File: README

package info (click to toggle)
libfixbuf 1.7.1%2Bds-1
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 1,224 kB
  • ctags: 1,048
  • sloc: ansic: 12,622; perl: 67; makefile: 56
file content (120 lines) | stat: -rw-r--r-- 6,422 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
libfixbuf aims to be a compliant implementation of the IPFIX Protocol,
as defined in the "Specification of the IPFIX Protocol for the Export of IP
Flow Information" (RFC 5101). It supports the information model
defined in "Information Model for IP Flow Information Export"
(RFC 5102), extended as proposed by "Bidirectional Flow Export using
IPFIX" (RFC 5103) to support information elements for representing biflows.

libfixbuf supports UDP, TCP, SCTP, TLS over TCP, and Spread as transport
protocols. Support for DTLS over UDP and DTLS over SCTP is forthcoming. It
also supports operation as an IPFIX File Writer or IPFIX File Reader as
defined in "An IPFIX-Based File Format" (draft-trammell-ipfix-file, current
revision -05).

libfixbuf version 1.0 supports structured data elements as described in
"Export of Structured Data in IPFIX" (RFC 6313).
This adds the ability to export basicLists,
subTemplateLists, and subTemplateMultiLists.

libfixbuf version 1.4 adds support for exporting type information for IPFIX
elements as described in "Exporting Type Information for IPFIX Information
Elements. (RFC 5610)."  This expands the definition of an Information Element
in the Information Model.  In addition to the PEN, length, name, and ID, an
Information Element can also have a data type, description, range, semantics,
and units.  An Options Template can be exported to define Information Element
Type Records.  New API Functions have been added to create and write these
types of Options Records, as well as collect elements of this type so that
Information Elements may be added to the Information Model as we receive 
them from the Exporting process.  See public.h for more information. 

As of version 1.0, libfixbuf has support for NetFlow V9.  libfixbuf converts
the NetFlow v9 to IPFIX by changing the version number, dropping the sysUpTime
from the header and converting postOctetDeltaCount to reverseOctetDeltaCount and
postPacketDeltaCount to reversePacketDeltaCount as described
in RFC 5103.  In order for tools to properly make use of Information Elements
that are offsets of the sysUpTime (flowStartSysUpTime), libfixbuf adds
Information Element 160, systemInitTimeMilliseconds, to any template (and
corresponding records) that contain either flowStartSysUpTime or flowEndSysUpTime.
For any element that does not exist in libfixbuf's default Information Model
(above ID 346), libfixbuf will convert this Information Element to
"ciscoNetflowGeneric" (ID 9999) in the template.  The only exceptions are the
"NF_F_FW_EXT_EVENT" and "NF_F_FW_EVENT", often exported from Cisco's ASA Device
(http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html), which
will be converted to separate elements 9997 and 9998 respectively.  Similarly,
the Cisco ASA will often export elements 40001, 40002, 40003, and 40004.
These elements are substituted with the IPFIX elements 225, 226, 227, and 228
respectively.

Version 1.4 adds support for NetFlow v9 options template and record retrieval 
and conversion to IPFIX.  The options scope type is converted to IE, 
messageScope.

To disable NetFlow v9 log messages such as sequence number mismatch
messages and record count discrepancy
messages, run `make clean`, `CFLAGS="-DFB_SUPPRESS_LOGS=1" make -e`,
`make install` when installing libfixbuf.

Version 1.4 also adds a Python API for libfixbuf, pyfixbuf.  pyfixbuf
can be used to write applications, often called mediators, that collect
and/or export IPFIX. pyfixbuf supports UDP and TCP as transport protocols, 
as well as file writing and reading.  pyfixbuf requires netsa-python
version 1.4 or later and should be installed before building and installing
pyfixbuf.  pyfixbuf does not automatically install when installing
libfixbuf.  Building and installing pyfixbuf is done using the standard
setup.py mechanism.  See pyfixbuf/README.txt for more information.

Version 1.6 adds support for translating sFlow into IPFIX.  libfixbuf
only supports sFlow v5. libfixbuf will process Flow Samples (1), 
Extended Flow Samples (3), Counter Samples (2), and 
Extended Counter Samples (4).  Any other format will return 
an FB_ERROR_SFLOW.  Fixbuf translates sFlow records into a fixed IPFIX
record for flow and counter records.  A full description of the fields
fixbuf exports for sFlow records is located in include/fixbuf/public.h.

libfixbuf's public API is defined in public.h; see the documentation of
that file for general documentation on getting started with libfixbuf, as
well as detailed documentation on the public API calls and data types.

libfixbuf API documentation is available in doc/html.

Building
--------

libfixbuf uses a reasonably standard autotools-based build system.
The customary build procedure (./configure && make
&& make install) should work in most environments.

libfixbuf requires glib-2.0 version 2.6.4 or later. If built against
version 2.10 or later, it will automatically use the glib slab allocator
for increased memory allocation performance. glib is available on most
modern Linux distributions and BSD ports collections, or in source form from
http://www.gtk.org.

libfixbuf automatically uses the getaddrinfo(3) facility and the
accompanying dual IPv4/IPv6 stack support if present. getaddrinfo(3)
must be present to export or collect flows over IPv6.

libfixbuf does not build with SCTP support by default. The --with-sctp
option must be given to the libfixbuf ./configure script to include SCTP
support. Also note that SCTP requires kernel support, and applications
built against libfixbuf with libsctp may fail at runtime if that kernel
support is not present.

libfixbuf does not build with TLS support by default. The --with-openssl option
must be given to the libfixbuf ./configure script to include TLS support.

Known Issues
------------

The following are known issues with libfixbuf as of version 1.0.0:

 * There is no support for DTLS over UDP or DTLS over SCTP transport.

 * There is no support for application-selectable SCTP stream assignment
   or SCTP partial reliability. Templates are sent reliably on stream 0,
   and data sets are sent reliably on stream 1.

 * There is no automatic support for periodic template retransmission
   or periodic template expiration as required when transporting IPFIX
   over UDP. Applications using libfixbuf to transport IPFIX messages
   over UDP must maintain these timeouts and manually manage the session.