Merge pull request #31 from CESNET/hutak-ipfix-file

Add IPFIX File input plugin

Author: Lukas955

README.rst

@@ -29,24 +29,25 @@ No problem, pick any combination of plugins.
 Available plugins
 -----------------
 
-**Input plugins** - receive IPFIX data. Each can be configured to to listen on a specific
+**Input plugins** - receive NetFlow/IPFIX data. Each can be configured to listen on a specific
 network interface and a port. Multiple instances of these plugins can run concurrently.
 
-- `UDP <src/plugins/input/udp>`_ - receives NetFlow v5/v9 and IPFIX over UDP
-- `TCP <src/plugins/input/tcp>`_ - receives IPFIX over TCP
+- `UDP <src/plugins/input/udp>`_ - receive NetFlow v5/v9 and IPFIX over UDP
+- `TCP <src/plugins/input/tcp>`_ - receive IPFIX over TCP
+- `IPFIX File <src/plugins/input/ipfix>`_ - read flow data from IPFIX File
 
 **Intermediate plugins** - modify, enrich and filter flow records.
 
-- `anonymization <src/plugins/intermediate/anonymization/>`_ - anonymize IP addresses
+- `Anonymization <src/plugins/intermediate/anonymization/>`_ - anonymize IP addresses
   (in flow records) with Crypto-PAn algorithm
 
 **Output plugins** - store or forward your flows.
 
-- `FDS file <src/plugins/output/fds>`_ - store all flows in FDS file format (efficient long-term storage)
+- `FDS File <src/plugins/output/fds>`_ - store all flows in FDS file format (efficient long-term storage)
 - `JSON <src/plugins/output/json>`_ - convert flow records to JSON and send/store them
 - `Viewer <src/plugins/output/viewer>`_ - convert IPFIX into plain text and print
   it on standard output
-- `IPFIX file <src/plugins/output/ipfix>`_ - store all flows in IPFIX File format
+- `IPFIX File <src/plugins/output/ipfix>`_ - store all flows in IPFIX File format
 - `Time Check <src/plugins/output/timecheck>`_ - flow timestamp check
 - `Dummy <src/plugins/output/dummy>`_ - simple output module example
 - `lnfstore <extra_plugins/output/lnfstore>`_ (*) - store all flows in nfdump compatible

src/core/configurator/configurator.cpp

@@ -373,8 +373,8 @@ ipx_configurator::termination_handle(const struct ipx_cpipe_req &req, ipx_contro
     // First of all, check if termination process has been completed
     if (req.type == IPX_CPIPE_TYPE_TERM_DONE) {
         if (m_state != STATUS::STOP_SLOW && m_state != STATUS::STOP_FAST) {
-            IPX_ERROR(comp_str, "Got a termination done notification, but the termination process "
-                "is not in progress!", '\0');
+            IPX_ERROR(comp_str, "[internal] Got a termination done notification, but the "
+                "termination process is not in progress!", '\0');
             return false;
         }
 
@@ -473,6 +473,7 @@ ipx_configurator::termination_stop_all()
 {
     for (auto &it : m_running_inputs) {
         it->set_processing(false);
+        it->set_parser_processing(false);
     };
     for (auto &it : m_running_inter) {
         it->set_processing(false);
@@ -508,8 +509,16 @@ ipx_configurator::termination_stop_partly(const ipx_ctx_t *ctx)
         it->set_processing(false);
     }
 
-    if (ctx_info->type == IPX_PT_INPUT || ctx_info == &ipx_plugin_parser_info) {
-        // The termination has been invoked by an input plugin or its message parser
+    if (ctx_info->type == IPX_PT_INPUT) {
+        return;
+    }
+
+    // Stop all NetFlow/IPFIX message parsers
+    for (auto &it : m_running_inputs) {
+        it->set_parser_processing(false);
+    }
+
+    if (ctx_info == &ipx_plugin_parser_info) {
         return;
     }
 

src/core/configurator/instance_input.cpp

@@ -183,5 +183,11 @@ void
 ipx_instance_input::set_processing(bool en)
 {
     ipx_ctx_processing_set(_ctx, en);
+
+}
+
+void
+ipx_instance_input::set_parser_processing(bool en)
+{
     ipx_ctx_processing_set(_parser_ctx, en);
 }

src/core/configurator/instance_input.hpp

@@ -162,13 +162,26 @@ class ipx_instance_input : public ipx_instance {
     extensions_resolve(ipx_cfg_extensions *ext_mgr) override;
 
     /**
-     * \brief Enable/disable processing of data messages (IPFIX and Transport Session)
+     * \brief Enable/disable processing of data messages by the plugin (IPFIX and Transport Session)
+     *
+     * \warning This doesn't affect NetFlow/IPFIX Message parser, see set_parser_processing()
      * \note By default, data processing is enabled.
      * \see ipx_ctx_processing() for more details
      * \param[in] en Enable/disable processing
      */
     void
     set_processing(bool en) override;
+
+    /**
+     * \brief Enable/disable processing of data messages by the parser (IPFIX and Transport Session)
+     *
+     * \warning This doesn't affect the input plugin, see set_processing()
+     * \note By default, data processing is enabled.
+     * \see ipx_ctx_processing() for more details
+     * \param[in] en Enable/disable processing
+     */
+    void
+    set_parser_processing(bool en);
 };
 
 #endif //IPFIXCOL_INSTANCE_INPUT_HPP

src/plugins/input/CMakeLists.txt

@@ -1,4 +1,5 @@
 # List of input plugins to build and install
 add_subdirectory(dummy)
+add_subdirectory(ipfix)
 add_subdirectory(tcp)
 add_subdirectory(udp)

src/plugins/input/ipfix/CMakeLists.txt

@@ -0,0 +1,28 @@
+# Create a linkable module
+add_library(ipfix-input MODULE
+    ipfix.c
+    config.c
+    config.h
+)
+
+install(
+    TARGETS ipfix-input
+    LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixcol2/"
+)
+
+if (ENABLE_DOC_MANPAGE)
+    # Build a manual page
+    set(SRC_FILE "${CMAKE_CURRENT_SOURCE_DIR}/doc/ipfixcol2-ipfix-input.7.rst")
+    set(DST_FILE "${CMAKE_CURRENT_BINARY_DIR}/ipfixcol2-ipfix-input.7")
+
+    add_custom_command(TARGET ipfix-input PRE_BUILD
+        COMMAND ${RST2MAN_EXECUTABLE} --syntax-highlight=none ${SRC_FILE} ${DST_FILE}
+        DEPENDS ${SRC_FILE}
+        VERBATIM
+    )
+
+    install(
+        FILES "${DST_FILE}"
+        DESTINATION "${INSTALL_DIR_MAN}/man7"
+    )
+endif()

src/plugins/input/ipfix/README.rst

@@ -0,0 +1,30 @@
+IPFIX File (input plugin)
+=========================
+
+The plugin reads flow data from one or more files in IPFIX File format. It is possible to
+use it to load flow records previously stored using IPFIX output plugin.
+
+Unlike UDP and TCP input plugins which infinitely waits for data from NetFlow/IPFIX
+exporters, the plugin will terminate the collector after all files are processed.
+
+Example configuration
+---------------------
+
+.. code-block:: xml
+
+    <input>
+        <name>IPFIX File</name>
+        <plugin>ipfix</plugin>
+        <params>
+            <path>/tmp/flow/file.ipfix</path>
+        </params>
+    </input>
+
+Parameters
+----------
+
+:``path``:
+    Path to file(s) in IPFIX File format. It is possible to use asterisk instead of
+    a filename/directory, tilde character (i.e. "~") instead of the home directory of
+    the user, and brace expressions (i.e. "/tmp/{source1,source2}/file.ipfix").
+    Directories and non-IPFIX Files that match the file pattern are skipped/ignored.

src/plugins/input/ipfix/config.c

@@ -0,0 +1,158 @@
+/**
+ * \file src/plugins/input/tcp/config.c
+ * \author Lukas Hutak <[email protected]>
+ * \brief Configuration parser of TCP input plugin (source file)
+ * \date 2018
+ */
+
+/* Copyright (C) 2018 CESNET, z.s.p.o.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include "config.h"
+
+/*
+ * <params>
+ *  <path>...</path>      // required, exactly once
+ * </params>
+ */
+
+/** XML nodes */
+enum params_xml_nodes {
+    NODE_PATH = 1
+};
+
+/** Definition of the \<params\> node  */
+static const struct fds_xml_args args_params[] = {
+    FDS_OPTS_ROOT("params"),
+    FDS_OPTS_ELEM(NODE_PATH, "path", FDS_OPTS_T_STRING, 0),
+    FDS_OPTS_END
+};
+
+/**
+ * \brief Process \<params\> node
+ * \param[in] ctx  Plugin context
+ * \param[in] root XML context to process
+ * \param[in] cfg  Parsed configuration
+ * \return #IPX_OK on success
+ * \return #IPX_ERR_FORMAT in case of failure
+ */
+static int
+config_parser_root(ipx_ctx_t *ctx, fds_xml_ctx_t *root, struct ipfix_config *cfg)
+{
+    const struct fds_xml_cont *content;
+    while (fds_xml_next(root, &content) != FDS_EOC) {
+        switch (content->id) {
+        case NODE_PATH:
+            // File(s) path
+            assert(content->type == FDS_OPTS_T_STRING);
+            cfg->path = strdup(content->ptr_string);
+            break;
+        default:
+            // Internal error
+            assert(false);
+        }
+    }
+
+    if (!cfg->path) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+    }
+
+    return IPX_OK;
+}
+
+/**
+ * \brief Set default parameters of the configuration
+ * \param[in] cfg Configuration
+ */
+static void
+config_default_set(struct ipfix_config *cfg)
+{
+    cfg->path = NULL;
+}
+
+struct ipfix_config *
+config_parse(ipx_ctx_t *ctx, const char *params)
+{
+    struct ipfix_config *cfg = calloc(1, sizeof(*cfg));
+    if (!cfg) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        return NULL;
+    }
+
+    // Set default parameters
+    config_default_set(cfg);
+
+    // Create an XML parser
+    fds_xml_t *parser = fds_xml_create();
+    if (!parser) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        config_destroy(cfg);
+        return NULL;
+    }
+
+    if (fds_xml_set_args(parser, args_params) != IPX_OK) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the description of an XML document!", '\0');
+        fds_xml_destroy(parser);
+        config_destroy(cfg);
+        return NULL;
+    }
+
+    fds_xml_ctx_t *params_ctx = fds_xml_parse_mem(parser, params, true);
+    if (params_ctx == NULL) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the configuration: %s", fds_xml_last_err(parser));
+        fds_xml_destroy(parser);
+        config_destroy(cfg);
+        return NULL;
+    }
+
+    // Parse parameters
+    int rc = config_parser_root(ctx, params_ctx, cfg);
+    fds_xml_destroy(parser);
+    if (rc != IPX_OK) {
+        config_destroy(cfg);
+        return NULL;
+    }
+
+    return cfg;
+}
+
+void
+config_destroy(struct ipfix_config *cfg)
+{
+    free(cfg->path);
+    free(cfg);
+}