From owner-svn-ports-head@FreeBSD.ORG Thu Feb 20 21:06:46 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD3BB375; Thu, 20 Feb 2014 21:06:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C720F1086; Thu, 20 Feb 2014 21:06:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1KL6jDK054293; Thu, 20 Feb 2014 21:06:45 GMT (envelope-from zi@svn.freebsd.org) Received: (from zi@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1KL6hHS054282; Thu, 20 Feb 2014 21:06:43 GMT (envelope-from zi@svn.freebsd.org) Message-Id: <201402202106.s1KL6hHS054282@svn.freebsd.org> From: Ryan Steinmetz Date: Thu, 20 Feb 2014 21:06:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r345266 - in head/net: . exaddos exaddos/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Feb 2014 21:06:46 -0000 Author: zi Date: Thu Feb 20 21:06:43 2014 New Revision: 345266 URL: http://svnweb.freebsd.org/changeset/ports/345266 QAT: https://qat.redports.org/buildarchive/r345266/ Log: New port: net/exaddos: ExaDDOS is an application able to gather different data sources to present a real time unified view of your network. It can gather: * SNMP information at your edge * IPFIX export from your routers And present it using a web interface. Our goal is to very quickly integrate it with ExaBGP to allow a "one click" anti-DDOS solution. Features include: * An RRD based solution for interface traffic graphing * AS-STATS to find which peers are our top talkers * NFSEN to collect, store and search flows * An ExaDDOS like internal solution, to quickly identify which IPs are causing an attack WWW: https://github.com/Exa-Networks/exaddos Added: head/net/exaddos/ head/net/exaddos/Makefile (contents, props changed) head/net/exaddos/distinfo (contents, props changed) head/net/exaddos/files/ head/net/exaddos/files/exaddos.conf.sample.in (contents, props changed) head/net/exaddos/files/exaddos.in (contents, props changed) head/net/exaddos/files/exaddos.sh.in (contents, props changed) head/net/exaddos/files/pkg-message.in (contents, props changed) head/net/exaddos/pkg-descr (contents, props changed) head/net/exaddos/pkg-plist (contents, props changed) Modified: head/net/Makefile Modified: head/net/Makefile ============================================================================== --- head/net/Makefile Thu Feb 20 21:00:31 2014 (r345265) +++ head/net/Makefile Thu Feb 20 21:06:43 2014 (r345266) @@ -131,6 +131,7 @@ SUBDIR += etherboot SUBDIR += etrace SUBDIR += exabgp + SUBDIR += exaddos SUBDIR += findmtu SUBDIR += flowgrep SUBDIR += fonulator Added: head/net/exaddos/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/Makefile Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,46 @@ +# Created by: Ryan Steinmetz +# $FreeBSD$ + +PORTNAME= exaddos +PORTVERSION= 0.4.0 +CATEGORIES= net +MASTER_SITES= GH GHC \ + http://mirrors.rit.edu/zi/ +EXTRACT_SUFX= .tgz + +MAINTAINER= zi@FreeBSD.org +COMMENT= Monitor your network for DDoS + +LICENSE= BSD + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}snmp4-mibs>=0.1.4:${PORTSDIR}/net-mgmt/py-snmp4-mibs \ + ${PYTHON_PKGNAMEPREFIX}snmp4>=4.2.3:${PORTSDIR}/net-mgmt/py-snmp4 + +USE_GITHUB= yes +GH_ACCOUNT= Exa-Networks +GH_TAGNAME= ${PORTVERSION} +GH_COMMIT= 4e93fc1 +USE_PYTHON= yes +SUB_FILES= pkg-message exaddos.sh exaddos.conf.sample +SUB_LIST= PYTHON_LIBDIR=${PYTHON_LIBDIR} PYTHON_CMD=${PYTHON_CMD} \ + PYTHON_SITELIBDIR=${PYTHON_SITELIBDIR} +USE_RC_SUBR= ${PORTNAME} + +USERS= ${PORTNAME} +GROUPS= ${PORTNAME} + +do-build: + @${PYTHON_CMD} -m compileall ${WRKSRC}/lib + +do-install: + @${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/sbin/${PORTNAME} + @${MKDIR} ${STAGEDIR}${PYTHON_SITELIBDIR}/${PORTNAME} ${STAGEDIR}${ETCDIR} + @(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${PYTHON_SITELIBDIR}) + @(cd ${WRKSRC}/data/${PORTNAME} && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/www/${PORTNAME}) + @${INSTALL_DATA} ${WRKDIR}/exaddos.conf.sample \ + ${STAGEDIR}${ETCDIR} + +post-install: + @${CAT} ${PKGMESSAGE} + +.include Added: head/net/exaddos/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/distinfo Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,2 @@ +SHA256 (exaddos-0.4.0.tgz) = e13b4746f089fb13774ac96fcfd4c62e19df94f2491673a50dd0f4145ac1e399 +SIZE (exaddos-0.4.0.tgz) = 358330 Added: head/net/exaddos/files/exaddos.conf.sample.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/files/exaddos.conf.sample.in Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,75 @@ +[exaddos.daemon] +daemonize = true +user = 'exaddos' +pidfile = '/var/run/exaddos/exaddos.pid' + +[exaddos.http] +host = '127.0.0.1' +port = 8080 + +[exaddos.ipfix] +host = '127.0.0.1' +port = 29300 + + +[exaddos.location] +database = '/var/db/exaddos/exaddos.sqlite3' +html = '%%PREFIX%%/www/exaddos/html' + +[exaddos.profile] +destination = 'stdout' +enable = false + +# threshold: expressed in pps + +[exaddos.PEER1] +router = '127.0.0.2' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 120 +snmp_index_vlan = 100 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.PEER2] +router = '127.0.0.2' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 120 +snmp_index_vlan = 110 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.TRANSIT1] +router = '127.0.0.3' +location = 'datacenter' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 220 +snmp_index_vlan = 140 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.router] +router = '192.0.2.123' +snmp_version = 3 +snmp_user = 'exaddos' +snmp_auth_method = 'SHA' +snmp_auth_key = 'pass7faYDFagREF6DasdG' +snmp_privacy_method = 'AES-128' +snmp_privacy_key = 'privTasvRT3gfg4GFsGHV' +snmp_frequency = 10 +snmp_index_port = 520 +snmp_index_vlan = 573 +threshold_bandwidth = 524288000 +threshold_unicast = 120000 +threshold_notunicast = 1500 Added: head/net/exaddos/files/exaddos.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/files/exaddos.in Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,58 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: exaddos +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following line(s) to /etc/rc.conf to enable exaddos: +# +# exaddos_enable="YES" + +. /etc/rc.subr + +name=exaddos +rcvar=exaddos_enable + +load_rc_config $name + +exaddos_enable=${exaddos_enable:-"NO"} +exaddos_conf=${exaddos_conf:-"%%ETCDIR%%/exaddos.conf"} + +pidfile=/var/run/${name}/${name}.pid + +required_files=${exaddos_conf} + +command="%%PYTHON_SITELIBDIR%%/${name}/application.py" +procname="%%PYTHON_CMD%%" + +start_cmd="exaddos_start" +reload_all_cmd="exaddos_reload_all" +extra_commands="reload reload_all" +sig_reload="USR1" + +exaddos_start() +{ + if [ -z "$rc_fast" -a -n "$rc_pid" ]; then + echo 1>&2 "${name} already running? (pid=$rc_pid)." + return 1 + fi + + echo "Starting ${name}." + + install -d -o exaddos -g exaddos -m 755 /var/run/${name} + install -d -o exaddos -g exaddos -m 750 /var/db/${name} + rm -f ${pidfile} + + ${procname} -m exaddos.debug ${command} -c ${exaddos_conf} +} + +exaddos_reload_all() +{ + echo "Reloading exaddos configuration and processes." + kill -USR2 $rc_pid +} + + +run_rc_command "$1" Added: head/net/exaddos/files/exaddos.sh.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/files/exaddos.sh.in Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,16 @@ +#!/bin/sh + +export PYTHONPATH=%%PYTHON_LIBDIR%%:%%PYTHON_SITELIBDIR%%/exaddos:%%PYTHON_SITELIBDIR%%/exaddos/lib + +INTERPRETER=%%PYTHON_CMD%% + +APPLICATIONS=`$INTERPRETER -c "import sys,os; print ' '.join(os.path.join(_,'exaddos','application.py') for _ in sys.path if os.path.isfile('/'.join((_,'exaddos','application.py'))))"` +APPLICATION=`echo $APPLICATIONS | awk '{ print $1; }'` + +if [ $# -eq 0 ]; then + $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf --help + echo "===> To start exaddos, you should use:" + echo "===> service exaddos start" +else + exec $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf $* +fi Added: head/net/exaddos/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/files/pkg-message.in Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,4 @@ +=========================================================================== +Please edit %%ETCDIR%%/exaddos.conf based on one of the examples and +add exaddos_enable="YES" to /etc/rc.conf +=========================================================================== Added: head/net/exaddos/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/pkg-descr Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,18 @@ +ExaDDOS is an application able to gather different data sources to present a +real time unified view of your network. + +It can gather: +* SNMP information at your edge +* IPFIX export from your routers + +And present it using a web interface. Our goal is to very quickly integrate +it with ExaBGP to allow a "one click" anti-DDOS solution. + +Features include: +* An RRD based solution for interface traffic graphing +* AS-STATS to find which peers are our top talkers +* NFSEN to collect, store and search flows +* An ExaDDOS like internal solution, to quickly identify which IPs are + causing an attack + +WWW: https://github.com/Exa-Networks/exaddos Added: head/net/exaddos/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/exaddos/pkg-plist Thu Feb 20 21:06:43 2014 (r345266) @@ -0,0 +1,57 @@ +@comment $FreeBSD$ +sbin/exaddos +%%PYTHON_SITELIBDIR%%/exaddos/__init__.py +%%PYTHON_SITELIBDIR%%/exaddos/__init__.pyc +%%PYTHON_SITELIBDIR%%/exaddos/application.py +%%PYTHON_SITELIBDIR%%/exaddos/application.pyc +%%PYTHON_SITELIBDIR%%/exaddos/configuration.py +%%PYTHON_SITELIBDIR%%/exaddos/configuration.pyc +%%PYTHON_SITELIBDIR%%/exaddos/container.py +%%PYTHON_SITELIBDIR%%/exaddos/container.pyc +%%PYTHON_SITELIBDIR%%/exaddos/debug.py +%%PYTHON_SITELIBDIR%%/exaddos/debug.pyc +%%PYTHON_SITELIBDIR%%/exaddos/flow.py +%%PYTHON_SITELIBDIR%%/exaddos/flow.pyc +%%PYTHON_SITELIBDIR%%/exaddos/http.py +%%PYTHON_SITELIBDIR%%/exaddos/http.pyc +%%PYTHON_SITELIBDIR%%/exaddos/ipfix.py +%%PYTHON_SITELIBDIR%%/exaddos/ipfix.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.pyc +%%PYTHON_SITELIBDIR%%/exaddos/log.py +%%PYTHON_SITELIBDIR%%/exaddos/log.pyc +%%PYTHON_SITELIBDIR%%/exaddos/q.py +%%PYTHON_SITELIBDIR%%/exaddos/q.pyc +%%PYTHON_SITELIBDIR%%/exaddos/reactor.py +%%PYTHON_SITELIBDIR%%/exaddos/reactor.pyc +%%PYTHON_SITELIBDIR%%/exaddos/snmp.py +%%PYTHON_SITELIBDIR%%/exaddos/snmp.pyc +%%PYTHON_SITELIBDIR%%/exaddos/thread.py +%%PYTHON_SITELIBDIR%%/exaddos/thread.pyc +%%PYTHON_SITELIBDIR%%/exaddos/warning.py +%%PYTHON_SITELIBDIR%%/exaddos/warning.pyc +www/exaddos/html/exa.jpg +www/exaddos/html/favicon.ico +www/exaddos/html/inc/jquery-1.10.2.js +www/exaddos/html/inc/jquery.tablesorter.js +www/exaddos/html/inc/jquery.tmpl.min.js +www/exaddos/html/index.html +www/exaddos/html/overview.html +www/exaddos/html/talkers.html +www/exaddos/html/talker.html +@dirrm www/exaddos/html/inc +@dirrm www/exaddos/html +@dirrm www/exaddos +@dirrm %%PYTHON_SITELIBDIR%%/exaddos/leak +@dirrm %%PYTHON_SITELIBDIR%%/exaddos +@dirrmtry %%PYTHON_SITELIBDIR%% +@dirrmtry %%PYTHON_LIBDIR%% +@unexec if cmp -s %D/etc/exaddos/exaddos.conf %D/etc/exaddos/exaddos.conf.sample ; then rm -f %D/etc/exaddos/exaddos.conf ; fi +etc/exaddos/exaddos.conf.sample +@exec if [ ! -f %D/etc/exaddos/exaddos.conf ]; then cp -p %D/%F %B/exaddos.conf; fi +@dirrmtry etc/exaddos +@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/exaddos`` to remove any configuration files left."; fi