-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docker - introduce docker container for processing pcaps to csvs
- Loading branch information
1 parent
3717722
commit 735a6a6
Showing
4 changed files
with
93 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
FROM rockylinux:9 | ||
|
||
RUN dnf install -y dnf-plugins-core && \ | ||
dnf copr -y enable @CESNET/NEMEA && \ | ||
dnf install -y epel-release && \ | ||
dnf install -y --best libunwind.x86_64 && \ | ||
dnf install -y ipfixprobe nemea && \ | ||
dnf clean all | ||
|
||
RUN mkdir -p /output | ||
WORKDIR /output | ||
ENTRYPOINT ["/bin/bash", "-c"] | ||
|
||
VOLUME ["/output"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# ipfixprobe Docker wrapper | ||
|
||
This repository contains a Docker container that processes network traffic from a pcap file using `ipfixprobe`. It accepts a pcap file and a processing script, runs it inside the container, and outputs the results in CSV format. | ||
|
||
## Requirements | ||
* Docker | ||
* bash | ||
|
||
## Usage | ||
This Docker container performs the following tasks: | ||
1. Copies a pcap file and processing script into the container. | ||
2. Runs the ipfixprobe tool to export flows. | ||
3. Logs the results in CSV format. | ||
|
||
### Build | ||
|
||
To build the Docker image, navigate to the directory containing the Dockerfile and run: | ||
|
||
```bash | ||
docker build --platform=linux/amd64 -t docker_ipfixprobe . | ||
``` | ||
|
||
### Run | ||
To run, use | ||
|
||
```bash | ||
bash ./ipfixprobe_wrapper.sh <process_script.sh> <input_file.pcap> <output_file.csv> | ||
``` | ||
|
||
To process a file `../pcaps/mixed.pcap` using a processing script `process_script.sh` and output the results to `output.csv`, use the following wrapper script: | ||
|
||
```bash | ||
bash ./ipfixprobe_wrapper.sh ./process_script.sh ../pcaps/mixed.pcap ./output.csv | ||
``` | ||
|
||
* `process_script.sh` Script for processing the pcap file inside the container. | ||
* `input_file.pcap` Path to the input pcap file | ||
* `output_file.csv` Path to the output CSV file | ||
|
||
### Volumes | ||
|
||
The container uses `/output` as a volume to share files between your host system `/tmp` and the container. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
# Run the ipfixprobe on the input pcap file with defined script, and save the output CSV file to the output path. | ||
PROCESS_SCRIPT_PATH=$1 | ||
INPUT_FILE_PATH=$2 | ||
OUTPUT_CSV_PATH=$3 | ||
|
||
if [ -z "$PROCESS_SCRIPT_PATH" ] || [ -z "$INPUT_FILE_PATH" ] || [ -z "$OUTPUT_CSV_PATH"] ; then | ||
echo "Usage: $0 <process_script> <input_file_path> [output_csv_path]" | ||
exit 1 | ||
fi | ||
|
||
echo "Processing file $INPUT_FILE_PATH with script $PROCESS_SCRIPT_PATH" | ||
|
||
INPUT_FILE=$(basename "$INPUT_FILE_PATH") | ||
PROCESS_SCRIPT=$(basename "$PROCESS_SCRIPT_PATH") | ||
|
||
cp "$INPUT_FILE_PATH" "/tmp/$INPUT_FILE" | ||
cp "$PROCESS_SCRIPT_PATH" "/tmp/$PROCESS_SCRIPT" | ||
chmod +x "/tmp/$PROCESS_SCRIPT" | ||
|
||
docker run --platform linux/amd64 -v /tmp:/output docker_ipfixprobe "/output/$PROCESS_SCRIPT \"$INPUT_FILE\"" | ||
[ -f "/tmp/$INPUT_FILE.csv" ] && cp "/tmp/$INPUT_FILE.csv" "$OUTPUT_CSV_PATH" || echo "No output CSV file found." | ||
|
||
# Clean up | ||
rm "/tmp/$INPUT_FILE" | ||
rm "/tmp/$PROCESS_SCRIPT" | ||
[ -f "/tmp/$INPUT_FILE.csv" ] && rm "/tmp/$INPUT_FILE.csv" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
|
||
FILE=$1 | ||
echo "Processing file $FILE" | ||
cd /output | ||
ipfixprobe -i "pcap;file=$FILE" -p "pstats" -p "nettisa" -o "unirec;i=f:$FILE.trapcap:timeout=WAIT;p=(pstats,nettisa)" | ||
/usr/bin/nemea/logger -t -i "f:$FILE.trapcap" -w "$FILE.csv" | ||
rm $FILE.trapcap |