MSG_INFO, "IpfixConfiguration: Stopping Subsystems");
for (SubsystemConfiguration::iterator i = subsystems.begin();
i != subsystems.end(); ++i) {
std::string id = i->second->getId();
i->second->stopSystem();
}
msg(MSG_INFO, "IpfixConfiguration: Cleaning up");
for (SubsystemConfiguration::iterator i = subsystems.begin();
i != subsystems.end(); ++i) {
std::string id = i->second->getId();
delete i->second;
}
xmlFreeDoc(document);
}
void IpfixConfiguration::readSubsystemConfiguration()
{
for (SubsystemConfiguration::iterator i = subsystems.begin();
i != subsystems.end(); ++i) {
i->second->configure();
}
}
void IpfixConfiguration::connectSubsystems()
{
msg(MSG_INFO, "IpfixConfiguration: Connecting subsystems...");
std::string TYPES[] = {
configTypes::observer,
configTypes::exporter,
configTypes::pcapExporter,
configTypes::dbwriter,
configTypes::dbreader,
configTypes::collector,
configTypes::metering,
};
for (unsigned t = 0; t != 7; ++t) {
for (SubsystemConfiguration::iterator i = subsystems.begin();
i != subsystems.end(); ++i) {
std::string id = i->first;
if (id.find(TYPES[t])) {
continue;
}
Configuration* c = i->second;
// get aggregators from metering processes (we
// need them for aggregator polling :/
MeteringConfiguration* m = dynamic_cast<MeteringConfiguration*>(c);
if (m) {
FlowMeteringConfiguration* fm = m->getFlowMeteringConfiguration();
FlowMeteringConfiguration* efm = m->getExpressFlowMeteringConfiguration();
if (fm)
aggregators.push_back(fm->getIpfixAggregator());
if (efm)
aggregators.push_back(efm->getIpfixAggregator());
}
const std::vector<std::string>& nextVector = c->getNextVector();
for (unsigned j = 0; j != nextVector.size(); ++j) {
if (subsystems.find(nextVector[j]) == subsystems.end()) {
THROWEXCEPTION("Could not find %s in subsystem list", nextVector[j].c_str());
}
msg(MSG_DEBUG, "IpfixConfiguration: connecting %s to %s", c->getId().c_str(), subsystems[nextVector[j]]->getId().c_str());
c->connect(subsystems[nextVector[j]]);
msg(MSG_DEBUG, "IpfixConfiguration: successfully connected %s to %s", c->getId().c_str(), subsystems[nextVector[j]]->getId().c_str());
}
}
}
msg(MSG_INFO, "IpfixConfiguration: Successfully set up connections between subsystems");
}
void IpfixConfiguration::startSubsystems()
{
msg(MSG_INFO, "IpfixConfiguration: Starting subsystems...");
for (SubsystemConfiguration::iterator i = subsystems.begin();
i != subsystems.end(); ++i) {
i->second->startSystem();
}
msg(MSG_INFO, "IpfixConfiguration: Successfully started subsystems");
}
void IpfixConfiguration::pollAggregatorLoop()
{
unsigned poll_interval = 1000;
if (subsystems.find(configTypes::main) != subsystems.end()) {
VermontMainConfiguration* m = dynamic_cast<VermontMainConfiguration*>(subsystems[configTypes::main]);
poll_interval = m->getPollInterval();
}
timespec req;
/* break millisecond polltime into seconds and nanoseconds */
req.tv_sec=(poll_interval * 1000000) / 1000000000;
req.tv_nsec=(poll_interval * 1000000) % 1000000000;
if (poll_interval == 0 || aggregators.empty()) {
while (pause() == -1 and errno == EINTR);
} else {
msg(MSG_INFO, "IpfixConfiguration: Polling aggregator each %u msec", poll_interval);
while (!stop) {
// restart nanosleep with the remaining sleep time
// if we got interrupted by a signal
while (nanosleep(&req, &req) == -1 && errno == EINTR);
for (unsigned i = 0; i != aggregators.size(); ++i) {
aggregators[i]->poll();
}
}
}
}

Some files were not shown because too many files have changed in this diff Show More