From 735a6a6804a9775afe765e6e76b52ce6cb0a7f97 Mon Sep 17 00:00:00 2001 From: Jaroslav Pesek Date: Wed, 11 Sep 2024 00:41:24 +0900 Subject: [PATCH] docker - introduce docker container for processing pcaps to csvs --- docker/Dockerfile | 14 ++++++++++++ docker/README.md | 43 ++++++++++++++++++++++++++++++++++++ docker/ipfixprobe_wrapper.sh | 28 +++++++++++++++++++++++ docker/process_script.sh | 8 +++++++ 4 files changed, 93 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/README.md create mode 100644 docker/ipfixprobe_wrapper.sh create mode 100644 docker/process_script.sh diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..f500cbbb --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,14 @@ +FROM rockylinux:9 + +RUN dnf install -y dnf-plugins-core && \ + dnf copr -y enable @CESNET/NEMEA && \ + dnf install -y epel-release && \ + dnf install -y --best libunwind.x86_64 && \ + dnf install -y ipfixprobe nemea && \ + dnf clean all + +RUN mkdir -p /output +WORKDIR /output +ENTRYPOINT ["/bin/bash", "-c"] + +VOLUME ["/output"] \ No newline at end of file diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 00000000..c4e44a02 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,43 @@ +# ipfixprobe Docker wrapper + +This repository contains a Docker container that processes network traffic from a pcap file using `ipfixprobe`. It accepts a pcap file and a processing script, runs it inside the container, and outputs the results in CSV format. + +## Requirements + * Docker + * bash + +## Usage +This Docker container performs the following tasks: + 1. Copies a pcap file and processing script into the container. + 2. Runs the ipfixprobe tool to export flows. + 3. Logs the results in CSV format. + +### Build + +To build the Docker image, navigate to the directory containing the Dockerfile and run: + +```bash +docker build --platform=linux/amd64 -t docker_ipfixprobe . +``` + +### Run +To run, use + +```bash +bash ./ipfixprobe_wrapper.sh +``` + +To process a file `../pcaps/mixed.pcap` using a processing script `process_script.sh` and output the results to `output.csv`, use the following wrapper script: + +```bash +bash ./ipfixprobe_wrapper.sh ./process_script.sh ../pcaps/mixed.pcap ./output.csv +``` + +* `process_script.sh` Script for processing the pcap file inside the container. +* `input_file.pcap` Path to the input pcap file +* `output_file.csv` Path to the output CSV file + +### Volumes + +The container uses `/output` as a volume to share files between your host system `/tmp` and the container. + \ No newline at end of file diff --git a/docker/ipfixprobe_wrapper.sh b/docker/ipfixprobe_wrapper.sh new file mode 100644 index 00000000..98161a7f --- /dev/null +++ b/docker/ipfixprobe_wrapper.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Run the ipfixprobe on the input pcap file with defined script, and save the output CSV file to the output path. +PROCESS_SCRIPT_PATH=$1 +INPUT_FILE_PATH=$2 +OUTPUT_CSV_PATH=$3 + +if [ -z "$PROCESS_SCRIPT_PATH" ] || [ -z "$INPUT_FILE_PATH" ] || [ -z "$OUTPUT_CSV_PATH"] ; then + echo "Usage: $0 [output_csv_path]" + exit 1 +fi + +echo "Processing file $INPUT_FILE_PATH with script $PROCESS_SCRIPT_PATH" + +INPUT_FILE=$(basename "$INPUT_FILE_PATH") +PROCESS_SCRIPT=$(basename "$PROCESS_SCRIPT_PATH") + +cp "$INPUT_FILE_PATH" "/tmp/$INPUT_FILE" +cp "$PROCESS_SCRIPT_PATH" "/tmp/$PROCESS_SCRIPT" +chmod +x "/tmp/$PROCESS_SCRIPT" + +docker run --platform linux/amd64 -v /tmp:/output docker_ipfixprobe "/output/$PROCESS_SCRIPT \"$INPUT_FILE\"" +[ -f "/tmp/$INPUT_FILE.csv" ] && cp "/tmp/$INPUT_FILE.csv" "$OUTPUT_CSV_PATH" || echo "No output CSV file found." + +# Clean up +rm "/tmp/$INPUT_FILE" +rm "/tmp/$PROCESS_SCRIPT" +[ -f "/tmp/$INPUT_FILE.csv" ] && rm "/tmp/$INPUT_FILE.csv" \ No newline at end of file diff --git a/docker/process_script.sh b/docker/process_script.sh new file mode 100644 index 00000000..45fa4407 --- /dev/null +++ b/docker/process_script.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +FILE=$1 +echo "Processing file $FILE" +cd /output +ipfixprobe -i "pcap;file=$FILE" -p "pstats" -p "nettisa" -o "unirec;i=f:$FILE.trapcap:timeout=WAIT;p=(pstats,nettisa)" +/usr/bin/nemea/logger -t -i "f:$FILE.trapcap" -w "$FILE.csv" +rm $FILE.trapcap