-
Notifications
You must be signed in to change notification settings - Fork 22
Linex
LInEx is a lightweight IPFIX exporter which allows transmitting information about the system and network state to a remote UDP collector. Alternatively, state information can be saved in a local XML file for export via e-mail, scp, or any other file transfer mechanism.
LInEx is being developed at the TU München for deployment on embedded devices, such as WLAN routers. In particular, it has been tested on Linksys router with OpenWrt Kamikaze v8.09 firmware.
The state data is extracted from text files in the local filesystem (e.g. proc files) and from the standard output of command line tools. The data extraction is performed with pattern matching using regular expressions. Each capturing group in a regular expression is written into a field in the resulting IPFIX record. Numerical values can be converted into binary format using transformation rules. Enterprise-specific Information Elements can be used to export data for which no standard Information Element exists in the IPFIX registry at IANA.
Examples of useful state data which can be exported with LInEx are:
- ''/proc/net/dev'' - number of packets were sent and received
- output of ''iwconfig'' - SSID, WLAN Channel, WLAN data transfer rate, frequency of all available clients, etc.
- output of ''htop'' - CPU load of the device
- output of ''free'' - memory statistics of the device
LInEx makes use of ipfixlolib, which is Vermont's IPFIX exporter library written in C. Apart from that, it is composed composed of four modules:
- ''core.c/h'' - the main modul controls and manages the other modules
- ''config_file.c/h'' - reads the configuration file
- ''ipfix_templates.c/h'' - generates and passes the templates to ipfixlolib
- ''load_data.c/h'' - loads the data from the source into a temporary input buffer
- ''ipfix_data.c/h'' - extracts field values from the input buffer using pattern matching, applies transformation rules and saves the result in the send buffer which is sent to the collector
The application flow is as follows: * The configuration file is read and interpreted. * The IPFIX templates as well as the collectors are configured. * In a loop, data is periodically extracted from the sources defined in the configuration files and exported to the collectors.
At the moment, IPFIX export always uses UDP as transport protocol. TCP is not implemented in ipfixlolib and SCTP is not supported by OpenWrt. Similarly, DTLS is not supported because OpenWrt firmware does not include OpenSSL 1.0 at the time of writing.
The source code of LInEx is published under the conditions of GPL2 and can be downloaded from Vermont's subversion repository:
svn checkout svn://svn.berlios.de/vermont/branches/ipfix-wrt/LInEx/
Have a look in the README file and follow the installation instructions. The following tools and libraries are needed to build LInEx:
- GNU C compiler and standard libraries
- cmake
- C crosscompiler for building embedded Linux executable (e.g. OpenWrt SDK)
For convenient compilation, you may use the shell scripts ''compileX86.sh'' for x86 architectures and ''compileMIPS.sh'' for MIPS (or other embedded Linux) architectures. Before using ''compileMIPS.sh'', you need to adjust the path to the crosscompiler.
For installation on a WLAN router, you need to copy the executable and the configuration file to the router, e.g. using ''scp''.
LInEx is configured with a configuration file which is indicated as a command line parameter:
./LInEx -f <config-file>
Syntax and semantic of the configuration file are explained in the README file. It is useful to look at the provided sample configuration file which provide comprehensive examples.
Here is a brief overview on the different keywords used in the configuration file:
Keyword | Meaning |
COLLECTOR | IPv4 address and port of a remote UDP collector (written as A.B.C.D:E). This parameter may appear multiple times. |
ODID | Observation Domain ID in the IPFIX message headers. |
INTERVAL | Export interval, i.e. waiting time between successive exports. |
RECORD | Definition of a record composed of fields from multiple sources. |
MULTIRECORD | Definition of a set of records composed of fields from one source. |
FILE | Source file and regular expression applied to it. Thereafter, field length, transformation rule, IPFIX Information Element ID, and enterprise number are specified for every field (or capturing group). |
COMMAND | Command and regular expression applied to its output. Thereafter, field length, transformation rule, IPFIX Information Element ID, and enterprise number are specified for every field (or capturing group). |
XMLFILE | Name of a local XML file. |
XMLPOSTPROCESSING | Command which is executed after each update of the XML file. |
XMLRECORD | Definition of a root XML element in the XML file. The root XML element may include multiple XML elements with data extracted from one or multiple sources. |
[1] Kameliya Terzieva. Export von Netzstatusinformationen aus WLAN-Routern mit IPFIX. Bachelor Thesis, Technische Universität München, February 2010.
[2] Andreas Müller, Gerhard Münz, and Georg Carle. Collecting Router Information for Error Diagnosis and Troubleshooting in Home Networks. In Proc. of International Workshop on Wireless and Internet Services (WISe), held in conjunction with the IEEE Conference on Local Computer Networks 2011 (LCN), Bonn, Germany, October 2011.