wanderer/ fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-05-23 17:26:10 +02:00
Code Issues Releases Activity

Removed ExaBGP powered Flow Spec implementation. We've decided to use only GoBGP for flow spec as it's only developer friendly option we have in place

This commit is contained in:
Pavel Odintsov 2022-07-29 17:44:07 +01:00
parent 4a7ee74718
commit a3e5431b79
2 changed files with 0 additions and 618 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

319
src/bgp_protocol.hpp
View File

@ -211,324 +211,5 @@ class flow_spec_rule_t {
bgp_flow_spec_action_t action;
};
class exabgp_flow_spec_rule_t : public flow_spec_rule_t {
public:
exabgp_flow_spec_rule_t() {
four_spaces = " ";
sentence_separator = ";";
this->enabled_indents = true;
this->enble_block_headers = true;
}
void disable_indents() {
enabled_indents = false;
}
std::string serialize_source_ports() {
std::ostringstream output_buffer;
output_buffer << "source-port [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->source_ports, " ", "=")
<< " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_destination_ports() {
std::ostringstream output_buffer;
output_buffer << "destination-port [ "
<< serialize_vector_by_string_with_prefix<uint16_t>(this->destination_ports, " ", "=") << " ]"
<< sentence_separator;
return output_buffer.str();
}
std::string serialize_packet_lengths() {
std::ostringstream output_buffer;
output_buffer << "packet-length [ " << serialize_vector_by_string_with_prefix<uint16_t>(this->packet_lengths, " ", "=")
<< " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_protocols() {
std::ostringstream output_buffer;
output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_fragmentation_flags() {
std::ostringstream output_buffer;
output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_tcp_flags() {
std::ostringstream output_buffer;
output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]" << sentence_separator;
return output_buffer.str();
}
std::string serialize_source_subnet() {
return "source " + convert_subnet_to_string(this->source_subnet) + sentence_separator;
}
std::string serialize_destination_subnet() {
return "destination " + convert_subnet_to_string(this->destination_subnet) + sentence_separator;
}
// More details regarding format: https://github.com/Exa-Networks/exabgp/blob/master/qa/conf/api-flow.run
// https://plus.google.com/+ThomasMangin/posts/bL6w16BXcJ4
// This format is INCOMPATIBLE with ExaBGP v3, please be careful!
std::string serialize_single_line_exabgp_v4_configuration() {
this->enabled_indents = false;
this->enble_block_headers = false;
sentence_separator = " ";
return "flow route " + this->serialize_match() + this->serialize_then();
sentence_separator = ";";
this->enabled_indents = true;
this->enble_block_headers = true;
}
std::string serialize_complete_exabgp_configuration() {
std::ostringstream buffer;
buffer << "neighbor 127.0.0.1 {"
<< "\n"
<< four_spaces << "router-id 1.2.3.4;"
<< "\n"
<< four_spaces << "local-address 127.0.0.1;"
<< "\n"
<< four_spaces << "local-as 1;"
<< "\n"
<< four_spaces << "peer-as 1;"
<< "\n"
<< four_spaces << "group-updates false;"
<< "\n\n";
buffer << four_spaces << "family {"
<< "\n"
<< four_spaces << four_spaces << "ipv4 flow;"
<< "\n"
<< four_spaces << four_spaces << "ipv6 flow;"
<< "\n"
<< four_spaces << "}"
<< "\n";
buffer << "flow {"
<< "\n";
buffer << this->serialize();
buffer << "}"
<< "\n";
buffer << "}"
<< "\n";
return buffer.str();
}
std::string serialize() {
std::ostringstream buffer;
buffer << "route {";
if (enabled_indents) {
buffer << "\n";
}
buffer << this->serialize_match();
buffer << this->serialize_then();
if (enabled_indents) {
buffer << "\n";
}
buffer << "}";
if (enabled_indents) {
buffer << "\n";
}
return buffer.str();
}
std::string serialize_match() {
std::ostringstream buffer;
if (enabled_indents) {
buffer << four_spaces;
}
if (enble_block_headers) {
buffer << "match {";
}
if (enabled_indents) {
buffer << "\n";
}
// Match block
if (this->source_subnet_used) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << serialize_source_subnet();
if (enabled_indents) {
buffer << "\n";
}
}
if (this->destination_subnet_used) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << serialize_destination_subnet();
if (enabled_indents) {
buffer << "\n";
}
}
if (!this->protocols.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_protocols();
if (enabled_indents) {
buffer << "\n";
}
}
// If we have TCP in protocols list explicitly, we add flags
if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) != this->protocols.end()) {
if (!this->tcp_flags.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_tcp_flags();
if (enabled_indents) {
buffer << "\n";
}
}
}
if (!this->source_ports.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_source_ports();
if (enabled_indents) {
buffer << "\n";
}
}
if (!this->destination_ports.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_destination_ports();
if (enabled_indents) {
buffer << "\n";
}
}
if (!this->packet_lengths.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_packet_lengths();
if (enabled_indents) {
buffer << "\n";
}
}
if (!this->fragmentation_flags.empty()) {
if (enabled_indents) {
buffer << four_spaces << four_spaces;
}
buffer << this->serialize_fragmentation_flags();
if (enabled_indents) {
buffer << "\n";
}
}
// Match block end
if (enabled_indents) {
buffer << four_spaces;
}
if (enble_block_headers) {
buffer << "}";
}
return buffer.str();
}
std::string serialize_then() {
std::ostringstream buffer;
if (enabled_indents) {
buffer << "\n" << four_spaces;
}
if (enble_block_headers) {
buffer << "then {";
}
if (enabled_indents) {
buffer << "\n";
buffer << four_spaces << four_spaces;
}
// Set same sentence separator as in main class
this->action.set_sentence_separator(this->sentence_separator);
buffer << this->action.serialize();
if (enabled_indents) {
buffer << "\n";
buffer << four_spaces;
}
if (enble_block_headers) {
buffer << "}";
}
return buffer.str();
}
private:
std::string four_spaces;
bool enabled_indents;
bool enble_block_headers;
std::string sentence_separator;
};
bool read_bgp_community_from_string(std::string community_as_string, bgp_community_attribute_element_t& bgp_community_attribute_element);
bool is_bgp_community_valid(std::string community_as_string);

299
src/fastnetmon_tests.cpp
View File

@ -19,305 +19,6 @@
log4cpp::Category& logger = log4cpp::Category::getRoot();
TEST(BgpFlowSpec, protocol_check_udp) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ udp ];");
}
TEST(BgpFlowSpec, protocol_check_tcp) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_TCP);
EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ tcp ];");
}
TEST(BgpFlowSpec, protocol_check_icmp) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_ICMP);
EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ icmp ];");
}
TEST(BgpFlowSpec, protocol_check_mix) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_TCP);
EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ udp tcp ];");
}
TEST(BgpFlowSpec, packet_length) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_packet_length(777);
exabgp_rule.add_packet_length(1122);
EXPECT_EQ(exabgp_rule.serialize_packet_lengths(), "packet-length [ =777 =1122 ];");
}
TEST(BgpFlowSpec, source_subnet) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
EXPECT_EQ(exabgp_rule.serialize_source_subnet(), "source 4.0.0.0/24;");
}
TEST(BgpFlowSpec, destination_subnet) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24"));
EXPECT_EQ(exabgp_rule.serialize_destination_subnet(), "destination 77.0.0.0/24;");
}
TEST(BgpFlowSpec, source_port) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_source_port(53);
EXPECT_EQ(exabgp_rule.serialize_source_ports(), "source-port [ =53 ];");
}
TEST(BgpFlowSpec, destaination_port) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_destination_port(53);
EXPECT_EQ(exabgp_rule.serialize_destination_ports(), "destination-port [ =53 ];");
}
TEST(BgpFlowSpec, source_ports) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_source_port(53);
exabgp_rule.add_source_port(7777);
EXPECT_EQ(exabgp_rule.serialize_source_ports(), "source-port [ =53 =7777 ];");
}
TEST(BgpFlowSpec, destaination_ports) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_destination_port(53);
exabgp_rule.add_destination_port(1900);
EXPECT_EQ(exabgp_rule.serialize_destination_ports(), "destination-port [ =53 =1900 ];");
}
TEST(BgpFlowSpec, fragmentation_is_fragment) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ is-fragment ];");
}
TEST(BgpFlowSpec, fragmentation_first_fragment) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_FIRST_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ first-fragment ];");
}
TEST(BgpFlowSpec, fragmentation_dont_fragment) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ dont-fragment ];");
}
TEST(BgpFlowSpec, fragmentation_last_fragment) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_LAST_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ last-fragment ];");
}
TEST(BgpFlowSpec, fragmentation_not_a_fragment) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_NOT_A_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ not-a-fragment ];");
}
TEST(BgpFlowSpec, fragmentation_fragments) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_fragmentation_flag(FLOW_NOT_A_FRAGMENT);
EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ not-a-fragment ];");
}
// tcp flags tests
TEST(BgpFlowSpec, syn) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_SYN);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ syn ];");
}
TEST(BgpFlowSpec, rst) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_RST);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ rst ];");
}
TEST(BgpFlowSpec, ack) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_ACK);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ ack ];");
}
TEST(BgpFlowSpec, fin) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_FIN);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ fin ];");
}
TEST(BgpFlowSpec, psh) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_PSH);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ push ];");
}
TEST(BgpFlowSpec, urg) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_URG);
EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ urgent ];");
}
TEST(BgpFlowSpec, serialize_match_first) {
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
exabgp_rule.add_source_port(53);
exabgp_rule.add_destination_port(80);
exabgp_rule.add_packet_length(777);
exabgp_rule.add_packet_length(1122);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
// Disable indentation
exabgp_rule.disable_indents();
EXPECT_EQ(exabgp_rule.serialize_match(),
"match {source 4.0.0.0/24;destination 127.0.0.0/24;protocol [ udp ];source-port [ "
"=53 ];destination-port [ =80 ];packet-length [ =777 =1122 ];fragment [ is-fragment "
"dont-fragment ];}");
}
TEST(BgpFlowSpec, serialize_then_first) {
exabgp_flow_spec_rule_t exabgp_rule;
bgp_flow_spec_action_t my_action;
// my_action.set_type(FLOW_SPEC_ACTION_ACCEPT);
my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT);
my_action.set_rate_limit(1024);
exabgp_rule.set_action(my_action);
exabgp_rule.disable_indents();
EXPECT_EQ(exabgp_rule.serialize_then(), "then {rate-limit 1024;}");
}
TEST(BgpFlowSpec, serialize_signle_line) {
bgp_flow_spec_action_t my_action;
// my_action.set_type(FLOW_SPEC_ACTION_ACCEPT);
my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT);
my_action.set_rate_limit(1024);
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
exabgp_rule.add_source_port(53);
exabgp_rule.add_destination_port(80);
exabgp_rule.add_packet_length(777);
exabgp_rule.add_packet_length(1122);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
EXPECT_EQ(exabgp_rule.serialize_single_line_exabgp_v4_configuration(),
"flow route source 4.0.0.0/24 destination 127.0.0.0/24 protocol [ udp ] source-port "
"[ =53 ] destination-port [ =80 ] packet-length [ =777 =1122 ] fragment [ "
"is-fragment dont-fragment ] rate-limit 1024 ");
}
TEST(BgpFlowSpec, serialize_whole_single_line_form) {
bgp_flow_spec_action_t my_action;
// my_action.set_type(FLOW_SPEC_ACTION_ACCEPT);
my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT);
my_action.set_rate_limit(1024);
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
exabgp_rule.add_source_port(53);
exabgp_rule.add_destination_port(80);
exabgp_rule.add_packet_length(777);
exabgp_rule.add_packet_length(1122);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
// TBD
}
TEST(BgpFlowSpec, serialize_with_real_exabgp) {
bgp_flow_spec_action_t my_action;
// my_action.set_type(FLOW_SPEC_ACTION_ACCEPT);
my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT);
my_action.set_rate_limit(1024);
exabgp_flow_spec_rule_t exabgp_rule;
exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP);
exabgp_rule.add_source_port(53);
exabgp_rule.add_destination_port(80);
exabgp_rule.add_packet_length(777);
exabgp_rule.add_packet_length(1122);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT);
exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT);
exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24"));
exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24"));
exabgp_rule.set_action(my_action);
// exabgp_rule.disable_indents();
std::string exabgp_configuration = exabgp_rule.serialize_complete_exabgp_configuration();
std::ofstream config_file;
config_file.open("/tmp/exabgp_test_config.conf", std::ios::trunc);
if (config_file.is_open()) {
config_file << exabgp_configuration;
config_file.close();
}
int system_ret_code = system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null");
EXPECT_EQ(system_ret_code, 0);
}
// Flow Spec actions tests
TEST(BgpFlowSpecAction, rate_limit) {