Time Check: initial implementation of the plugin

Lukas955 · Lukas955 · commit cc305e5b3e4c · 2019-03-05T10:30:00.000+01:00
diff --git a/src/plugins/output/CMakeLists.txt b/src/plugins/output/CMakeLists.txt
@@ -1,4 +1,5 @@
 # List of output plugin to build and install
 add_subdirectory(dummy)
 add_subdirectory(json)
+add_subdirectory(timecheck)
 add_subdirectory(viewer)
diff --git a/src/plugins/output/timecheck/CMakeLists.txt b/src/plugins/output/timecheck/CMakeLists.txt
@@ -0,0 +1,28 @@
+# Create a linkable module
+add_library(timecheck-output MODULE
+    src/config.c
+    src/config.h
+    src/timecheck.c
+)
+
+install(
+    TARGETS timecheck-output
+    LIBRARY DESTINATION "${INSTALL_DIR_LIB}/ipfixcol2/"
+)
+
+if (ENABLE_DOC_MANPAGE)
+    # Build a manual page
+    set(SRC_FILE "${CMAKE_CURRENT_SOURCE_DIR}/doc/ipfixcol2-timecheck-output.7.rst")
+    set(DST_FILE "${CMAKE_CURRENT_BINARY_DIR}/ipfixcol2-timecheck-output.7")
+
+    add_custom_command(TARGET timecheck-output PRE_BUILD
+        COMMAND ${RST2MAN_EXECUTABLE} --syntax-highlight=none ${SRC_FILE} ${DST_FILE}
+        DEPENDS ${SRC_FILE}
+        VERBATIM
+    )
+
+    install(
+        FILES "${DST_FILE}"
+        DESTINATION "${INSTALL_DIR_MAN}/man7"
+    )
+endif()
diff --git a/src/plugins/output/timecheck/README.rst b/src/plugins/output/timecheck/README.rst
@@ -0,0 +1,51 @@
+Time Check (output plugin)
+==========================
+
+The plugin checks that start and end timestamps of each flow record are relatively recent.
+Based on configured parameters it reports flows with timestamps from the future (i.e. greater
+than the current system time) and timestamps from the distant past.
+
+Timestamp anomalies are usually caused by missing clock synchronization (e.g. NTP) or invalid
+implementation on side of the exporter. If the anomaly is detected, the plugin will print
+details on the standard output.
+
+Only following standard IANA timestamps are supported:
+
+- ID 150 (flowStartSeconds)
+- ID 151 (flowEndSeconds)
+- ID 152 (flowStartMilliseconds)
+- ID 153 (flowEndMilliseconds)
+- ID 154 (flowStartMicroseconds)
+- ID 155 (flowEndMicroseconds)
+- ID 156 (flowStartNanoseconds)
+- ID 157 (flowEndNanoseconds)
+
+Example configuration
+---------------------
+
+.. code-block:: xml
+
+    <output>
+        <name>TimeCheck output</name>
+        <plugin>timecheck</plugin>
+        <params>
+            <devPast>600</devPast>
+            <devFuture>0</devFuture>
+        </params>
+    </output>
+
+Parameters
+----------
+
+:``devPast``:
+    Maximum allowed deviation between the current system time and timestamps from the past in
+    seconds. The value must be greater than active and inactive timeouts of exporters and must also
+    include a possible delay between expiration and processing on the collector.
+    For example, let's say that active timeout and inactive timeout are 5 minutes and 30 seconds,
+    respectively. Value 600 (i.e. 10 minutes) should be always enough for all flow data to be
+    received and processed at the collector.
+
+:``devFuture``:
+    Maximum allowed deviation between the current time and timestamps from the future in seconds.
+    The collector should never receive flows with timestamp from the future, therefore, the value
+    should be usually set to 0.
diff --git a/src/plugins/output/timecheck/doc/ipfixcol2-timecheck-output.7.rst b/src/plugins/output/timecheck/doc/ipfixcol2-timecheck-output.7.rst
@@ -0,0 +1,20 @@
+===========================
+ ipfixcol2-timecheck-output
+===========================
+
+--------------------------
+Time Check (output plugin)
+--------------------------
+
+:Author: Lukáš Huták (lukas.hutak@cesnet.cz)
+:Date:   2019-03-01
+:Copyright: Copyright © 2019 CESNET, z.s.p.o.
+:Version: 2.0
+:Manual section: 7
+:Manual group: IPFIXcol collector
+
+Description
+-----------
+
+.. include:: ../README.rst
+   :start-line: 3
diff --git a/src/plugins/output/timecheck/src/config.c b/src/plugins/output/timecheck/src/config.c
@@ -0,0 +1,188 @@
+/**
+ * \file src/plugins/output/timecheck/src/config.c
+ * \author Lukas Hutak <lukas.hutak@cesnet.cz>
+ * \brief Parser of an XML configuration (source file)
+ * \date 2019
+ */
+
+/* Copyright (C) 2019 CESNET, z.s.p.o.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include "config.h"
+
+/*
+ * <params>
+ *  <delay>...</delay>          <!-- in microseconds -->
+ * </params>
+ */
+
+/** XML nodes */
+enum params_xml_nodes {
+    DEV_PAST = 1,
+    DEV_FUTURE
+};
+
+/** Definition of the \<params\> node  */
+static const struct fds_xml_args args_params[] = {
+    FDS_OPTS_ROOT("params"),
+    FDS_OPTS_ELEM(DEV_PAST,   "devPast",   FDS_OPTS_T_UINT, 0),
+    FDS_OPTS_ELEM(DEV_FUTURE, "devFuture", FDS_OPTS_T_UINT, FDS_OPTS_P_OPT),
+    FDS_OPTS_END
+};
+
+/**
+ * \brief Process \<params\> node
+ * \param[in] ctx  Plugin context
+ * \param[in] root XML context to process
+ * \param[in] cfg  Parsed configuration
+ * \return #IPX_OK on success
+ * \return #IPX_ERR_FORMAT in case of failure
+ */
+static int
+config_parser_root(ipx_ctx_t *ctx, fds_xml_ctx_t *root, struct instance_config *cfg)
+{
+    (void) ctx;
+
+    const struct fds_xml_cont *content;
+    while (fds_xml_next(root, &content) != FDS_EOC) {
+        switch (content->id) {
+        case DEV_PAST:
+            assert(content->type == FDS_OPTS_T_UINT);
+            cfg->dev_past = content->val_uint;
+            break;
+        case DEV_FUTURE:
+            assert(content->type == FDS_OPTS_T_UINT);
+            cfg->dev_future = content->val_uint;
+            break;
+        default:
+            // Internal error
+            assert(false);
+        }
+    }
+
+    return IPX_OK;
+}
+
+/**
+ * \brief Set default parameters of the configuration
+ * \param[in] cfg Configuration
+ */
+static void
+config_default_set(struct instance_config *cfg)
+{
+    cfg->dev_past = 0;
+    cfg->dev_future = 0;
+}
+
+/**
+ * \brief Validate the parsed configuration
+ * \param[in] ctx Plugin context
+ * \param[in] cfg Configuration
+ * \return #IPX_OK or #IPX_ERR_FORMAT
+ */
+static int
+config_validate(ipx_ctx_t *ctx, const struct instance_config *cfg)
+{
+    if (cfg->dev_past == 0) {
+        IPX_CTX_ERROR(ctx, "Maximum allowed deviation from current time and the timestamps "
+            "from the past cannot be zero!", '\0');
+        return IPX_ERR_FORMAT;
+    }
+
+    if (cfg->dev_past < 300) {
+        IPX_CTX_WARNING(ctx, "The configuration might cause many false warnings!");
+    }
+
+    return IPX_OK;
+}
+
+
+struct instance_config *
+config_parse(ipx_ctx_t *ctx, const char *params)
+{
+    struct instance_config *cfg = calloc(1, sizeof(*cfg));
+    if (!cfg) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        return NULL;
+    }
+
+    // Set default parameters
+    config_default_set(cfg);
+
+    // Create an XML parser
+    fds_xml_t *parser = fds_xml_create();
+    if (!parser) {
+        IPX_CTX_ERROR(ctx, "Memory allocation error (%s:%d)", __FILE__, __LINE__);
+        free(cfg);
+        return NULL;
+    }
+
+    if (fds_xml_set_args(parser, args_params) != FDS_OK) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the description of an XML document!", '\0');
+        fds_xml_destroy(parser);
+        free(cfg);
+        return NULL;
+    }
+
+    fds_xml_ctx_t *params_ctx = fds_xml_parse_mem(parser, params, true);
+    if (params_ctx == NULL) {
+        IPX_CTX_ERROR(ctx, "Failed to parse the configuration: %s", fds_xml_last_err(parser));
+        fds_xml_destroy(parser);
+        free(cfg);
+        return NULL;
+    }
+
+    // Parse parameters
+    int rc = config_parser_root(ctx, params_ctx, cfg);
+    fds_xml_destroy(parser);
+    if (rc != IPX_OK) {
+        free(cfg);
+        return NULL;
+    }
+
+    if (config_validate(ctx, cfg) != IPX_OK) {
+        free(cfg);
+        return NULL;
+    }
+
+    return cfg;
+}
+
+void
+config_destroy(struct instance_config *cfg)
+{
+    free(cfg);
+}
diff --git a/src/plugins/output/timecheck/src/config.h b/src/plugins/output/timecheck/src/config.h
@@ -0,0 +1,73 @@
+/**
+ * \file src/plugins/output/timecheck/src/config.h
+ * \author Lukas Hutak <lukas.hutak@cesnet.cz>
+ * \brief Parser of an XML configuration (header file)
+ * \date 2019
+ */
+
+/* Copyright (C) 2019 CESNET, z.s.p.o.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name of the Company nor the names of its contributors
+ *    may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this
+ * product may be distributed under the terms of the GNU General Public
+ * License (GPL) version 2 or later, in which case the provisions
+ * of the GPL apply INSTEAD OF those given above.
+ *
+ * This software is provided ``as is'', and any express or implied
+ * warranties, including, but not limited to, the implied warranties of
+ * merchantability and fitness for a particular purpose are disclaimed.
+ * In no event shall the company or contributors be liable for any
+ * direct, indirect, incidental, special, exemplary, or consequential
+ * damages (including, but not limited to, procurement of substitute
+ * goods or services; loss of use, data, or profits; or business
+ * interruption) however caused and on any theory of liability, whether
+ * in contract, strict liability, or tort (including negligence or
+ * otherwise) arising in any way out of the use of this software, even
+ * if advised of the possibility of such damage.
+ *
+ */
+
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#include <ipfixcol2.h>
+#include "stdint.h"
+
+/** Configuration of a instance of the plugin                                                     */
+struct instance_config {
+    /** Maximum allowed deviation between the current time and timestamps from the past (sec)   */
+    uint64_t dev_past;
+    /** Maximum allowed deviation between the current time and timestamps from the future (sec) */
+    uint64_t dev_future;
+};
+
+/**
+ * \brief Parse configuration of the plugin
+ * \param[in] ctx    Instance context
+ * \param[in] params XML parameters
+ * \return Pointer to the parse configuration of the instance on success
+ * \return NULL if arguments are not valid or if a memory allocation error has occurred
+ */
+struct instance_config *
+config_parse(ipx_ctx_t *ctx, const char *params);
+
+/**
+ * \brief Destroy parsed configuration
+ * \param[in] cfg Parsed configuration
+ */
+void
+config_destroy(struct instance_config *cfg);
+
+#endif // CONFIG_H
diff --git a/src/plugins/output/timecheck/src/timecheck.c b/src/plugins/output/timecheck/src/timecheck.c
