Add danos-service-flowstat

README.md

@@ -0,0 +1,42 @@
+# DANOS Dataplane flowstat plugin
+
+This repository includes the operational templates, configuration scripts and yang for flowstat plugin.
+
+# How to configure
+First, create a firewall with DPI enabled as [link](https://danosproject.atlassian.net/wiki/spaces/DAN/pages/544243713/Deep+Packet+Inspection#4.1.-An-application-firewall-allows-access-to-permitted-websites-while-blocking-all-other-web-traffic)
+
+Enable flow stat on interface
+```sh
+set interfaces dataplane dp0p33p1 flow-stat enable
+```
+
+Make a http request
+```sh
+curl http://google.com
+```
+
+Check for log was exported
+```sh
+journalctl -u vyatta-dataplane -b -f |grep FLOWSTAT
+```
+You should see something like
+```sh
+Apr 07 13:14:27 node dataplane[3228]: FLOWSTAT: Flushed 1 logs
+```
+
+Show top 10 app by total bytes in last 5 minutes
+```sh
+root@node:~# show dataplane flow-stat dp0p33p1 5m top app bytes 
+{"items": [{"key": "Google", "in_bytes": 1017, "out_bytes": 544, "bytes": 1561}]}
+```
+
+Show timeseries bytes of Google app in last 5 minutes
+```sh
+root@node:~# show dataplane flow-stat dp0p33p1 5m timeseries app Google
+{"items": [{"timestamp": 1617801560, "in_bytes": 1017, "out_bytes": 544, "bytes": 1561}]}
+```
+
+Disable flowstat on all interfaces
+```sh
+set service flowstat disable
+```

debian/.gitignore

@@ -0,0 +1,11 @@
+tmp/
+build/
+.debhelper/
+*.debhelper
+python3-flowstat/
+danos-flowstatd/
+danos-service-flowstat-v1-yang/
+files
+*.log
+*.substvars
+

debian/changelog

@@ -0,0 +1,5 @@
+danos-service-flowstat (1.0.0) UNRELEASED; urgency=medium
+
+  * Initial release.
+
+ -- Dung Man <dung@fosec.vn>  Thu, 25 Mar 2021 10:46:02 +0000

debian/compat

@@ -0,0 +1 @@
+9

debian/control

@@ -0,0 +1,48 @@
+Source: danos-service-flowstat
+Section: contrib/net
+Priority: optional
+Maintainer: Dung Man <dung@fosec.vn>
+Build-Depends: meson,
+               debhelper (>= 9.20160709),
+               dh-exec,
+               dh-python,
+               python3,
+               python3-all,
+               python3-setuptools,
+Standards-Version: 4.3.0
+Homepage:
+
+Package: python3-flowstat
+Section: contrib/python
+Architecture: any
+Depends: ${misc:Depends},
+         ${python3:Depends},
+         python3
+Description: flowstat Python 3 Library.
+ Provides a flowstat library in Python 3.
+
+Package: danos-flowstatd
+Section: contrib/net
+Architecture: any
+Depends: ${misc:Depends},
+         python3,
+         python3-flowstat
+Description: Flowstat service.
+ A systemd service that calculate flow statistics.
+
+Package: danos-service-flowstat-v1-yang
+Section: contrib/net
+Architecture: all
+Depends: ${misc:Depends},
+         ${perl:Depends},
+         danos-flowstatd,
+         libdataplane-flowstat-plugin-proto-support,
+         perl (>= 5.8.8),
+         python3,
+         python3-flowstat,
+         python3-vplaned,
+         vyatta-cfg (>= 0.104),
+         vyatta-op
+Description: config/op yang, templates and scripts for flowstat plugin
+ The Vyatta configuration/operational YANG, templates and scripts for
+ flowstat plugin.

debian/copyright

@@ -0,0 +1,108 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 2021, SafePoint.
+License: Apache-2.0
+
+Files: lib/python/flowstat/flowstat.py
+ lib/python/flowstat/tests/data/gen_log.py
+ lib/python/flowstat/tests/test_flowstat.py
+ scripts/flowstat_show.py
+ scripts/flowstatd
+Copyright: 2021, SafePoint.
+License: Apache-2.0
+
+Files: yang/vyatta-service-flowstat-v1.yang
+Copyright: 2015-2016, Brocade Communications Systems, Inc.
+  2019-2020, AT&T Intellectual Property
+  2021, SafePoint
+License: BSD-3-clause
+
+Files: yang/vyatta-interfaces-flowstat-v1.yang
+Copyright: 2015-2016, Brocade Communications Systems, Inc.
+  2019, AT&T Intellectual Property
+  2021, SafePoint.
+License: BSD-3-clause
+
+Files: yang/vyatta-op-show-flowstat-v1.yang
+Copyright: 2018-2020, AT&T Intellectual Property.
+  2021, SafePoint.
+License: BSD-3-clause
+
+Files: scripts/vplane-flowstat.pl
+Copyright: 2015-2016, Brocade Communications Systems, Inc.
+  2019, AT&T Intellectual Property.
+  2021, SafePoint.
+License: GPL-2.0-only
+
+Files: scripts/flowstat_update_logrotate
+Copyright: 2019, AT&T Intellectual Property.
+  2021, SafePoint.
+License: GPL-2.0-only
+
+Files: setup.py.in
+Copyright: 2015, Brocade Communications Systems, Inc.
+  2021, SafePoint.
+License: LGPL-2.1-only
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+     http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License 2.0 can
+ be found in "/usr/share/common-licenses/Apache-2.0"
+
+License: LGPL-2.1-only
+ This package is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation;
+ version 2.1
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License can be found in "/usr/share/common-licenses/LGPL-2.1".
+
+License: GPL-2.0-only
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation;
+ version 2.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA  02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2'.
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

debian/danos-flowstatd.install

@@ -0,0 +1 @@
+scripts/flowstatd opt/vyatta/bin

debian/danos-flowstatd.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Flowstat Daemon
+
+[Service]
+Type=simple
+ExecStart=/opt/vyatta/bin/flowstatd
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

debian/danos-service-flowstat-v1-yang.install

@@ -0,0 +1,6 @@
+yang/vyatta-interfaces-flowstat-v1.yang usr/share/configd/yang
+yang/vyatta-op-show-flowstat-v1.yang usr/share/configd/yang
+yang/vyatta-service-flowstat-v1.yang usr/share/configd/yang
+scripts/flowstat_show.py opt/vyatta/bin
+scripts/flowstat_update_logrotate opt/vyatta/bin
+scripts/vplane-flowstat.pl opt/vyatta/bin

debian/rules

@@ -0,0 +1,31 @@
+#!/usr/bin/make -f
+# You must remove unused comment lines for the released package.
+# export DH_VERBOSE = 1
+export DEB_BUILD_MAINT_OPTIONS=hardening=+format,-fortify,-stackprotector,+relro,+bindnow
+export DEB_CFLAGS_MAINT_APPEND  = -O2
+# export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+export PYBUILD_NAME = flowstat
+export PYBUILD_SYSTEM = distutils
+export PYBUILD_TEST_ARGS_python3=$(CURDIR)/lib/python
+VERSION := $(shell dpkg-parsechangelog | grep '^Version: ' | awk '{print $$2}')
+
+%:
+	dh $@ --builddirectory=build --parallel --with systemd --with python3 --buildsystem=pybuild
+
+%.py: %.py.in
+	sed -e 's/__CHANGELOG_VERSION__/$(VERSION)/' < $< > $@
+
+override_dh_auto_clean: setup.py
+	dh_auto_clean
+
+override_dh_auto_configure: setup.py
+	dh_auto_configure
+
+override_dh_auto_build: setup.py
+	dh_auto_build
+
+override_dh_installinit:
+	dh_installinit -pdanos-flowstatd --no-start --noscripts
+
+override_dh_auto_install:
+	dh_auto_install

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

debian/source/local-options

@@ -0,0 +1,2 @@
+#abort-on-upstream-changes
+#unapply-patches

lib/python/flowstat/__init__.py

@@ -0,0 +1 @@
+from flowstat.flowstat import *