Enable IPFIX export (#64)

* IPFIX exporter and collector with tcp/udp

* Enable ipfix export at the agent using config

* Add vmware go-ipfix modules

* Add the vendor directories

* Add e2e tests for IPFIX

* Caching of ie values for performance

* Fix inconsistent vendor after merge

* Fix lint error

Author: praveingk

e2e/cluster/kind.go

@@ -1,8 +1,8 @@
 // Package cluster cointains the base setup for the test environment. This is:
-// - Deployment manifests for a base cluster: Loki, permissions, flowlogs-processor and the
-//   local version of the agent. As well as the cluster configuration for ports exposure.
-// - Utility classes to programmatically manage the Kind cluster and some of its components
-//   (e.g. Loki)
+//   - Deployment manifests for a base cluster: Loki, permissions, flowlogs-processor and the
+//     local version of the agent. As well as the cluster configuration for ports exposure.
+//   - Utility classes to programmatically manage the Kind cluster and some of its components
+//     (e.g. Loki)
 package cluster
 
 import (

e2e/ipfix/ipfix_test.go

@@ -0,0 +1,55 @@
+//go:build e2e
+
+package basic
+
+import (
+	"path"
+	"testing"
+	"time"
+
+	"github.com/netobserv/netobserv-ebpf-agent/e2e/basic"
+	"github.com/netobserv/netobserv-ebpf-agent/e2e/cluster"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	clusterNamePrefix = "ipfix-test-cluster"
+	testTimeout       = 20 * time.Minute
+	namespace         = "default"
+)
+
+var (
+	testCluster *cluster.Kind
+)
+
+func TestMain(m *testing.M) {
+	logrus.StandardLogger().SetLevel(logrus.DebugLevel)
+
+	testCluster = cluster.NewKind(
+		clusterNamePrefix+time.Now().Format("20060102-150405"),
+		path.Join("..", ".."),
+		cluster.Timeout(testTimeout),
+		cluster.Override(cluster.FlowLogsPipeline, cluster.Deployment{
+			Order: cluster.NetObservServices, ManifestFile: path.Join("manifests", "20-flp-transformer.yml"),
+		}),
+		cluster.Override(cluster.Agent, cluster.Deployment{
+			Order: cluster.WithAgent, ManifestFile: path.Join("manifests", "30-agent.yml"),
+		}),
+		cluster.Deploy(cluster.Deployment{
+			Order:        cluster.AfterAgent,
+			ManifestFile: path.Join("..", "basic", "manifests", "pods.yml"),
+		}),
+	)
+	testCluster.Run(m)
+}
+
+// TestBasicFlowCapture checks that the agent is correctly capturing the request/response flows
+// between the pods/service deployed from the manifests/pods.yml file
+func TestBasicFlowCapture(t *testing.T) {
+	bt := basic.FlowCaptureTester{
+		Cluster:   testCluster,
+		Namespace: namespace,
+		Timeout:   testTimeout,
+	}
+	bt.DoTest(t)
+}

e2e/ipfix/manifests/20-flp-transformer.yml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: flp
+  labels:
+    k8s-app: flp
+spec:
+  selector:
+    matchLabels:
+      k8s-app: flp
+  template:
+    metadata:
+      labels:
+        k8s-app: flp
+    spec:
+      serviceAccountName: ebpf-agent-test
+      containers:
+        - name: flp
+          image: quay.io/netobserv/flowlogs-pipeline:main
+          ports:
+            - containerPort: 9999
+              hostPort: 9999
+              protocol: UDP
+          args:
+            - --config=/etc/flp/config.yaml
+          volumeMounts:
+            - mountPath: /etc/flp
+              name: config-volume
+      volumes:
+        - name: config-volume
+          configMap:
+            name: flp-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: flp-config
+data:
+  config.yaml: |
+    log-level: debug
+    pipeline:
+      - name: ingest
+      - name: interface
+        follows: ingest
+      - name: enrich
+        follows: interface
+      - name: loki
+        follows: enrich
+    parameters:
+      - name: ingest
+        ingest:
+          type: collector
+          collector:
+            hostName: 0.0.0.0
+            port: 9999
+      - name: interface
+        transform:
+          type: generic
+          generic:
+            policy: preserve_original_keys
+            rules:
+              - input: TimeReceived
+                output: Interface
+      - name: enrich
+        transform:
+          type: network
+          network:
+            rules:
+              - input: SrcAddr
+                output: SrcK8S
+                type: "add_kubernetes"
+              - input: DstAddr
+                output: DstK8S
+                type: "add_kubernetes"
+      - name: loki
+        write:
+          type: loki
+          loki:
+            staticLabels:
+              app: netobserv-flowcollector
+            labels:
+              - "SrcK8S_Namespace"
+              - "SrcK8S_OwnerName"
+              - "DstK8S_Namespace"
+              - "DstK8S_OwnerName"
+              - "FlowDirection"
+            url: http://loki:3100
+            timestampLabel: TimeFlowEndMs
+            timestampScale: 1ms 

e2e/ipfix/manifests/30-agent.yml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: netobserv-ebpf-agent
+  labels:
+    k8s-app: netobserv-ebpf-agent
+spec:
+  selector:
+    matchLabels:
+      k8s-app: netobserv-ebpf-agent
+  template:
+    metadata:
+      labels:
+        k8s-app: netobserv-ebpf-agent
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+      - name: netobserv-ebpf-agent
+        image: localhost/ebpf-agent:test
+        securityContext:
+          privileged: true
+          runAsUser: 0
+        env:
+          - name: EXPORT
+            value: ipfix+udp
+          - name: CACHE_ACTIVE_TIMEOUT
+            value: 200ms
+          - name: LOG_LEVEL
+            value: debug
+          - name: FLOWS_TARGET_HOST
+            valueFrom:
+              fieldRef:
+                fieldPath: status.hostIP
+          - name: FLOWS_TARGET_PORT
+            value: "9999"

examples/ipfix-collector/ipfix-dump.go

@@ -0,0 +1,143 @@
+package main
+
+import (
+	"bytes"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	ipfixCollector "github.com/vmware/go-ipfix/pkg/collector"
+	"github.com/vmware/go-ipfix/pkg/entities"
+	"github.com/vmware/go-ipfix/pkg/registry"
+)
+
+const (
+	hostPortIPv4 = "127.0.0.1:9999"
+	hostPortIPv6 = "[::1]:0"
+)
+
+var (
+	transportType = flag.String("transport", "tcp", "transport type :tcp/udp")
+)
+
+func printIPFIXMessage(msg *entities.Message) {
+	var buf bytes.Buffer
+	fmt.Fprint(&buf, "\nIPFIX-HDR:\n")
+	fmt.Fprintf(&buf, "  version: %v,  Message Length: %v\n", msg.GetVersion(), msg.GetMessageLen())
+	fmt.Fprintf(&buf, "  Exported Time: %v (%v)\n", msg.GetExportTime(), time.Unix(int64(msg.GetExportTime()), 0))
+	fmt.Fprintf(&buf, "  Sequence No.: %v,  Observation Domain ID: %v\n", msg.GetSequenceNum(), msg.GetObsDomainID())
+
+	set := msg.GetSet()
+	if set.GetSetType() == entities.Template {
+		fmt.Fprint(&buf, "TEMPLATE SET:\n")
+		for i, record := range set.GetRecords() {
+			fmt.Fprintf(&buf, "  TEMPLATE RECORD-%d:\n", i)
+			for _, ie := range record.GetOrderedElementList() {
+				elem := ie.GetInfoElement()
+				fmt.Fprintf(&buf, "    %s: len=%d (enterprise ID = %d) \n", elem.Name, elem.Len, elem.EnterpriseId)
+			}
+		}
+	} else {
+		fmt.Fprint(&buf, "DATA SET:\n")
+		for i, record := range set.GetRecords() {
+			fmt.Fprintf(&buf, "  DATA RECORD-%d:\n", i)
+			for _, ie := range record.GetOrderedElementList() {
+				elem := ie.GetInfoElement()
+				switch elem.DataType {
+				case entities.Unsigned8:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned8Value())
+				case entities.Unsigned16:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned16Value())
+				case entities.Unsigned32:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned32Value())
+				case entities.Unsigned64:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned64Value())
+				case entities.Signed8:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetSigned8Value())
+				case entities.Signed16:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetSigned16Value())
+				case entities.Signed32:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetSigned32Value())
+				case entities.Signed64:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetSigned64Value())
+				case entities.Float32:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetFloat32Value())
+				case entities.Float64:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetFloat64Value())
+				case entities.Boolean:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetBooleanValue())
+				case entities.DateTimeSeconds:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned32Value())
+				case entities.DateTimeMilliseconds:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetUnsigned64Value())
+				case entities.DateTimeMicroseconds, entities.DateTimeNanoseconds:
+					err := fmt.Errorf("API does not support micro and nano seconds types yet")
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, err)
+				case entities.MacAddress:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetMacAddressValue())
+				case entities.Ipv4Address, entities.Ipv6Address:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetIPAddressValue())
+				case entities.String:
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, ie.GetStringValue())
+				default:
+					err := fmt.Errorf("API supports only valid information elements with datatypes given in RFC7011")
+					fmt.Fprintf(&buf, "    %s: %v \n", elem.Name, err)
+				}
+			}
+		}
+	}
+	log.Printf(buf.String())
+}
+
+func signalHandler(stopCh chan struct{}, messageReceived chan *entities.Message) {
+	signalCh := make(chan os.Signal, 1)
+	signal.Notify(signalCh, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
+
+	for {
+		select {
+		case msg := <-messageReceived:
+			printIPFIXMessage(msg)
+		case <-signalCh:
+			close(stopCh)
+			return
+		}
+	}
+}
+
+func main() {
+	log.SetFlags(0)
+	flag.Parse()
+
+	// Create exporter using local server info
+	var input = ipfixCollector.CollectorInput{
+		Address:       hostPortIPv4,
+		Protocol:      *transportType,
+		MaxBufferSize: 1024,
+	}
+	registry.LoadRegistry()
+	cp, err := ipfixCollector.InitCollectingProcess(input)
+	if err != nil {
+		log.Fatalf("UDP Collecting Process does not start correctly: %v", err)
+	}
+	// Start listening to connections and receiving messages.
+	messageReceived := make(chan *entities.Message)
+	go func() {
+		go cp.Start()
+		msgChan := cp.GetMsgChan()
+		for message := range msgChan {
+			messageReceived <- message
+		}
+	}()
+
+	stopCh := make(chan struct{})
+	go signalHandler(stopCh, messageReceived)
+
+	<-stopCh
+	// Stop the collector process
+	cp.Stop()
+	log.Printf("Stopping IPFIX collector")
+}

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/stretchr/testify v1.8.0
 	github.com/vishvananda/netlink v1.1.0
 	github.com/vladimirvivien/gexe v0.1.1
+	github.com/vmware/go-ipfix v0.5.12
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
 	google.golang.org/grpc v1.45.0
 	google.golang.org/protobuf v1.28.0
@@ -48,11 +49,16 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
+	github.com/pion/dtls/v2 v2.0.3 // indirect
+	github.com/pion/logging v0.2.2 // indirect
+	github.com/pion/transport v0.10.1 // indirect
+	github.com/pion/udp v0.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.12.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
+	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
 	golang.org/x/net v0.0.0-20220706163947-c90051bbdb60 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect