diff options
| author | zi <zi@FreeBSD.org> | 2014-02-21 05:06:43 +0800 |
|---|---|---|
| committer | zi <zi@FreeBSD.org> | 2014-02-21 05:06:43 +0800 |
| commit | 9c3c4703fe554876ca0a0321086f45bf8eb1d947 (patch) | |
| tree | 95888d8b271b7c8f407010de392021f0559c0177 | |
| parent | e36f4a0d57856721372d6b89020a320f607b8e69 (diff) | |
| download | freebsd-ports-graphics-9c3c4703fe554876ca0a0321086f45bf8eb1d947.tar.gz freebsd-ports-graphics-9c3c4703fe554876ca0a0321086f45bf8eb1d947.tar.zst freebsd-ports-graphics-9c3c4703fe554876ca0a0321086f45bf8eb1d947.zip | |
New port: net/exaddos:
ExaDDOS is an application able to gather different data sources to present a
real time unified view of your network.
It can gather:
* SNMP information at your edge
* IPFIX export from your routers
And present it using a web interface. Our goal is to very quickly integrate
it with ExaBGP to allow a "one click" anti-DDOS solution.
Features include:
* An RRD based solution for interface traffic graphing
* AS-STATS to find which peers are our top talkers
* NFSEN to collect, store and search flows
* An ExaDDOS like internal solution, to quickly identify which IPs are
causing an attack
WWW: https://github.com/Exa-Networks/exaddos
| -rw-r--r-- | net/Makefile | 1 | ||||
| -rw-r--r-- | net/exaddos/Makefile | 46 | ||||
| -rw-r--r-- | net/exaddos/distinfo | 2 | ||||
| -rw-r--r-- | net/exaddos/files/exaddos.conf.sample.in | 75 | ||||
| -rw-r--r-- | net/exaddos/files/exaddos.in | 58 | ||||
| -rw-r--r-- | net/exaddos/files/exaddos.sh.in | 16 | ||||
| -rw-r--r-- | net/exaddos/files/pkg-message.in | 4 | ||||
| -rw-r--r-- | net/exaddos/pkg-descr | 18 | ||||
| -rw-r--r-- | net/exaddos/pkg-plist | 57 |
9 files changed, 277 insertions, 0 deletions
diff --git a/net/Makefile b/net/Makefile index 3e29c5a07a1..faf8c203fd2 100644 --- a/net/Makefile +++ b/net/Makefile @@ -131,6 +131,7 @@ SUBDIR += etherboot SUBDIR += etrace SUBDIR += exabgp + SUBDIR += exaddos SUBDIR += findmtu SUBDIR += flowgrep SUBDIR += fonulator diff --git a/net/exaddos/Makefile b/net/exaddos/Makefile new file mode 100644 index 00000000000..ba7a2aa55fb --- /dev/null +++ b/net/exaddos/Makefile @@ -0,0 +1,46 @@ +# Created by: Ryan Steinmetz <zi@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= exaddos +PORTVERSION= 0.4.0 +CATEGORIES= net +MASTER_SITES= GH GHC \ + http://mirrors.rit.edu/zi/ +EXTRACT_SUFX= .tgz + +MAINTAINER= zi@FreeBSD.org +COMMENT= Monitor your network for DDoS + +LICENSE= BSD + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}snmp4-mibs>=0.1.4:${PORTSDIR}/net-mgmt/py-snmp4-mibs \ + ${PYTHON_PKGNAMEPREFIX}snmp4>=4.2.3:${PORTSDIR}/net-mgmt/py-snmp4 + +USE_GITHUB= yes +GH_ACCOUNT= Exa-Networks +GH_TAGNAME= ${PORTVERSION} +GH_COMMIT= 4e93fc1 +USE_PYTHON= yes +SUB_FILES= pkg-message exaddos.sh exaddos.conf.sample +SUB_LIST= PYTHON_LIBDIR=${PYTHON_LIBDIR} PYTHON_CMD=${PYTHON_CMD} \ + PYTHON_SITELIBDIR=${PYTHON_SITELIBDIR} +USE_RC_SUBR= ${PORTNAME} + +USERS= ${PORTNAME} +GROUPS= ${PORTNAME} + +do-build: + @${PYTHON_CMD} -m compileall ${WRKSRC}/lib + +do-install: + @${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/sbin/${PORTNAME} + @${MKDIR} ${STAGEDIR}${PYTHON_SITELIBDIR}/${PORTNAME} ${STAGEDIR}${ETCDIR} + @(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${PYTHON_SITELIBDIR}) + @(cd ${WRKSRC}/data/${PORTNAME} && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/www/${PORTNAME}) + @${INSTALL_DATA} ${WRKDIR}/exaddos.conf.sample \ + ${STAGEDIR}${ETCDIR} + +post-install: + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/net/exaddos/distinfo b/net/exaddos/distinfo new file mode 100644 index 00000000000..c951fde21f2 --- /dev/null +++ b/net/exaddos/distinfo @@ -0,0 +1,2 @@ +SHA256 (exaddos-0.4.0.tgz) = e13b4746f089fb13774ac96fcfd4c62e19df94f2491673a50dd0f4145ac1e399 +SIZE (exaddos-0.4.0.tgz) = 358330 diff --git a/net/exaddos/files/exaddos.conf.sample.in b/net/exaddos/files/exaddos.conf.sample.in new file mode 100644 index 00000000000..9b17f16024f --- /dev/null +++ b/net/exaddos/files/exaddos.conf.sample.in @@ -0,0 +1,75 @@ +[exaddos.daemon] +daemonize = true +user = 'exaddos' +pidfile = '/var/run/exaddos/exaddos.pid' + +[exaddos.http] +host = '127.0.0.1' +port = 8080 + +[exaddos.ipfix] +host = '127.0.0.1' +port = 29300 + + +[exaddos.location] +database = '/var/db/exaddos/exaddos.sqlite3' +html = '%%PREFIX%%/www/exaddos/html' + +[exaddos.profile] +destination = 'stdout' +enable = false + +# threshold: expressed in pps + +[exaddos.PEER1] +router = '127.0.0.2' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 120 +snmp_index_vlan = 100 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.PEER2] +router = '127.0.0.2' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 120 +snmp_index_vlan = 110 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.TRANSIT1] +router = '127.0.0.3' +location = 'datacenter' +snmp_version = 2 +snmp_password = 'secret' +snmp_frequency = 10 +snmp_index_port = 220 +snmp_index_vlan = 140 +threshold_bandwidth = 104857600 +threshold_unicast = 120000 +threshold_notunicast = 1500 + + +[exaddos.router] +router = '192.0.2.123' +snmp_version = 3 +snmp_user = 'exaddos' +snmp_auth_method = 'SHA' +snmp_auth_key = 'pass7faYDFagREF6DasdG' +snmp_privacy_method = 'AES-128' +snmp_privacy_key = 'privTasvRT3gfg4GFsGHV' +snmp_frequency = 10 +snmp_index_port = 520 +snmp_index_vlan = 573 +threshold_bandwidth = 524288000 +threshold_unicast = 120000 +threshold_notunicast = 1500 diff --git a/net/exaddos/files/exaddos.in b/net/exaddos/files/exaddos.in new file mode 100644 index 00000000000..48bdc4f99ec --- /dev/null +++ b/net/exaddos/files/exaddos.in @@ -0,0 +1,58 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: exaddos +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following line(s) to /etc/rc.conf to enable exaddos: +# +# exaddos_enable="YES" + +. /etc/rc.subr + +name=exaddos +rcvar=exaddos_enable + +load_rc_config $name + +exaddos_enable=${exaddos_enable:-"NO"} +exaddos_conf=${exaddos_conf:-"%%ETCDIR%%/exaddos.conf"} + +pidfile=/var/run/${name}/${name}.pid + +required_files=${exaddos_conf} + +command="%%PYTHON_SITELIBDIR%%/${name}/application.py" +procname="%%PYTHON_CMD%%" + +start_cmd="exaddos_start" +reload_all_cmd="exaddos_reload_all" +extra_commands="reload reload_all" +sig_reload="USR1" + +exaddos_start() +{ + if [ -z "$rc_fast" -a -n "$rc_pid" ]; then + echo 1>&2 "${name} already running? (pid=$rc_pid)." + return 1 + fi + + echo "Starting ${name}." + + install -d -o exaddos -g exaddos -m 755 /var/run/${name} + install -d -o exaddos -g exaddos -m 750 /var/db/${name} + rm -f ${pidfile} + + ${procname} -m exaddos.debug ${command} -c ${exaddos_conf} +} + +exaddos_reload_all() +{ + echo "Reloading exaddos configuration and processes." + kill -USR2 $rc_pid +} + + +run_rc_command "$1" diff --git a/net/exaddos/files/exaddos.sh.in b/net/exaddos/files/exaddos.sh.in new file mode 100644 index 00000000000..990fe482c39 --- /dev/null +++ b/net/exaddos/files/exaddos.sh.in @@ -0,0 +1,16 @@ +#!/bin/sh + +export PYTHONPATH=%%PYTHON_LIBDIR%%:%%PYTHON_SITELIBDIR%%/exaddos:%%PYTHON_SITELIBDIR%%/exaddos/lib + +INTERPRETER=%%PYTHON_CMD%% + +APPLICATIONS=`$INTERPRETER -c "import sys,os; print ' '.join(os.path.join(_,'exaddos','application.py') for _ in sys.path if os.path.isfile('/'.join((_,'exaddos','application.py'))))"` +APPLICATION=`echo $APPLICATIONS | awk '{ print $1; }'` + +if [ $# -eq 0 ]; then + $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf --help + echo "===> To start exaddos, you should use:" + echo "===> service exaddos start" +else + exec $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf $* +fi diff --git a/net/exaddos/files/pkg-message.in b/net/exaddos/files/pkg-message.in new file mode 100644 index 00000000000..e23edfad693 --- /dev/null +++ b/net/exaddos/files/pkg-message.in @@ -0,0 +1,4 @@ +=========================================================================== +Please edit %%ETCDIR%%/exaddos.conf based on one of the examples and +add exaddos_enable="YES" to /etc/rc.conf +=========================================================================== diff --git a/net/exaddos/pkg-descr b/net/exaddos/pkg-descr new file mode 100644 index 00000000000..a7f84f23a82 --- /dev/null +++ b/net/exaddos/pkg-descr @@ -0,0 +1,18 @@ +ExaDDOS is an application able to gather different data sources to present a +real time unified view of your network. + +It can gather: +* SNMP information at your edge +* IPFIX export from your routers + +And present it using a web interface. Our goal is to very quickly integrate +it with ExaBGP to allow a "one click" anti-DDOS solution. + +Features include: +* An RRD based solution for interface traffic graphing +* AS-STATS to find which peers are our top talkers +* NFSEN to collect, store and search flows +* An ExaDDOS like internal solution, to quickly identify which IPs are + causing an attack + +WWW: https://github.com/Exa-Networks/exaddos diff --git a/net/exaddos/pkg-plist b/net/exaddos/pkg-plist new file mode 100644 index 00000000000..5b85ef5304f --- /dev/null +++ b/net/exaddos/pkg-plist @@ -0,0 +1,57 @@ +@comment $FreeBSD$ +sbin/exaddos +%%PYTHON_SITELIBDIR%%/exaddos/__init__.py +%%PYTHON_SITELIBDIR%%/exaddos/__init__.pyc +%%PYTHON_SITELIBDIR%%/exaddos/application.py +%%PYTHON_SITELIBDIR%%/exaddos/application.pyc +%%PYTHON_SITELIBDIR%%/exaddos/configuration.py +%%PYTHON_SITELIBDIR%%/exaddos/configuration.pyc +%%PYTHON_SITELIBDIR%%/exaddos/container.py +%%PYTHON_SITELIBDIR%%/exaddos/container.pyc +%%PYTHON_SITELIBDIR%%/exaddos/debug.py +%%PYTHON_SITELIBDIR%%/exaddos/debug.pyc +%%PYTHON_SITELIBDIR%%/exaddos/flow.py +%%PYTHON_SITELIBDIR%%/exaddos/flow.pyc +%%PYTHON_SITELIBDIR%%/exaddos/http.py +%%PYTHON_SITELIBDIR%%/exaddos/http.pyc +%%PYTHON_SITELIBDIR%%/exaddos/ipfix.py +%%PYTHON_SITELIBDIR%%/exaddos/ipfix.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.pyc +%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.py +%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.pyc +%%PYTHON_SITELIBDIR%%/exaddos/log.py +%%PYTHON_SITELIBDIR%%/exaddos/log.pyc +%%PYTHON_SITELIBDIR%%/exaddos/q.py +%%PYTHON_SITELIBDIR%%/exaddos/q.pyc +%%PYTHON_SITELIBDIR%%/exaddos/reactor.py +%%PYTHON_SITELIBDIR%%/exaddos/reactor.pyc +%%PYTHON_SITELIBDIR%%/exaddos/snmp.py +%%PYTHON_SITELIBDIR%%/exaddos/snmp.pyc +%%PYTHON_SITELIBDIR%%/exaddos/thread.py +%%PYTHON_SITELIBDIR%%/exaddos/thread.pyc +%%PYTHON_SITELIBDIR%%/exaddos/warning.py +%%PYTHON_SITELIBDIR%%/exaddos/warning.pyc +www/exaddos/html/exa.jpg +www/exaddos/html/favicon.ico +www/exaddos/html/inc/jquery-1.10.2.js +www/exaddos/html/inc/jquery.tablesorter.js +www/exaddos/html/inc/jquery.tmpl.min.js +www/exaddos/html/index.html +www/exaddos/html/overview.html +www/exaddos/html/talkers.html +www/exaddos/html/talker.html +@dirrm www/exaddos/html/inc +@dirrm www/exaddos/html +@dirrm www/exaddos +@dirrm %%PYTHON_SITELIBDIR%%/exaddos/leak +@dirrm %%PYTHON_SITELIBDIR%%/exaddos +@dirrmtry %%PYTHON_SITELIBDIR%% +@dirrmtry %%PYTHON_LIBDIR%% +@unexec if cmp -s %D/etc/exaddos/exaddos.conf %D/etc/exaddos/exaddos.conf.sample ; then rm -f %D/etc/exaddos/exaddos.conf ; fi +etc/exaddos/exaddos.conf.sample +@exec if [ ! -f %D/etc/exaddos/exaddos.conf ]; then cp -p %D/%F %B/exaddos.conf; fi +@dirrmtry etc/exaddos +@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/exaddos`` to remove any configuration files left."; fi |