From a3e5431b7940f3659a05070d7208b7ec0a1ff9a6 Mon Sep 17 00:00:00 2001 From: Pavel Odintsov Date: Fri, 29 Jul 2022 17:44:07 +0100 Subject: [PATCH] Removed ExaBGP powered Flow Spec implementation. We've decided to use only GoBGP for flow spec as it's only developer friendly option we have in place --- src/bgp_protocol.hpp | 319 --------------------------------------- src/fastnetmon_tests.cpp | 299 ------------------------------------ 2 files changed, 618 deletions(-) diff --git a/src/bgp_protocol.hpp b/src/bgp_protocol.hpp index 5cccbca..ed6512c 100644 --- a/src/bgp_protocol.hpp +++ b/src/bgp_protocol.hpp @@ -211,324 +211,5 @@ class flow_spec_rule_t { bgp_flow_spec_action_t action; }; -class exabgp_flow_spec_rule_t : public flow_spec_rule_t { - public: - exabgp_flow_spec_rule_t() { - four_spaces = " "; - sentence_separator = ";"; - - this->enabled_indents = true; - this->enble_block_headers = true; - } - - void disable_indents() { - enabled_indents = false; - } - - std::string serialize_source_ports() { - std::ostringstream output_buffer; - - output_buffer << "source-port [ " << serialize_vector_by_string_with_prefix(this->source_ports, " ", "=") - << " ]" << sentence_separator; - - return output_buffer.str(); - } - - std::string serialize_destination_ports() { - std::ostringstream output_buffer; - - output_buffer << "destination-port [ " - << serialize_vector_by_string_with_prefix(this->destination_ports, " ", "=") << " ]" - << sentence_separator; - - return output_buffer.str(); - } - - std::string serialize_packet_lengths() { - std::ostringstream output_buffer; - - output_buffer << "packet-length [ " << serialize_vector_by_string_with_prefix(this->packet_lengths, " ", "=") - << " ]" << sentence_separator; - - return output_buffer.str(); - } - - - std::string serialize_protocols() { - std::ostringstream output_buffer; - - output_buffer << "protocol [ " << serialize_vector_by_string(this->protocols, " ") << " ]" << sentence_separator; - - return output_buffer.str(); - } - std::string serialize_fragmentation_flags() { - std::ostringstream output_buffer; - - output_buffer << "fragment [ " << serialize_vector_by_string(this->fragmentation_flags, " ") << " ]" << sentence_separator; - - return output_buffer.str(); - } - - std::string serialize_tcp_flags() { - std::ostringstream output_buffer; - - output_buffer << "tcp-flags [ " << serialize_vector_by_string(this->tcp_flags, " ") << " ]" << sentence_separator; - - return output_buffer.str(); - } - - std::string serialize_source_subnet() { - return "source " + convert_subnet_to_string(this->source_subnet) + sentence_separator; - } - - std::string serialize_destination_subnet() { - return "destination " + convert_subnet_to_string(this->destination_subnet) + sentence_separator; - } - - // More details regarding format: https://github.com/Exa-Networks/exabgp/blob/master/qa/conf/api-flow.run - // https://plus.google.com/+ThomasMangin/posts/bL6w16BXcJ4 - // This format is INCOMPATIBLE with ExaBGP v3, please be careful! - std::string serialize_single_line_exabgp_v4_configuration() { - this->enabled_indents = false; - this->enble_block_headers = false; - sentence_separator = " "; - - return "flow route " + this->serialize_match() + this->serialize_then(); - - sentence_separator = ";"; - this->enabled_indents = true; - this->enble_block_headers = true; - } - - std::string serialize_complete_exabgp_configuration() { - std::ostringstream buffer; - - buffer << "neighbor 127.0.0.1 {" - << "\n" - << four_spaces << "router-id 1.2.3.4;" - << "\n" - << four_spaces << "local-address 127.0.0.1;" - << "\n" - << four_spaces << "local-as 1;" - << "\n" - << four_spaces << "peer-as 1;" - << "\n" - << four_spaces << "group-updates false;" - << "\n\n"; - - buffer << four_spaces << "family {" - << "\n" - << four_spaces << four_spaces << "ipv4 flow;" - << "\n" - << four_spaces << four_spaces << "ipv6 flow;" - << "\n" - << four_spaces << "}" - << "\n"; - - buffer << "flow {" - << "\n"; - buffer << this->serialize(); - buffer << "}" - << "\n"; - - buffer << "}" - << "\n"; - - return buffer.str(); - } - - std::string serialize() { - std::ostringstream buffer; - - buffer << "route {"; - - if (enabled_indents) { - buffer << "\n"; - } - - buffer << this->serialize_match(); - buffer << this->serialize_then(); - - if (enabled_indents) { - buffer << "\n"; - } - - buffer << "}"; - - if (enabled_indents) { - buffer << "\n"; - } - - return buffer.str(); - } - - std::string serialize_match() { - std::ostringstream buffer; - - if (enabled_indents) { - buffer << four_spaces; - } - - if (enble_block_headers) { - buffer << "match {"; - } - - if (enabled_indents) { - buffer << "\n"; - } - - // Match block - if (this->source_subnet_used) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << serialize_source_subnet(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - if (this->destination_subnet_used) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << serialize_destination_subnet(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - if (!this->protocols.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_protocols(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - // If we have TCP in protocols list explicitly, we add flags - if (find(this->protocols.begin(), this->protocols.end(), FLOW_SPEC_PROTOCOL_TCP) != this->protocols.end()) { - - if (!this->tcp_flags.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_tcp_flags(); - - if (enabled_indents) { - buffer << "\n"; - } - } - } - - if (!this->source_ports.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_source_ports(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - if (!this->destination_ports.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_destination_ports(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - if (!this->packet_lengths.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_packet_lengths(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - if (!this->fragmentation_flags.empty()) { - if (enabled_indents) { - buffer << four_spaces << four_spaces; - } - - buffer << this->serialize_fragmentation_flags(); - - if (enabled_indents) { - buffer << "\n"; - } - } - - // Match block end - if (enabled_indents) { - buffer << four_spaces; - } - - if (enble_block_headers) { - buffer << "}"; - } - - return buffer.str(); - } - - std::string serialize_then() { - std::ostringstream buffer; - - if (enabled_indents) { - buffer << "\n" << four_spaces; - } - - if (enble_block_headers) { - buffer << "then {"; - } - - if (enabled_indents) { - buffer << "\n"; - buffer << four_spaces << four_spaces; - } - - // Set same sentence separator as in main class - this->action.set_sentence_separator(this->sentence_separator); - - buffer << this->action.serialize(); - - if (enabled_indents) { - buffer << "\n"; - buffer << four_spaces; - } - - if (enble_block_headers) { - buffer << "}"; - } - - return buffer.str(); - } - - private: - std::string four_spaces; - bool enabled_indents; - bool enble_block_headers; - std::string sentence_separator; -}; - bool read_bgp_community_from_string(std::string community_as_string, bgp_community_attribute_element_t& bgp_community_attribute_element); bool is_bgp_community_valid(std::string community_as_string); diff --git a/src/fastnetmon_tests.cpp b/src/fastnetmon_tests.cpp index f63ae19..cc76096 100644 --- a/src/fastnetmon_tests.cpp +++ b/src/fastnetmon_tests.cpp @@ -19,305 +19,6 @@ log4cpp::Category& logger = log4cpp::Category::getRoot(); -TEST(BgpFlowSpec, protocol_check_udp) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - - EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ udp ];"); -} - -TEST(BgpFlowSpec, protocol_check_tcp) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_TCP); - - EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ tcp ];"); -} - -TEST(BgpFlowSpec, protocol_check_icmp) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_ICMP); - - EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ icmp ];"); -} - - -TEST(BgpFlowSpec, protocol_check_mix) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_TCP); - - EXPECT_EQ(exabgp_rule.serialize_protocols(), "protocol [ udp tcp ];"); -} - -TEST(BgpFlowSpec, packet_length) { - exabgp_flow_spec_rule_t exabgp_rule; - - exabgp_rule.add_packet_length(777); - exabgp_rule.add_packet_length(1122); - EXPECT_EQ(exabgp_rule.serialize_packet_lengths(), "packet-length [ =777 =1122 ];"); -} - -TEST(BgpFlowSpec, source_subnet) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24")); - - EXPECT_EQ(exabgp_rule.serialize_source_subnet(), "source 4.0.0.0/24;"); -} - -TEST(BgpFlowSpec, destination_subnet) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("77.0.0.0/24")); - - EXPECT_EQ(exabgp_rule.serialize_destination_subnet(), "destination 77.0.0.0/24;"); -} - -TEST(BgpFlowSpec, source_port) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_source_port(53); - - EXPECT_EQ(exabgp_rule.serialize_source_ports(), "source-port [ =53 ];"); -} - -TEST(BgpFlowSpec, destaination_port) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_destination_port(53); - - EXPECT_EQ(exabgp_rule.serialize_destination_ports(), "destination-port [ =53 ];"); -} - -TEST(BgpFlowSpec, source_ports) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_source_port(53); - exabgp_rule.add_source_port(7777); - - EXPECT_EQ(exabgp_rule.serialize_source_ports(), "source-port [ =53 =7777 ];"); -} - -TEST(BgpFlowSpec, destaination_ports) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_destination_port(53); - exabgp_rule.add_destination_port(1900); - - EXPECT_EQ(exabgp_rule.serialize_destination_ports(), "destination-port [ =53 =1900 ];"); -} - -TEST(BgpFlowSpec, fragmentation_is_fragment) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ is-fragment ];"); -} - -TEST(BgpFlowSpec, fragmentation_first_fragment) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_FIRST_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ first-fragment ];"); -} - -TEST(BgpFlowSpec, fragmentation_dont_fragment) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ dont-fragment ];"); -} - -TEST(BgpFlowSpec, fragmentation_last_fragment) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_LAST_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ last-fragment ];"); -} - -TEST(BgpFlowSpec, fragmentation_not_a_fragment) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_NOT_A_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ not-a-fragment ];"); -} - - -TEST(BgpFlowSpec, fragmentation_fragments) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_fragmentation_flag(FLOW_NOT_A_FRAGMENT); - - EXPECT_EQ(exabgp_rule.serialize_fragmentation_flags(), "fragment [ not-a-fragment ];"); -} - -// tcp flags tests -TEST(BgpFlowSpec, syn) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_SYN); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ syn ];"); -} - -TEST(BgpFlowSpec, rst) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_RST); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ rst ];"); -} - -TEST(BgpFlowSpec, ack) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_ACK); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ ack ];"); -} - -TEST(BgpFlowSpec, fin) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_FIN); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ fin ];"); -} - -TEST(BgpFlowSpec, psh) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_PSH); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ push ];"); -} - -TEST(BgpFlowSpec, urg) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_tcp_flag(FLOW_TCP_FLAG_URG); - - EXPECT_EQ(exabgp_rule.serialize_tcp_flags(), "tcp-flags [ urgent ];"); -} - -TEST(BgpFlowSpec, serialize_match_first) { - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - exabgp_rule.add_source_port(53); - exabgp_rule.add_destination_port(80); - - exabgp_rule.add_packet_length(777); - exabgp_rule.add_packet_length(1122); - - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT); - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT); - - exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24")); - exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24")); - - // Disable indentation - exabgp_rule.disable_indents(); - - EXPECT_EQ(exabgp_rule.serialize_match(), - "match {source 4.0.0.0/24;destination 127.0.0.0/24;protocol [ udp ];source-port [ " - "=53 ];destination-port [ =80 ];packet-length [ =777 =1122 ];fragment [ is-fragment " - "dont-fragment ];}"); -} - -TEST(BgpFlowSpec, serialize_then_first) { - exabgp_flow_spec_rule_t exabgp_rule; - - bgp_flow_spec_action_t my_action; - // my_action.set_type(FLOW_SPEC_ACTION_ACCEPT); - my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT); - my_action.set_rate_limit(1024); - - exabgp_rule.set_action(my_action); - - exabgp_rule.disable_indents(); - - EXPECT_EQ(exabgp_rule.serialize_then(), "then {rate-limit 1024;}"); -} - -TEST(BgpFlowSpec, serialize_signle_line) { - bgp_flow_spec_action_t my_action; - // my_action.set_type(FLOW_SPEC_ACTION_ACCEPT); - my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT); - my_action.set_rate_limit(1024); - - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - exabgp_rule.add_source_port(53); - exabgp_rule.add_destination_port(80); - - exabgp_rule.add_packet_length(777); - exabgp_rule.add_packet_length(1122); - - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT); - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT); - - exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24")); - exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24")); - - exabgp_rule.set_action(my_action); - - EXPECT_EQ(exabgp_rule.serialize_single_line_exabgp_v4_configuration(), - "flow route source 4.0.0.0/24 destination 127.0.0.0/24 protocol [ udp ] source-port " - "[ =53 ] destination-port [ =80 ] packet-length [ =777 =1122 ] fragment [ " - "is-fragment dont-fragment ] rate-limit 1024 "); -} - -TEST(BgpFlowSpec, serialize_whole_single_line_form) { - bgp_flow_spec_action_t my_action; - // my_action.set_type(FLOW_SPEC_ACTION_ACCEPT); - my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT); - my_action.set_rate_limit(1024); - - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - exabgp_rule.add_source_port(53); - exabgp_rule.add_destination_port(80); - - exabgp_rule.add_packet_length(777); - exabgp_rule.add_packet_length(1122); - - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT); - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT); - - exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24")); - exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24")); - - exabgp_rule.set_action(my_action); - - // TBD -} - -TEST(BgpFlowSpec, serialize_with_real_exabgp) { - bgp_flow_spec_action_t my_action; - // my_action.set_type(FLOW_SPEC_ACTION_ACCEPT); - my_action.set_type(FLOW_SPEC_ACTION_RATE_LIMIT); - my_action.set_rate_limit(1024); - - exabgp_flow_spec_rule_t exabgp_rule; - exabgp_rule.add_protocol(FLOW_SPEC_PROTOCOL_UDP); - exabgp_rule.add_source_port(53); - exabgp_rule.add_destination_port(80); - - exabgp_rule.add_packet_length(777); - exabgp_rule.add_packet_length(1122); - - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_IS_A_FRAGMENT); - exabgp_rule.add_fragmentation_flag(FLOW_SPEC_DONT_FRAGMENT); - - exabgp_rule.set_destination_subnet(convert_subnet_from_string_to_binary_with_cidr_format("127.0.0.0/24")); - exabgp_rule.set_source_subnet(convert_subnet_from_string_to_binary_with_cidr_format("4.0.0.0/24")); - - exabgp_rule.set_action(my_action); - - // exabgp_rule.disable_indents(); - std::string exabgp_configuration = exabgp_rule.serialize_complete_exabgp_configuration(); - - std::ofstream config_file; - config_file.open("/tmp/exabgp_test_config.conf", std::ios::trunc); - - if (config_file.is_open()) { - config_file << exabgp_configuration; - config_file.close(); - } - - int system_ret_code = system("/usr/src/exabgp/sbin/exabgp --test /tmp/exabgp_test_config.conf 2>/dev/null"); - - EXPECT_EQ(system_ret_code, 0); -} - - // Flow Spec actions tests TEST(BgpFlowSpecAction, rate_limit) {