From owner-freebsd-ports@FreeBSD.ORG Mon Mar 3 04:42:47 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC0FF4E0; Mon, 3 Mar 2014 04:42:46 +0000 (UTC) Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 550CC7A6; Mon, 3 Mar 2014 04:42:46 +0000 (UTC) Received: by mail-we0-f174.google.com with SMTP id t60so2516412wes.5 for ; Sun, 02 Mar 2014 20:42:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hjAjPoHvuh1HGn9+SgnQExuKXqse8V9HikVp3J4Q+Ng=; b=0gZguZoC/rRvz2q/HBeYleVGw9yTTBKIEQ3fcr6IdXBqjOOk29s3kjt4CDrxEcqsMg fIJ6EiXn1Wg2IohDl5NYQABnS5te/BjWwi00oyDzXLklkhDn9f6hX2YoxDDovPtogWF9 dPirqi3vHfVQehZTJTwYn8gmXdaZU/Ns+ZaMqgsMrwXaf6w+YPMKiZt31j939cw7HZi/ u8a7+9fLDQhanyuvDVQE4ENHn6F1fBqoU+FHxAL5EpdTBbu2iDkKx6suPPnOYf+pm5Rn yMkr7Wn2HdLIxnGA2KKvQoPjfeJ4DWgPjw23T6dthK/q/5fO8gEnaF8VC9PXTUTBaGvK EHAA== MIME-Version: 1.0 X-Received: by 10.194.86.233 with SMTP id s9mr13925433wjz.44.1393821764037; Sun, 02 Mar 2014 20:42:44 -0800 (PST) Received: by 10.194.120.34 with HTTP; Sun, 2 Mar 2014 20:42:43 -0800 (PST) In-Reply-To: References: Date: Mon, 3 Mar 2014 10:42:43 +0600 Message-ID: Subject: Re: [patch] net-mgmt/flowviewer and security/silktools patches From: Muhammad Moinur Rahman <5u623l20@gmail.com> To: Chad Gross Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: samm@os2.kiev.ua, lx@freebsd.org, FreeBSD Ports X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 04:42:47 -0000 Hi, Can you please send me the patches as attachment rather than inline. I will try to rebuild it from scratch and check it out again with Silktools. Regards, Muhammad On Wed, Feb 19, 2014 at 12:57 AM, Chad Gross wrote: > On Tue, Feb 18, 2014 at 10:33 AM, Chad Gross wrote: > > > I managed to configure net-mgmt/flowviewer with security/silktools, but > > had to make some modifications to get it working. FlowViewer is > configured > > by defaut to pass the $silk_data_dir + $device_name as the root data > > directory to the rwfilter tool, when the root directory should be the > same > > as $silk_data_dir. I've confirmed it is still the configured this way in > > the latest version (4.3, released 2/11/14) so I could be misconfiguring > > something, but I don't see how since I following the documentation ( > > http://sourceforge.net/projects/flowviewer/files/FlowViewer.pdf/download > ). > > I also manually ran the commands out of working/DEBUG_VIEWER and it > > produced nothing until I updated --data-rootdir=/data/flows/S0 to > > --data-rootdir=/data/flows. > > > > Here are patches for the 4 affected files: > > > > > > --- FlowGrapher_Main.cgi.orig 2014-02-18 08:49:42.000000000 -0500 > > > > +++ FlowGrapher_Main.cgi 2014-02-18 09:09:58.000000000 -0500 > > > > @@ -535,7 +535,7 @@ > > > > $silk_flow_type =~ s/\s+//g; > > > > } > > > > > > > > - $data_root_dir = $silk_data_directory ."/". $device_name; > > > > + $data_root_dir = $silk_data_directory; > > > > > > > > # Prepare rwfilter start and end time parameters, filter criteria > > and window type > > > > > > --- FlowTracker_Recreate.orig 2014-02-16 15:50:35.000000000 -0500 > > > > +++ FlowTracker_Recreate 2014-02-18 09:09:58.000000000 -0500 > > > > @@ -245,7 +245,7 @@ > > > > $cat_start = > > epoch_to_date($cat_start_epoch,"LOCAL"); > > > > $cat_end = > epoch_to_date($cat_end_epoch,"LOCAL"); > > > > > > > > - $data_root_dir = $silk_data_directory ."/". > > $device_name; > > > > + $data_root_dir = $silk_data_directory; > > > > > > > > $silk_flow_type = ""; > > > > > > > > --- FlowTracker_Collector.orig 2014-02-18 08:48:54.000000000 -0500 > > > > +++ FlowTracker_Collector 2014-02-18 09:09:58.000000000 -0500 > > > > @@ -303,7 +303,7 @@ > > > > > > > > # Set up silk data sources > > > > > > > > - $data_root_dir = $silk_data_directory ."/". > > $device_name; > > > > + $data_root_dir = $silk_data_directory; > > > > > > > > $silk_flow_type = ""; > > > > > > > > --- FlowViewer_Main.cgi.orig 2014-02-18 08:52:30.000000000 -0500 > > > > +++ FlowViewer_Main.cgi 2014-02-18 09:09:58.000000000 -0500 > > > > @@ -431,7 +431,7 @@ > > > > $silk_flow_type =~ s/\s+//g; > > > > } > > > > > > > > - $data_root_dir = $silk_data_directory ."/". $device_name; > > > > + $data_root_dir = $silk_data_directory; > > > > > > > > # Prepare rwfilter start and end time parameters > > > > > > > > > > I also found that security/silktools uses UTC by default, but has a > > configuration option to enable localtime ( > > https://tools.netsa.cert.org/silk/faq.html#timestamp-mismatch). > > > > Here is a patch to the Makefile containing a config option for localtime: > > > > > > --- /usr/ports/silktools/Makefile.orig 2014-02-18 09:29:28.000000000 > -0500 > > > > +++ /usr/ports/silktools/Makefile 2014-02-18 09:41:48.000000000 > -0500 > > > > @@ -23,6 +23,11 @@ > > > > USES= perl5 > > > > USE_PERL5= build > > > > > > +HAS_CONFIGURE= yes > > > > +OPTIONS_DEFINE= LOCALTIME > > > > +LOCALTIME_DESC= Use localtime instead of UTC > > > > + > > > > + > > > > MAN1= mapsid.1 num2dot.1 rwaddrcount.1 rwappend.1 \ > > > > rwbag.1 rwbagbuild.1 rwbagcat.1 rwbagtool.1 \ > > > > rwcat.1 rwcount.1 rwcut.1 rwdedupe.1 rwfglob.1 \ > > > > @@ -51,6 +56,13 @@ > > > > rwsender.8 > > > > > > NO_STAGE= yes > > > > + > > > > +.include > > > > + > > > > +.if ${PORT_OPTIONS:MLOCALTIME} > > > > +CONFIGURE_ARGS+=--enable-localtime > > > > +.endif > > > > + > > > > post-patch: > > > > @${REINPLACE_CMD} -e 's|echo aout|echo elf|' ${WRKSRC}/configure > > > > > > > > Thanks, > > > > > > Chad > > > > > > Here is another patch for net-mgmt/flowview so sensor filtering works. I am > not sure why, but this file is originally trying to use the exporter as the > sensor for SiLK devices. This is interesting since the PDF above indicated > that the @exporter array was only used for flow-tools, not SiLK but alas > here it is using it. If anything I think it would make more sense to use > the "device" as the sensor, especially since @ipfix_devices is already > defined as a sensor per the documentation. To make matters worse it is > grepping for the probes and not the sensors in order to populate the > --sensors= flag. > > > > --- FlowViewer_Utilities.pm.orig 2014-02-18 12:52:42.000000000 -0500 > > +++ FlowViewer_Utilities.pm 2014-02-18 13:50:09.000000000 -0500 > > @@ -2339,50 +2339,50 @@ > > > > # Set up exporter address filtering, if any > > > > - if ($exporter ne "") { > > + if ($device_name ne "") { > > > > - $exporter =~ s/\s+//g; > > - $num_include_probe = 0; > > - @valid_probes = (); > > + $device_name =~ s/\s+//g; > > + $num_include_sensor = 0; > > + @valid_sensors = (); > > > > - # Get valid probes (exporters) from the sensor.conf file > > + # Get valid sensors (device_names) from the sensor.conf file > > > > - $probe_command = "cat $sensor_config_directory/sensor.conf | grep probe > > $work_directory/valid_probes_$suffix"; > > - system ($probe_command); > > + $sensor_command = "cat $sensor_config_directory/sensor.conf | grep sensor > > $work_directory/valid_sensors_$suffix"; > > + system ($sensor_command); > > > > - open (PROBES,"<$work_directory/valid_probes_$suffix"); > > + open (PROBES,"<$work_directory/valid_sensors_$suffix"); > > while () { > > - ($probe_label,$probe) = split(/\s+/,$_); > > - if ($probe_label eq "probe") { push (@valid_probes,$probe); } > > + ($sensor_label,$sensor) = split(/\s+/,$_); > > + if ($sensor_label eq "sensor") { push (@valid_sensors,$sensor); } > > } > > > > while ($still_more) { > > > > - ($exporter_name) = split(/,/,$exporter); > > - $start_char = length($exporter_name) + 1; > > - $exporter = substr($exporter,$start_char); > > + ($device_name_name) = split(/,/,$device_name); > > + $start_char = length($device_name_name) + 1; > > + $device_name = substr($device_name,$start_char); > > > > - if (substr($exporter_name,0,1) eq "-") { > > - &print_error("SiLK software does not support exclusion of Exporters > (Sensors) at this time: -$exporter_name"); last; > > + if (substr($device_name_name,0,1) eq "-") { > > + &print_error("SiLK software does not support exclusion of Exporters > (Sensors) at this time: -$device_name_name"); last; > > } else { > > - foreach $probe (@valid_probes) { > > - if ($exporter_name eq $probe) { > > - $num_include_probe++; > > - if ($num_include_probe < 2) { > > - $sensor_field .= $exporter_name; > > + foreach $sensor (@valid_sensors) { > > + if ($device_name_name eq $sensor) { > > + $num_include_sensor++; > > + if ($num_include_sensor < 2) { > > + $sensor_field .= $device_name_name; > > } else { > > - $sensor_field .= "," . $exporter_name; > > + $sensor_field .= "," . $device_name_name; > > } > > } > > } > > } > > > > - if ($exporter eq "") { last; } > > + if ($device_name eq "") { last; } > > } > > > > $sensor_field = " --sensors=" . $sensor_field; > > > > - $save_file .= "_" . $exporter_name; > > + $save_file .= "_" . $device_name; > > } > > > > # Set up Next Hop IP filtering, if any > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >