Skip to content

Commit

Permalink
docker - introduce docker container for processing pcaps to csvs
Browse files Browse the repository at this point in the history
  • Loading branch information
jaroslavpesek committed Sep 10, 2024
1 parent 3717722 commit 735a6a6
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 0 deletions.
14 changes: 14 additions & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM rockylinux:9

RUN dnf install -y dnf-plugins-core && \
dnf copr -y enable @CESNET/NEMEA && \
dnf install -y epel-release && \
dnf install -y --best libunwind.x86_64 && \
dnf install -y ipfixprobe nemea && \
dnf clean all

RUN mkdir -p /output
WORKDIR /output
ENTRYPOINT ["/bin/bash", "-c"]

VOLUME ["/output"]
43 changes: 43 additions & 0 deletions docker/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# ipfixprobe Docker wrapper

This repository contains a Docker container that processes network traffic from a pcap file using `ipfixprobe`. It accepts a pcap file and a processing script, runs it inside the container, and outputs the results in CSV format.

## Requirements
* Docker
* bash

## Usage
This Docker container performs the following tasks:
1. Copies a pcap file and processing script into the container.
2. Runs the ipfixprobe tool to export flows.
3. Logs the results in CSV format.

### Build

To build the Docker image, navigate to the directory containing the Dockerfile and run:

```bash
docker build --platform=linux/amd64 -t docker_ipfixprobe .
```

### Run
To run, use

```bash
bash ./ipfixprobe_wrapper.sh <process_script.sh> <input_file.pcap> <output_file.csv>
```

To process a file `../pcaps/mixed.pcap` using a processing script `process_script.sh` and output the results to `output.csv`, use the following wrapper script:

```bash
bash ./ipfixprobe_wrapper.sh ./process_script.sh ../pcaps/mixed.pcap ./output.csv
```

* `process_script.sh` Script for processing the pcap file inside the container.
* `input_file.pcap` Path to the input pcap file
* `output_file.csv` Path to the output CSV file

### Volumes

The container uses `/output` as a volume to share files between your host system `/tmp` and the container.

28 changes: 28 additions & 0 deletions docker/ipfixprobe_wrapper.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash

# Run the ipfixprobe on the input pcap file with defined script, and save the output CSV file to the output path.
PROCESS_SCRIPT_PATH=$1
INPUT_FILE_PATH=$2
OUTPUT_CSV_PATH=$3

if [ -z "$PROCESS_SCRIPT_PATH" ] || [ -z "$INPUT_FILE_PATH" ] || [ -z "$OUTPUT_CSV_PATH"] ; then
echo "Usage: $0 <process_script> <input_file_path> [output_csv_path]"
exit 1
fi

echo "Processing file $INPUT_FILE_PATH with script $PROCESS_SCRIPT_PATH"

INPUT_FILE=$(basename "$INPUT_FILE_PATH")
PROCESS_SCRIPT=$(basename "$PROCESS_SCRIPT_PATH")

cp "$INPUT_FILE_PATH" "/tmp/$INPUT_FILE"
cp "$PROCESS_SCRIPT_PATH" "/tmp/$PROCESS_SCRIPT"
chmod +x "/tmp/$PROCESS_SCRIPT"

docker run --platform linux/amd64 -v /tmp:/output docker_ipfixprobe "/output/$PROCESS_SCRIPT \"$INPUT_FILE\""
[ -f "/tmp/$INPUT_FILE.csv" ] && cp "/tmp/$INPUT_FILE.csv" "$OUTPUT_CSV_PATH" || echo "No output CSV file found."

# Clean up
rm "/tmp/$INPUT_FILE"
rm "/tmp/$PROCESS_SCRIPT"
[ -f "/tmp/$INPUT_FILE.csv" ] && rm "/tmp/$INPUT_FILE.csv"
8 changes: 8 additions & 0 deletions docker/process_script.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

FILE=$1
echo "Processing file $FILE"
cd /output
ipfixprobe -i "pcap;file=$FILE" -p "pstats" -p "nettisa" -o "unirec;i=f:$FILE.trapcap:timeout=WAIT;p=(pstats,nettisa)"
/usr/bin/nemea/logger -t -i "f:$FILE.trapcap" -w "$FILE.csv"
rm $FILE.trapcap

0 comments on commit 735a6a6

Please sign in to comment.