svn commit: r345266 - in head/net: . exaddos exaddos/files
Ryan Steinmetz
zi at FreeBSD.org
Thu Feb 20 21:06:46 UTC 2014
Author: zi
Date: Thu Feb 20 21:06:43 2014
New Revision: 345266
URL: http://svnweb.freebsd.org/changeset/ports/345266
QAT: https://qat.redports.org/buildarchive/r345266/
Log:
New port: net/exaddos:
ExaDDOS is an application able to gather different data sources to present a
real time unified view of your network.
It can gather:
* SNMP information at your edge
* IPFIX export from your routers
And present it using a web interface. Our goal is to very quickly integrate
it with ExaBGP to allow a "one click" anti-DDOS solution.
Features include:
* An RRD based solution for interface traffic graphing
* AS-STATS to find which peers are our top talkers
* NFSEN to collect, store and search flows
* An ExaDDOS like internal solution, to quickly identify which IPs are
causing an attack
WWW: https://github.com/Exa-Networks/exaddos
Added:
head/net/exaddos/
head/net/exaddos/Makefile (contents, props changed)
head/net/exaddos/distinfo (contents, props changed)
head/net/exaddos/files/
head/net/exaddos/files/exaddos.conf.sample.in (contents, props changed)
head/net/exaddos/files/exaddos.in (contents, props changed)
head/net/exaddos/files/exaddos.sh.in (contents, props changed)
head/net/exaddos/files/pkg-message.in (contents, props changed)
head/net/exaddos/pkg-descr (contents, props changed)
head/net/exaddos/pkg-plist (contents, props changed)
Modified:
head/net/Makefile
Modified: head/net/Makefile
==============================================================================
--- head/net/Makefile Thu Feb 20 21:00:31 2014 (r345265)
+++ head/net/Makefile Thu Feb 20 21:06:43 2014 (r345266)
@@ -131,6 +131,7 @@
SUBDIR += etherboot
SUBDIR += etrace
SUBDIR += exabgp
+ SUBDIR += exaddos
SUBDIR += findmtu
SUBDIR += flowgrep
SUBDIR += fonulator
Added: head/net/exaddos/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/Makefile Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,46 @@
+# Created by: Ryan Steinmetz <zi at FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME= exaddos
+PORTVERSION= 0.4.0
+CATEGORIES= net
+MASTER_SITES= GH GHC \
+ http://mirrors.rit.edu/zi/
+EXTRACT_SUFX= .tgz
+
+MAINTAINER= zi at FreeBSD.org
+COMMENT= Monitor your network for DDoS
+
+LICENSE= BSD
+
+RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}snmp4-mibs>=0.1.4:${PORTSDIR}/net-mgmt/py-snmp4-mibs \
+ ${PYTHON_PKGNAMEPREFIX}snmp4>=4.2.3:${PORTSDIR}/net-mgmt/py-snmp4
+
+USE_GITHUB= yes
+GH_ACCOUNT= Exa-Networks
+GH_TAGNAME= ${PORTVERSION}
+GH_COMMIT= 4e93fc1
+USE_PYTHON= yes
+SUB_FILES= pkg-message exaddos.sh exaddos.conf.sample
+SUB_LIST= PYTHON_LIBDIR=${PYTHON_LIBDIR} PYTHON_CMD=${PYTHON_CMD} \
+ PYTHON_SITELIBDIR=${PYTHON_SITELIBDIR}
+USE_RC_SUBR= ${PORTNAME}
+
+USERS= ${PORTNAME}
+GROUPS= ${PORTNAME}
+
+do-build:
+ @${PYTHON_CMD} -m compileall ${WRKSRC}/lib
+
+do-install:
+ @${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/sbin/${PORTNAME}
+ @${MKDIR} ${STAGEDIR}${PYTHON_SITELIBDIR}/${PORTNAME} ${STAGEDIR}${ETCDIR}
+ @(cd ${WRKSRC}/lib && ${COPYTREE_SHARE} . ${STAGEDIR}${PYTHON_SITELIBDIR})
+ @(cd ${WRKSRC}/data/${PORTNAME} && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/www/${PORTNAME})
+ @${INSTALL_DATA} ${WRKDIR}/exaddos.conf.sample \
+ ${STAGEDIR}${ETCDIR}
+
+post-install:
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
Added: head/net/exaddos/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/distinfo Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,2 @@
+SHA256 (exaddos-0.4.0.tgz) = e13b4746f089fb13774ac96fcfd4c62e19df94f2491673a50dd0f4145ac1e399
+SIZE (exaddos-0.4.0.tgz) = 358330
Added: head/net/exaddos/files/exaddos.conf.sample.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/files/exaddos.conf.sample.in Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,75 @@
+[exaddos.daemon]
+daemonize = true
+user = 'exaddos'
+pidfile = '/var/run/exaddos/exaddos.pid'
+
+[exaddos.http]
+host = '127.0.0.1'
+port = 8080
+
+[exaddos.ipfix]
+host = '127.0.0.1'
+port = 29300
+
+
+[exaddos.location]
+database = '/var/db/exaddos/exaddos.sqlite3'
+html = '%%PREFIX%%/www/exaddos/html'
+
+[exaddos.profile]
+destination = 'stdout'
+enable = false
+
+# threshold: expressed in pps
+
+[exaddos.PEER1]
+router = '127.0.0.2'
+snmp_version = 2
+snmp_password = 'secret'
+snmp_frequency = 10
+snmp_index_port = 120
+snmp_index_vlan = 100
+threshold_bandwidth = 104857600
+threshold_unicast = 120000
+threshold_notunicast = 1500
+
+
+[exaddos.PEER2]
+router = '127.0.0.2'
+snmp_version = 2
+snmp_password = 'secret'
+snmp_frequency = 10
+snmp_index_port = 120
+snmp_index_vlan = 110
+threshold_bandwidth = 104857600
+threshold_unicast = 120000
+threshold_notunicast = 1500
+
+
+[exaddos.TRANSIT1]
+router = '127.0.0.3'
+location = 'datacenter'
+snmp_version = 2
+snmp_password = 'secret'
+snmp_frequency = 10
+snmp_index_port = 220
+snmp_index_vlan = 140
+threshold_bandwidth = 104857600
+threshold_unicast = 120000
+threshold_notunicast = 1500
+
+
+[exaddos.router]
+router = '192.0.2.123'
+snmp_version = 3
+snmp_user = 'exaddos'
+snmp_auth_method = 'SHA'
+snmp_auth_key = 'pass7faYDFagREF6DasdG'
+snmp_privacy_method = 'AES-128'
+snmp_privacy_key = 'privTasvRT3gfg4GFsGHV'
+snmp_frequency = 10
+snmp_index_port = 520
+snmp_index_vlan = 573
+threshold_bandwidth = 524288000
+threshold_unicast = 120000
+threshold_notunicast = 1500
Added: head/net/exaddos/files/exaddos.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/files/exaddos.in Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: exaddos
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following line(s) to /etc/rc.conf to enable exaddos:
+#
+# exaddos_enable="YES"
+
+. /etc/rc.subr
+
+name=exaddos
+rcvar=exaddos_enable
+
+load_rc_config $name
+
+exaddos_enable=${exaddos_enable:-"NO"}
+exaddos_conf=${exaddos_conf:-"%%ETCDIR%%/exaddos.conf"}
+
+pidfile=/var/run/${name}/${name}.pid
+
+required_files=${exaddos_conf}
+
+command="%%PYTHON_SITELIBDIR%%/${name}/application.py"
+procname="%%PYTHON_CMD%%"
+
+start_cmd="exaddos_start"
+reload_all_cmd="exaddos_reload_all"
+extra_commands="reload reload_all"
+sig_reload="USR1"
+
+exaddos_start()
+{
+ if [ -z "$rc_fast" -a -n "$rc_pid" ]; then
+ echo 1>&2 "${name} already running? (pid=$rc_pid)."
+ return 1
+ fi
+
+ echo "Starting ${name}."
+
+ install -d -o exaddos -g exaddos -m 755 /var/run/${name}
+ install -d -o exaddos -g exaddos -m 750 /var/db/${name}
+ rm -f ${pidfile}
+
+ ${procname} -m exaddos.debug ${command} -c ${exaddos_conf}
+}
+
+exaddos_reload_all()
+{
+ echo "Reloading exaddos configuration and processes."
+ kill -USR2 $rc_pid
+}
+
+
+run_rc_command "$1"
Added: head/net/exaddos/files/exaddos.sh.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/files/exaddos.sh.in Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+export PYTHONPATH=%%PYTHON_LIBDIR%%:%%PYTHON_SITELIBDIR%%/exaddos:%%PYTHON_SITELIBDIR%%/exaddos/lib
+
+INTERPRETER=%%PYTHON_CMD%%
+
+APPLICATIONS=`$INTERPRETER -c "import sys,os; print ' '.join(os.path.join(_,'exaddos','application.py') for _ in sys.path if os.path.isfile('/'.join((_,'exaddos','application.py'))))"`
+APPLICATION=`echo $APPLICATIONS | awk '{ print $1; }'`
+
+if [ $# -eq 0 ]; then
+ $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf --help
+ echo "===> To start exaddos, you should use:"
+ echo "===> service exaddos start"
+else
+ exec $INTERPRETER -m exaddos.debug $APPLICATION -c %%PREFIX%%/etc/exaddos.conf $*
+fi
Added: head/net/exaddos/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/files/pkg-message.in Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,4 @@
+===========================================================================
+Please edit %%ETCDIR%%/exaddos.conf based on one of the examples and
+add exaddos_enable="YES" to /etc/rc.conf
+===========================================================================
Added: head/net/exaddos/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/pkg-descr Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,18 @@
+ExaDDOS is an application able to gather different data sources to present a
+real time unified view of your network.
+
+It can gather:
+* SNMP information at your edge
+* IPFIX export from your routers
+
+And present it using a web interface. Our goal is to very quickly integrate
+it with ExaBGP to allow a "one click" anti-DDOS solution.
+
+Features include:
+* An RRD based solution for interface traffic graphing
+* AS-STATS to find which peers are our top talkers
+* NFSEN to collect, store and search flows
+* An ExaDDOS like internal solution, to quickly identify which IPs are
+ causing an attack
+
+WWW: https://github.com/Exa-Networks/exaddos
Added: head/net/exaddos/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/exaddos/pkg-plist Thu Feb 20 21:06:43 2014 (r345266)
@@ -0,0 +1,57 @@
+ at comment $FreeBSD$
+sbin/exaddos
+%%PYTHON_SITELIBDIR%%/exaddos/__init__.py
+%%PYTHON_SITELIBDIR%%/exaddos/__init__.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/application.py
+%%PYTHON_SITELIBDIR%%/exaddos/application.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/configuration.py
+%%PYTHON_SITELIBDIR%%/exaddos/configuration.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/container.py
+%%PYTHON_SITELIBDIR%%/exaddos/container.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/debug.py
+%%PYTHON_SITELIBDIR%%/exaddos/debug.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/flow.py
+%%PYTHON_SITELIBDIR%%/exaddos/flow.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/http.py
+%%PYTHON_SITELIBDIR%%/exaddos/http.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/ipfix.py
+%%PYTHON_SITELIBDIR%%/exaddos/ipfix.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.py
+%%PYTHON_SITELIBDIR%%/exaddos/leak/__init__.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.py
+%%PYTHON_SITELIBDIR%%/exaddos/leak/gcdump.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.py
+%%PYTHON_SITELIBDIR%%/exaddos/leak/objgraph.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/log.py
+%%PYTHON_SITELIBDIR%%/exaddos/log.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/q.py
+%%PYTHON_SITELIBDIR%%/exaddos/q.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/reactor.py
+%%PYTHON_SITELIBDIR%%/exaddos/reactor.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/snmp.py
+%%PYTHON_SITELIBDIR%%/exaddos/snmp.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/thread.py
+%%PYTHON_SITELIBDIR%%/exaddos/thread.pyc
+%%PYTHON_SITELIBDIR%%/exaddos/warning.py
+%%PYTHON_SITELIBDIR%%/exaddos/warning.pyc
+www/exaddos/html/exa.jpg
+www/exaddos/html/favicon.ico
+www/exaddos/html/inc/jquery-1.10.2.js
+www/exaddos/html/inc/jquery.tablesorter.js
+www/exaddos/html/inc/jquery.tmpl.min.js
+www/exaddos/html/index.html
+www/exaddos/html/overview.html
+www/exaddos/html/talkers.html
+www/exaddos/html/talker.html
+ at dirrm www/exaddos/html/inc
+ at dirrm www/exaddos/html
+ at dirrm www/exaddos
+ at dirrm %%PYTHON_SITELIBDIR%%/exaddos/leak
+ at dirrm %%PYTHON_SITELIBDIR%%/exaddos
+ at dirrmtry %%PYTHON_SITELIBDIR%%
+ at dirrmtry %%PYTHON_LIBDIR%%
+ at unexec if cmp -s %D/etc/exaddos/exaddos.conf %D/etc/exaddos/exaddos.conf.sample ; then rm -f %D/etc/exaddos/exaddos.conf ; fi
+etc/exaddos/exaddos.conf.sample
+ at exec if [ ! -f %D/etc/exaddos/exaddos.conf ]; then cp -p %D/%F %B/exaddos.conf; fi
+ at dirrmtry etc/exaddos
+ at unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/exaddos`` to remove any configuration files left."; fi
More information about the svn-ports-all
mailing list